Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0.12.8] Segfault on Phalcon #1941

Closed
ruudboon opened this issue Oct 3, 2019 · 14 comments
Closed

[0.12.8] Segfault on Phalcon #1941

ruudboon opened this issue Oct 3, 2019 · 14 comments
Labels
bug

Comments

@ruudboon
Copy link
Contributor

ruudboon commented Oct 3, 2019
edited

When running:

use Phalcon\Events\Event;
use Phalcon\Firewall\Adapter\Acl;
use Phalcon\Mvc\Dispatcher;

$di = new Phalcon\Di();
$dispatcher = new Dispatcher();
$dispatcher->setDI($di);

$firewall = new Acl('acl');
$firewall->beforeExecuteRoute(new Event("test", "test", "test", "test"), $dispatcher, "");

I get a segfault with this backtrace

#0  0x00007f511d570402 in zephir_fast_join_str (return_value=0x7ffd4c832330, glue=0x7f511eb671b4 "!", glue_length=1, pieces=0x7ffd4c832390) at /tmp/cphalcon-4.0.x/ext/kernel/string.c:541
541     /tmp/cphalcon-4.0.x/ext/kernel/string.c: No such file or directory.
(gdb) bt
#0  0x00007f511d570402 in zephir_fast_join_str (return_value=0x7ffd4c832330, glue=0x7f511eb671b4 "!", glue_length=1, pieces=0x7ffd4c832390) at /tmp/cphalcon-4.0.x/ext/kernel/string.c:541
#1  0x00007f511d853ea1 in zim_Phalcon_Firewall_Adapter_Acl_getAccessFromCache (execute_data=0x7f512b424ef0, return_value=0x7ffd4c832f10)
    at /tmp/cphalcon-4.0.x/ext/phalcon/firewall/adapter/acl.zep.c:428
#2  0x000055a7b1ce8878 in execute_internal ()
#3  0x00007f512b3af153 in xdebug_execute_internal (current_execute_data=0x7f512b424ef0, return_value=0x7ffd4c832f10) at /tmp/pear/temp/xdebug/xdebug.c:2050
#4  0x000055a7b1c5e7e9 in zend_call_function ()
#5  0x00007f511d573b20 in zephir_call_user_function (object_pp=0x7f512b424eb0, obj_ce=0x55a7b3d2ffe0, type=zephir_fcall_method, function_name=0x7ffd4c832a90, retval_ptr=0x7ffd4c832f10, 
    cache_entry=0x0, cache_slot=0, param_count=3, params=0x7ffd4c832ba0) at /tmp/cphalcon-4.0.x/ext/kernel/fcall.c:385
#6  0x00007f511d5741d6 in zephir_call_class_method_aparams (return_value=0x7ffd4c832f10, ce=0x55a7b3d2ffe0, type=zephir_fcall_method, object=0x7f512b424eb0, 
    method_name=0x7f511eb671e4 "getaccessfromcache", method_len=18, cache_entry=0x0, cache_slot=0, param_count=3, params=0x7ffd4c832ba0) at /tmp/cphalcon-4.0.x/ext/kernel/fcall.c:523
#7  0x00007f511d856d0c in zim_Phalcon_Firewall_Adapter_Acl_handleDispatcher (execute_data=0x7f512b424e90, return_value=0x7ffd4c833e40)
    at /tmp/cphalcon-4.0.x/ext/phalcon/firewall/adapter/acl.zep.c:653
#8  0x000055a7b1ce8878 in execute_internal ()
#9  0x00007f512b3af153 in xdebug_execute_internal (current_execute_data=0x7f512b424e90, return_value=0x7ffd4c833e40) at /tmp/pear/temp/xdebug/xdebug.c:2050
#10 0x000055a7b1c5e7e9 in zend_call_function ()
#11 0x00007f511d573b20 in zephir_call_user_function (object_pp=0x7f512b424e30, obj_ce=0x55a7b3d2ffe0, type=zephir_fcall_method, function_name=0x7ffd4c8336e0, retval_ptr=0x7ffd4c833e40,
@sergeyklay sergeyklay added the bug label Oct 4, 2019
@ruudboon
Copy link
Contributor Author

ruudboon commented Oct 4, 2019
edited

Looks like latest release fixed the Segfault issue. https://travis-ci.org/ruudboon/cphalcon/jobs/593519488
I want to keep this open to confirm on other build. But please don't put time in this now.

