Skip to content

Commit ac94792

Browse files
devnexendevnexen
committed
Merge branch 'PHP-8.3'
2 parents 9907389 + 8690d52 commit ac94792

File tree

2 files changed

+48
-6
lines changed

2 files changed

+48
-6
lines changed

sapi/phpdbg/phpdbg_watch.c

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -316,7 +316,7 @@ void *phpdbg_watchpoint_userfaultfd_thread(void *phpdbg_globals) {
316316

317317
struct uffd_msg fault_msg = {0};
318318
while (read(globals->watch_userfaultfd, &fault_msg, sizeof(fault_msg)) == sizeof(fault_msg)) {
319-
void *page = phpdbg_get_page_boundary((char *)(uintptr_t) fault_msg.arg.pagefault.address);
319+
void *page = phpdbg_get_page_boundary((char *)(uintptr_t) fault_msg.arg.pagefault.address);
320320
zend_hash_index_add_empty_element(globals->watchlist_mem, (zend_ulong) page);
321321
struct uffdio_writeprotect unprotect = {
322322
.mode = 0,
@@ -665,7 +665,7 @@ void phpdbg_watch_parent_ht(phpdbg_watch_element *element) {
665665
}
666666

667667
void phpdbg_unwatch_parent_ht(phpdbg_watch_element *element) {
668-
if (element->watch->type == WATCH_ON_BUCKET) {
668+
if (element->watch && element->watch->type == WATCH_ON_BUCKET) {
669669
phpdbg_btree_result *res = phpdbg_btree_find(&PHPDBG_G(watch_HashTables), (zend_ulong) element->parent_container);
670670
ZEND_ASSERT(element->parent_container);
671671
if (res) {
@@ -966,11 +966,14 @@ void phpdbg_remove_watchpoint(phpdbg_watchpoint_t *watch) {
966966
}
967967

968968
void phpdbg_clean_watch_element(phpdbg_watch_element *element) {
969-
HashTable *elements = &element->watch->elements;
970969
phpdbg_unwatch_parent_ht(element);
971-
zend_hash_del(elements, element->str);
972-
if (zend_hash_num_elements(elements) == 0) {
973-
phpdbg_remove_watchpoint(element->watch);
970+
971+
if (element->watch) {
972+
HashTable *elements = &element->watch->elements;
973+
zend_hash_del(elements, element->str);
974+
if (zend_hash_num_elements(elements) == 0) {
975+
phpdbg_remove_watchpoint(element->watch);
976+
}
974977
}
975978
}
976979

sapi/phpdbg/tests/gh13681.phpt

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
--TEST--
2+
phpdbg_watch null pointer access
3+
--CREDITS--
4+
Yuancheng Jiang
5+
--SKIPIF--
6+
<?php
7+
if (getenv('SKIP_ASAN')) {
8+
die("skip intentionally causes segfaults");
9+
}
10+
?>
11+
--FILE--
12+
<?php
13+
echo "*** Testing array_multisort() : Testing with anonymous arguments ***\n";
14+
var_dump(array_multisort(array(1,3,2,4)));
15+
$xconnect=$GLOBALS[array_rand($GLOBALS)];
16+
echo "Done\n";
17+
$a = [];
18+
$a[0] = 1;
19+
$a[0] = 2;
20+
$a = [0 => 3, 1 => 4];
21+
?>
22+
--PHPDBG--
23+
b 6
24+
r
25+
w a $a
26+
c
27+
q
28+
--EXPECTF--
29+
[Successful compilation of %s]
30+
prompt> [Breakpoint #0 added at %s:%d]
31+
prompt> *** Testing array_multisort() : Testing with anonymous arguments ***
32+
bool(true)
33+
Done
34+
[Breakpoint #0 at %s:%d, hits: 1]
35+
>00006: $a = [];
36+
00007: $a[0] = 1;
37+
00008: $a[0] = 2;
38+
prompt> prompt> [Script ended normally]
39+
prompt>

0 commit comments

Comments
 (0)