环境:
php 7.2.0
yaf 3.0.5
问题:
Program terminated with signal 11, Segmentation fault.
复现步骤:
1、创建一个Test的controller.
2、添加一个func方法,两个参数,分别叫$a和$b(默认值都设置为null).
3、添加两行测试代码
var_dump($a);
var_dump($b);
4、下面的代码copy到index.php,然后运行
$app = new Yaf_Application(APP_PATH . "/config/application.ini");
$app->bootstrap();$req = new Yaf_Request_Simple();
$req->setControllerName('Test');
$req->setActionName('func');
$req->setParam(array('b' => 'the second param'));
$app->getDispatcher()->dispatch($req);
5、有时候会得到如下输出, 而有时候会出现coredump
UNKNOWN:0
NULL
问题分析:
首先问题出在yaf_dispatcher_get_call_parameters这个函数,因为当params_ht非空的时候,下面的arg永远不可能为NULL,也就不会跳出循环。由于第一个参数$a不在params_ht里,导致params[0]个zval没有进行初始化(type info是个随机数),第二个参数$b存在,然后count++,最后yaf_dispatcher_get_call_parameters执行完,count=1,而params[0]却没有初始化。这就导致了后面调用zend_call_function进行参数copy的时候出现了内存越界(这一句:GC_REFCOUNT(_gc)++)。
解决方案:
去掉if(NULL==arg)的判断,直接break.
bt:
#0 0x0000000000833dab in zend_call_function (fci=fci@entry=0x7fe4380036c0, fci_cache=, fci_cache@entry=0x0) at /data3/soft/php-7.2.0/Zend/zend_execute_API.c:797
#1 0x0000000000834705 in _call_user_function_ex (object=object@entry=0x7fe438003790, function_name=function_name@entry=0x7fe4380037b0, retval_ptr=retval_ptr@entry=0x7fe438003770, param_count=, params=,
no_separation=no_separation@entry=1) at /data3/soft/php-7.2.0/Zend/zend_execute_API.c:652
#2 0x00007fe44b9b5c78 in yaf_dispatcher_handle (dispatcher=dispatcher@entry=0x7fe452a1c1a0, request=request@entry=0x7fe452a78208, response=response@entry=0x7fe4380038c0, view=view@entry=0x7fe452a781f8)
at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:603
#3 0x00007fe44b9b6f10 in yaf_dispatcher_dispatch (dispatcher=dispatcher@entry=0x7fe452a1c1a0, response_ptr=response_ptr@entry=0x7fe4380038c0) at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:886
#4 0x00007fe44b9b7834 in zim_yaf_dispatcher_dispatch (execute_data=, return_value=0x7fe438003940) at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:1136
#5 0x00000000008e7cd5 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:907
#6 execute_ex (ex=0x8010100) at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:59752
#7 0x00000000008e8d43 in zend_execute (op_array=0x7fe452a78000, op_array@entry=0x7fe439a80270, return_value=return_value@entry=0x7fe452a1c030) at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:63763
#8 0x0000000000843b04 in zend_execute_scripts (type=type@entry=8, retval=0x7fe452a1c030, retval@entry=0x0, file_count=file_count@entry=3) at /data3/soft/php-7.2.0/Zend/zend.c:1496
#9 0x00000000007e3920 in php_execute_script (primary_file=primary_file@entry=0x7fe438005c80) at /data3/soft/php-7.2.0/main/main.c:2592