@sergeyklay
Copy link
Contributor

@dreamsxin Do you have any idea?

@sergeyklay
Copy link
Contributor

sergeyklay commented Oct 4, 2019
edited

@ruudboon Can you provide a single file to reproduce the bug by any chance?

P.S.

xdebug_execute_internal

Also could you disable xdebug and test again?

@ruudboon
Copy link
Contributor Author

ruudboon commented Oct 4, 2019
edited

@sergeyklay you mean a single Zephir file? Single php file is in the updated issue.

@sergeyklay
Copy link
Contributor

sergeyklay commented Oct 4, 2019
edited

Yes, a single *.zep file to reproduce the bug.

@ruudboon ruudboon changed the title [0.12.5] Segfault on Phalcon [0.12.8] Segfault on Phalcon Oct 4, 2019
@ruudboon
Copy link
Contributor Author

ruudboon commented Oct 4, 2019
edited

Also could you disable xdebug and test again?

Occurs without xdebug as well.

@sergeyklay
Copy link
Contributor

sergeyklay commented Oct 4, 2019
edited

  • 2nd parameter of the Event class should be an object
  • 4th parameter of the Event class should be a boolean
  • Dispatcher class need activeHandler to be set
  • Acl needs a valid roleCallback to be set

Could you please provide at least working test so that I'll try to reproduce the issue myself

@dreamsxin
Copy link
Contributor

I will test

@dreamsxin dreamsxin mentioned this issue Oct 5, 2019
Merged
3 tasks
@ruudboon
Copy link
Contributor Author

ruudboon commented Oct 5, 2019 

use Phalcon\Events\Manager;
use Phalcon\Firewall\Adapter\Acl;
use Phalcon\Mvc\Dispatcher;

class OneController extends \Phalcon\Mvc\Controller
{
    /**
     * @Allow("ROLE1")
     */
    public function indexAction()
    {
        return 'allowed';
    }
}

$di = new Phalcon\Di();
$dispatcher = new Dispatcher();
$dispatcher->setDI($di);

$firewall = new Acl('acl');

$eventsManager = new Manager();

$eventsManager->attach(
    'dispatch:beforeExecuteRoute',
    $firewall
);

$dispatcher->setEventsManager($eventsManager);

$dispatcher->setControllerName('one');
$dispatcher->dispatch();

@sergeyklay
Copy link
Contributor

sergeyklay commented Oct 5, 2019
edited

@dreamsxin Try this

use Phalcon\Acl\Adapter\Memory;
use Phalcon\Acl\RoleAware;
use Phalcon\Di;
use Phalcon\Di\DiInterface;
use Phalcon\Events\Event;
use Phalcon\Firewall\Adapter\Acl;
use Phalcon\Mvc\Controller;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Firewall\Exception;

class PeopleController extends Controller {}

class RoleObject implements RoleAware {
    public function getRoleName(): string {
        return 'myrole';
    }
}

$container = new Di();
$container->set('myrole', new RoleObject);

$acl = new Memory();
$acl->addComponent('app', ['allow-all']);
$acl->addRole('myrole');
$acl->allow('myrole', 'app', 'allow-all');

$container->set('acl', $acl);

$dispatcher = new Dispatcher();
$dispatcher->setDI($container);

$reflection = new \ReflectionClass($dispatcher);
$activeHandler = $reflection->getProperty('activeHandler');
$activeHandler->setAccessible(true);
$activeHandler->setValue($dispatcher, new PeopleController);

$source = new stdClass();
$data = [1, 2, 3];
$event = new Event("test", $source, $data, false);

$firewall = new Acl('acl');
$firewall->setRoleCallback(
    function (DiInterface $container) {
        return $container->get('myrole');
    }
);

try {
    $firewall->beforeExecuteRoute($event, $dispatcher, "");
} catch (Exception $e) {
    // Expected
    fprintf(STDERR, $e->getMessage() . PHP_EOL);
    exit(0);
}

