PHANTOM
🇮🇳 IN
Skip to content

Fix segmentation fault in Randomizer::getBytes() if a user engine throws#9055

Merged
TimWolla merged 1 commit intophp:masterfrom
TimWolla:random-randomizer-getBytes-user-throws
Jul 20, 2022
Merged

Fix segmentation fault in Randomizer::getBytes() if a user engine throws#9055
TimWolla merged 1 commit intophp:masterfrom
TimWolla:random-randomizer-getBytes-user-throws

Conversation

@TimWolla
Copy link
Member

@TimWolla TimWolla commented Jul 19, 2022

I'm a bit surprised that the exception check also fixes the SEGV in the exit() case. Does exit() use an exception internally or is my fix not actually correct and just happens to work for whatever reason?

/cc @zeriyoshi

@TimWolla
Fix segmentation fault in Randomizer::getBytes() if a user engine throws
521df19 
This fixes:

    ==374077== Use of uninitialised value of size 8
    ==374077==    at 0x532B06: generate (engine_user.c:39)
    ==374077==    by 0x533F71: zim_Random_Randomizer_getBytes (randomizer.c:152)
    ==374077==    by 0x7F581D: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1885)
    ==374077==    by 0x8725BE: execute_ex (zend_vm_execute.h:55930)
    ==374077==    by 0x877DB4: zend_execute (zend_vm_execute.h:60253)
    ==374077==    by 0x7B0FD4: zend_execute_scripts (zend.c:1770)
    ==374077==    by 0x6F1647: php_execute_script (main.c:2535)
    ==374077==    by 0x937DA4: do_cli (php_cli.c:964)
    ==374077==    by 0x938C3A: main (php_cli.c:1333)
    ==374077==
    ==374077== Invalid read of size 8
    ==374077==    at 0x532B06: generate (engine_user.c:39)
    ==374077==    by 0x533F71: zim_Random_Randomizer_getBytes (randomizer.c:152)
    ==374077==    by 0x7F581D: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1885)
    ==374077==    by 0x8725BE: execute_ex (zend_vm_execute.h:55930)
    ==374077==    by 0x877DB4: zend_execute (zend_vm_execute.h:60253)
    ==374077==    by 0x7B0FD4: zend_execute_scripts (zend.c:1770)
    ==374077==    by 0x6F1647: php_execute_script (main.c:2535)
    ==374077==    by 0x937DA4: do_cli (php_cli.c:964)
    ==374077==    by 0x938C3A: main (php_cli.c:1333)
    ==374077==  Address 0x11 is not stack'd, malloc'd or (recently) free'd
@zeriyoshi
Copy link
Contributor

zeriyoshi commented Jul 20, 2022

@TimWolla
I was missing some considerations. Thanks!

P.S.: The CI is probably a random failure, my macOS tests succeeded.

@zeriyoshi
Copy link
Contributor

zeriyoshi commented Jul 20, 2022
edited
Loading

I'm a bit surprised that the exception check also fixes the SEGV in the exit() case. Does exit() use an exception internally or is my fix not actually correct and just happens to work for whatever reason?

Hmmm. I am not sure about this either. I will find time to check the stack trace during SEGV.

@kocsismate
Copy link
Member

kocsismate commented Jul 20, 2022

Does exit() use an exception internally or is my fix not actually correct and just happens to work for whatever reason?

Yes, it uses an exception: #5768 Discussion: https://externals.io/message/107497

cmb69
cmb69 approved these changes Jul 20, 2022
View reviewed changes
Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Not sure if we need the exit test, but it doesn't hurt either.

@TimWolla TimWolla merged commit 998ede7 into php:master Jul 20, 2022
@TimWolla TimWolla deleted the random-randomizer-getBytes-user-throws branch July 20, 2022 15:32
TimWolla added a commit that referenced this pull request Jul 21, 2022
@TimWolla
[ci skip] Add "segmentation fault if user engine throws" to NEWS
dfbe964 
see GH-9055
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmb69 cmb69 cmb69 approved these changes

Assignees

No one assigned

Labels

Extension: random

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TimWolla @zeriyoshi @kocsismate @cmb69