[xdebug-general] Details on issue #1229?

Hi there,

I'm testing XDebug 2.4.0RC3 in combination with PHP 7.0.0 on Solaris 10
Sparc.

I'm seeing crashes with slightly unclear reproducibility. I wonder
whether they are related to your issue #1229 (crashes because of -O2 for
GCC 4.8). I'm using GCC 4.9.3 in combination with -O2.

The issue says same code gets removed under -O2. What part of the code
is it? I'd like to check, whether that's also happening for gcc 4.9.3.
Could you please provide any details?

Concerning my crashes, here's a backtrace of one of the crashes:

#0 0xff145dd8 in kill () from /lib/libc.so.1
No symbol table info available.
#1 <signal handler called>
No symbol table info available.
#2 0xfe9d555c in xdebug_var_export (struc=0xffbfe528,
struc[@]entry=0xffbfe5ec, str=str[@]entry=0xffbfe59c, level=level[@]entry=1,
debug_zval=debug_zval[@]entry=0,
     options=options[@]entry=0x2398c0) at
/tmp/pear/temp/xdebug/xdebug_var.c:1005
         tmpz = 0x0
         myht = <optimized out>
         tmp_str = <optimized out>
         is_temp = 0
         num = <optimized out>
         key = <optimized out>
         val = <optimized out>

The tmpz 0x0 looks fishy to me, also I don't see how it could crash in
this line (but it could in the next effective line). See below.

#3 0xfe9d5fac in xdebug_get_zval_value (val=val[@]entry=0xfd012550,
debug_zval=debug_zval[@]entry=0, options=0x2398c0, options[@]entry=0x0)
     at /tmp/pear/temp/xdebug/xdebug_var.c:1168
         str = {l = 0, a = 0, d = 0x0}
         default_options = 1
#4 0xfe9d2764 in add_single_value (str=0xffbfe68c, zv=0xfd012550,
collection_level=4) at /tmp/pear/temp/xdebug/xdebug_trace_textual.c:101
         tmp_value = <optimized out>
#5 0xfe9d2a58 in xdebug_trace_textual_function_entry (ctxt=0x203318,
fse=0x397c40, function_nr=<optimized out>) at
/tmp/pear/temp/xdebug/xdebug_trace_textual.c:182
         variadic_opened = <optimized out>
         variadic_count = 0
         context = 0x203318
         c = <optimized out>
         j = <optimized out>
         tmp_name = <optimized out>
         str = {l = 65, a = 1035, d = 0x397cc8 " 0.5717 418720
       -> openssl_random_pseudo_bytes(32, "}
#6 0xfe9bbdc4 in xdebug_execute_internal
(current_execute_data=0xfd012510, return_value=0xfd0124c0) at
/tmp/pear/temp/xdebug/xdebug.c:1994
         edata = <optimized out>
         fse = 0x397c40
         do_return = 1
         function_nr = 140
         restore_error_handler_situation = 0
         tmp_error_cb = 0
#7 0xfdc17730 in ZEND_DO_FCALL_SPEC_HANDLER (execute_data=0xfd012370)
at /.../php70/Zend/zend_vm_execute.h:844
         should_change_scope = 0
         opline = 0xfd09855c
         call = 0xfd012510
         fbc = 0x131bd8
         object = <optimized out>
         ret = <optimized out>
#8 0xfdc27f88 in ZEND_USER_OPCODE_SPEC_HANDLER
(execute_data=0xfd012370) at /.../php70/Zend/zend_vm_execute.h:1589
         opline = <optimized out>
         ret = <optimized out>
#9 0xfdbc42fc in execute_ex (ex=<optimized out>) at
/.../php70/Zend/zend_vm_execute.h:417
         ret = -50257040
         execute_data = 0xfd012370

If tmpz is 0x0 and struc is set to &tmpz, then in the next statement

   switch (Z_TYPE_P(*struc)) {

we use Z_TYPE_P() with argument 0x0, but Z_TYPE_P(zval_p) is defined as
Z_TYPE(*(zval_p)), so that would crash.

Unfortunately when I added some debug statements to "xdebug_var.c", I no
longer saw that 0x0 in tmpz.

Note that this is a 32 Bit build.

Thanks and regards,

Rainer
Received on Mon Dec 14 2015 - 17:45:27 GMT