exit(1);
#0  0x00007fffe5f460b0 in zephir_fast_join_str (return_value=0x7fffffff9d20, glue=0x7fffe75afadc "!", glue_length=1, pieces=0x7fffffff9d80)
at /mnt/work/phalcon/cphalcon/ext/kernel/string.c:533
#1  0x00007fffe625ca0d in zim_Phalcon_Firewall_Adapter_Acl_getAccessFromCache (execute_data=0x7ffff3c21410, return_value=0x7fffffffa880)
at /mnt/work/phalcon/cphalcon/ext/phalcon/firewall/adapter/acl.zep.c:428
#2  0x0000555555e8e697 in zend_call_function (fci=0x7fffffffa270, fci_cache=0x7fffffffa240)
at /home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c:834
#3  0x00007fffe5f498cd in zephir_call_user_function (object_pp=0x7ffff3c213d0, obj_ce=0x555556d75110, type=zephir_fcall_method,
function_name=0x7fffffffa400, retval_ptr=0x7fffffffa880, cache_entry=0x0, cache_slot=0, param_count=3, params=0x7fffffffa510)
at /mnt/work/phalcon/cphalcon/ext/kernel/fcall.c:376
#4  0x00007fffe5f49fca in zephir_call_class_method_aparams (return_value=0x7fffffffa880, ce=0x555556d75110, type=zephir_fcall_method,
object=0x7ffff3c213d0, method_name=0x7fffe75afb0c "getaccessfromcache", method_len=18, cache_entry=0x0, cache_slot=0, param_count=3,
params=0x7fffffffa510) at /mnt/work/phalcon/cphalcon/ext/kernel/fcall.c:514
#5  0x00007fffe625f968 in zim_Phalcon_Firewall_Adapter_Acl_handleDispatcher (execute_data=0x7ffff3c213b0, return_value=0x7fffffffb1a0)
at /mnt/work/phalcon/cphalcon/ext/phalcon/firewall/adapter/acl.zep.c:653
#6  0x0000555555e8e697 in zend_call_function (fci=0x7fffffffae80, fci_cache=0x7fffffffae50)
at /home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c:834
#7  0x00007fffe5f498cd in zephir_call_user_function (object_pp=0x7ffff3c21350, obj_ce=0x555556d75110, type=zephir_fcall_method,
function_name=0x7fffffffb010, retval_ptr=0x7fffffffb1a0, cache_entry=0x0, cache_slot=0, param_count=1, params=0x7fffffffb108)
at /mnt/work/phalcon/cphalcon/ext/kernel/fcall.c:376
#8  0x00007fffe5f49fca in zephir_call_class_method_aparams (return_value=0x7fffffffb1a0, ce=0x555556d75110, type=zephir_fcall_method,
object=0x7ffff3c21350, method_name=0x7fffe75afa99 "handledispatcher", method_len=16, cache_entry=0x0, cache_slot=0, param_count=1,
params=0x7fffffffb108) at /mnt/work/phalcon/cphalcon/ext/kernel/fcall.c:514
#9  0x00007fffe6259aaf in zephir_return_call_class_method (return_value=0x7fffffffb1a0, ce=0x555556d75110, type=zephir_fcall_method,
object=0x7ffff3c21350, method_name=0x7fffe75afa99 "handledispatcher", method_len=16, cache_entry=0x0, cache_slot=0, param_count=1,
params=0x7fffffffb108) at ./kernel/fcall.h:368
#10 0x00007fffe625b817 in zim_Phalcon_Firewall_Adapter_Acl_beforeExecuteRoute (execute_data=0x7ffff3c21330, return_value=0x7fffffffb1a0)
at /mnt/work/phalcon/cphalcon/ext/phalcon/firewall/adapter/acl.zep.c:294
#11 0x0000555555f1691e in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at /home/klay/src/php/source/7.2.20/Zend/zend_vm_execute.h:907
#12 0x0000555555f9e171 in execute_ex (ex=0x7ffff3c21030) at /home/klay/src/php/source/7.2.20/Zend/zend_vm_execute.h:59765
#13 0x0000555555fa361f in zend_execute (op_array=0x7ffff3c7b400, return_value=0x0) at /home/klay/src/php/source/7.2.20/Zend/zend_vm_execute.h:63776
#14 0x0000555555eab03a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/klay/src/php/source/7.2.20/Zend/zend.c:1498
#15 0x0000555555deaca8 in php_execute_script (primary_file=0x7fffffffd840) at /home/klay/src/php/source/7.2.20/main/main.c:2594
#16 0x0000555555fa6236 in do_cli (argc=4, argv=0x5555569aff10) at /home/klay/src/php/source/7.2.20/sapi/cli/php_cli.c:1011
#17 0x0000555555fa74d6 in main (argc=4, argv=0x5555569aff10) at /home/klay/src/php/source/7.2.20/sapi/cli/php_cli.c:1403

