From 97b03186c4e6964ad8683dc8b225e4dcc4de3199 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Tue, 26 Nov 2024 21:19:03 +0100 Subject: [PATCH] Fix GH-15208: Segfault with breakpoint map and phpdbg_clear() It crashes because it's gonna try accessing the breakpoint which was cleared by user code in `phpdbg_clear();`. Not all breakpoint data was properly cleaned. Closes GH-16953. --- NEWS | 4 ++++ sapi/phpdbg/phpdbg.c | 1 + sapi/phpdbg/tests/gh15208.phpt | 15 +++++++++++++++ 3 files changed, 20 insertions(+) create mode 100644 sapi/phpdbg/tests/gh15208.phpt diff --git a/NEWS b/NEWS index c09900ebd6b8d..d4dea493bca0a 100644 --- a/NEWS +++ b/NEWS @@ -47,6 +47,10 @@ PHP NEWS . Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). (nielsdos, Hans Krentel) +- PHPDBG: + . Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). + (nielsdos) + - SimpleXML: . Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). (nielsdos) diff --git a/sapi/phpdbg/phpdbg.c b/sapi/phpdbg/phpdbg.c index d9cc8f5e891e0..4e685d0894a8b 100644 --- a/sapi/phpdbg/phpdbg.c +++ b/sapi/phpdbg/phpdbg.c @@ -369,6 +369,7 @@ PHP_FUNCTION(phpdbg_clear) zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE]); zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE]); zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD]); + zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP]); zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_COND]); } /* }}} */ diff --git a/sapi/phpdbg/tests/gh15208.phpt b/sapi/phpdbg/tests/gh15208.phpt new file mode 100644 index 0000000000000..4fa63a61c5262 --- /dev/null +++ b/sapi/phpdbg/tests/gh15208.phpt @@ -0,0 +1,15 @@ +--TEST-- +GH-15208 (Segfault with breakpoint map and phpdbg_clear()) +--PHPDBG-- +r +q +--FILE-- + +--EXPECTF-- +[Successful compilation of %s] +prompt> [Breakpoint #0 added at foo::bar] +[Script ended normally] +prompt>