@sergeyklay
Copy link
Contributor

Return this change back solves this issue:

diff --git a/kernels/ZendEngine3/operators.h b/kernels/ZendEngine3/operators.h
index 78daf75e..3ec3ca14 100644
--- a/kernels/ZendEngine3/operators.h
+++ b/kernels/ZendEngine3/operators.h
@@ -223,8 +223,8 @@ long zephir_safe_mod_double_zval(double op1, zval *op2);
                if (Z_TYPE_P(passValue) == IS_ARRAY) { \
                        ZEPHIR_CPY_WRT(returnValue, passValue); \
                } else { \
-                       convert_to_array(passValue); \
-                       ZEPHIR_CPY_WRT(returnValue, passValue); \
+                       ZEPHIR_INIT_NVAR(returnValue); \
+                       array_init_size(returnValue, 0); \
                } \
        }

See: a6c9d0c

/cc @chrysanthemum

@sergeyklay
Copy link
Contributor

This may be considered as a fix

diff --git a/kernels/ZendEngine3/operators.h b/kernels/ZendEngine3/operators.h
index 78daf75e..401ab5fa 100644
--- a/kernels/ZendEngine3/operators.h
+++ b/kernels/ZendEngine3/operators.h
@@ -222,7 +222,10 @@ long zephir_safe_mod_double_zval(double op1, zval *op2);
        { \
                if (Z_TYPE_P(passValue) == IS_ARRAY) { \
                        ZEPHIR_CPY_WRT(returnValue, passValue); \
-               } else { \
+               } else if (Z_ISNULL_P(passValue) || Z_ISUNDEF_P(passValue)) { \
+                       ZEPHIR_INIT_NVAR(returnValue); \
+                       array_init_size(returnValue, 0); \
+               } else { \
                        convert_to_array(passValue); \
                        ZEPHIR_CPY_WRT(returnValue, passValue); \
                } \

but there is another issue using the PHP script I provided above ^

#0  0x0000555555e88fd1 in zval_delref_p (pz=0x555556ce91b8) at /home/klay/src/php/source/7.2.20/Zend/zend_types.h:897
#1  0x0000555555e8cf09 in _zval_internal_ptr_dtor (zval_ptr=0x555556ce91b8, __zend_filename=0x55555674d1d0 "/home/klay/src/php/source/7.2.20/Zend/zend_variables.c", __zend_lineno=126) at /home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c:540
#2  0x0000555555ea595c in _zval_internal_dtor_for_ptr (zvalue=0x555556d61510, __zend_filename=0x55555674a368 "/home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c", __zend_lineno=542) at /home/klay/src/php/source/7.2.20/Zend/zend_variables.c:126
#3  0x0000555555e8cf31 in _zval_internal_ptr_dtor (zval_ptr=0x555556d61510, __zend_filename=0x55555674bad8 "/home/klay/src/php/source/7.2.20/Zend/zend_opcode.c", __zend_lineno=328) at /home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c:542
#4  0x0000555555e937fc in destroy_zend_class (zv=0x555556ee70f0) at /home/klay/src/php/source/7.2.20/Zend/zend_opcode.c:328
#5  0x0000555555ec1d46 in zend_hash_destroy (ht=0x5555569b3d20) at /home/klay/src/php/source/7.2.20/Zend/zend_hash.c:1236
#6  0x0000555555ea7d28 in compiler_globals_dtor (compiler_globals=0x5555569b3ab0) at /home/klay/src/php/source/7.2.20/Zend/zend.c:593
#7  0x0000555555de1cad in tsrm_shutdown () at /home/klay/src/php/source/7.2.20/TSRM/TSRM.c:199
#8  0x0000555555fa7570 in main (argc=4, argv=0x5555569aff10) at /home/klay/src/php/source/7.2.20/sapi/cli/php_cli.c:1424

@sergeyklay
Copy link
Contributor

sergeyklay commented Oct 5, 2019
edited

The code to reproduce the issue after these changes #1941 (comment):

// file "manual.php"

$container = new Phalcon\Di();
$container->set('abcde', new stdClass);
$ php -d extension=ext/modules/phalcon.so manual.php
[Sat Oct  5 17:23:07 2019]  Script:  '/mnt/work/phalcon/cphalcon/manual.php'
/home/klay/src/php/source/7.2.20/Zend/zend_objects.c(161) :  Freeing 0x00007f2724470100 (88 bytes), script=/mnt/work/phalcon/cphalcon/manual.php
=== Total 1 memory leaks detected ===
[1]    22006 segmentation fault  php -d extension=ext/modules/phalcon.so manual.php
#0  0x0000555555e88fd1 in zval_delref_p (pz=0x555556ce91b8) at /home/klay/src/php/source/7.2.20/Zend/zend_types.h:897
        __PRETTY_FUNCTION__ = "zval_delref_p"
#1  0x0000555555e8cf09 in _zval_internal_ptr_dtor (zval_ptr=0x555556ce91b8, __zend_filename=0x55555674d1d0 "/home/klay/src/php/source/7.2.20/Zend/zend_variables.c", __zend_lineno=126) at /home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c:540
No locals.
#2  0x0000555555ea595c in _zval_internal_dtor_for_ptr (zvalue=0x555556d61510, __zend_filename=0x55555674a368 "/home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c", __zend_lineno=542) at /home/klay/src/php/source/7.2.20/Zend/zend_variables.c:126
        ref = 0x555556ce91b0
#3  0x0000555555e8cf31 in _zval_internal_ptr_dtor (zval_ptr=0x555556d61510, __zend_filename=0x55555674bad8 "/home/klay/src/php/source/7.2.20/Zend/zend_opcode.c", __zend_lineno=328) at /home/klay/src/php/source/7.2.20/Zend/zend_execute_API.c:542
No locals.
#4  0x0000555555e937fc in destroy_zend_class (zv=0x555556ee70f0) at /home/klay/src/php/source/7.2.20/Zend/zend_opcode.c:328
        p = 0x555556d61510
        end = 0x555556d61520
        prop_info = 0x555556ecd460
        ce = 0x555556d61090
#5  0x0000555555ec1d46 in zend_hash_destroy (ht=0x5555569b3d20) at /home/klay/src/php/source/7.2.20/Zend/zend_hash.c:1236
        p = 0x555556ee70f0
        end = 0x555556ee9070
        __PRETTY_FUNCTION__ = "zend_hash_destroy"
#6  0x0000555555ea7d28 in compiler_globals_dtor (compiler_globals=0x5555569b3ab0) at /home/klay/src/php/source/7.2.20/Zend/zend.c:593
No locals.
#7  0x0000555555de1cad in tsrm_shutdown () at /home/klay/src/php/source/7.2.20/TSRM/TSRM.c:199
        j = 7
        p = 0x5555569b0010
        next_p = 0x0
        i = 0
#8  0x0000555555fa7570 in main (argc=4, argv=0x5555569aff10) at /home/klay/src/php/source/7.2.20/sapi/cli/php_cli.c:1424
        c = -1
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x5555569aff80 "extension=ext/modules/phalcon.so"
        php_optind = 3
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x5555569b1140 ""
        ini_entries_len = 143
        ini_ignore = 0
        sapi_module = 0x55555695ca00 <cli_sapi_module>

sergeyklay referenced this issue Oct 5, 2019
@dreamsxin
Fix #1904
11dc1d4
sergeyklay added a commit that referenced this issue Oct 5, 2019
@sergeyklay
Merge pull request #1952 from dreamsxin/1941
3cedc6c 
Fix #1941
@sergeyklay sergeyklay reopened this Oct 5, 2019
@sergeyklay sergeyklay mentioned this issue Oct 5, 2019
Merged
3 tasks
@sergeyklay
Copy link
Contributor

Fixed in the development branch. Feel free to open a new issue if the problem appears again. Thank you for the bug report.

N.B. There is another issue, leads to segfault (introduced in 11dc1d4) I'll fix in next commits.

sergeyklay added a commit that referenced this issue Oct 5, 2019
@sergeyklay
Disable regression changes
b049491 
Refs:
- #1941 (comment)
- 11dc1d4

/cc @dreamsxin
This was referenced Oct 5, 2019
Merged
Closed
dreamsxin added a commit to dreamsxin/zephir that referenced this issue Nov 6, 2019
@dreamsxin
Fix zephir-lang#1941
b9015ab
dreamsxin pushed a commit to dreamsxin/zephir that referenced this issue Nov 6, 2019
@sergeyklay @dreamsxin
Disable regression changes
a43acd7 
Refs:
- zephir-lang#1941 (comment)
- zephir-lang@11dc1d4

/cc @dreamsxin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dreamsxin @sergeyklay @ruudboon