Add observer temporary to dl'ed functions

When observer is enabled, we normally add an extra temporary to all functions, to store the previously observed frame. However, this is done in zend_observer_post_startup() so it doesn't happen to dl'ed() functions. One possible fix would be to move that from zend_observer_post_startup() to zend_register_functions(), but this would be too early: Observer may not be enabled when zend_register_functions() is called, and may still be enabled later. However, when zend_register_functions() is called at run-time (during dl()), we know definitively whether observer is enabled. Here I update zend_register_functions() to add a temporary to dl'ed() functions when observer is enabled. Fixes: GH-17211 Closes: GH-17220
php · Dec 20, 2024 · 6f57993 · 6f57993
1 parent fa64a1d
commit 6f57993
Show file tree

Hide file tree

Showing 6 changed files with 95 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.2.28
 
+- Core:
+  . Fixed bug GH-17211 (observer segfault on function loaded with dl()).
+    (Arnaud)
 
 19 Dec 2024, PHP 8.2.27
 

diff --git a/Zend/zend_API.c b/Zend/zend_API.c
@@ -2718,7 +2718,14 @@ ZEND_API zend_result zend_register_functions(zend_class_entry *scope, const zend
 	}
 	internal_function->type = ZEND_INTERNAL_FUNCTION;
 	internal_function->module = EG(current_module);
-	internal_function->T = 0;
+	if (EG(active) && ZEND_OBSERVER_ENABLED) {
+		/* Add an observer temporary to store previous observed frames. This is
+		 * normally handled by zend_observer_post_startup(), except for
+		 * functions registered at runtime (EG(active)). */
+		internal_function->T = 1;
+	} else {
+		internal_function->T = 0;
+	}
 	memset(internal_function->reserved, 0, ZEND_MAX_RESERVED_RESOURCES * sizeof(void*));
 
 	while (ptr->fname) {

diff --git a/ext/dl_test/dl_test.c b/ext/dl_test/dl_test.c
@@ -76,9 +76,27 @@ PHP_INI_BEGIN()
 PHP_INI_END()
 /* }}} */
 
+PHP_METHOD(DlTest, test)
+{
+	char *var = "World";
+	size_t var_len = sizeof("World") - 1;
+	zend_string *retval;
+
+	ZEND_PARSE_PARAMETERS_START(0, 1)
+		Z_PARAM_OPTIONAL
+		Z_PARAM_STRING(var, var_len)
+	ZEND_PARSE_PARAMETERS_END();
+
+	retval = strpprintf(0, "Hello %s", var);
+
+	RETURN_STR(retval);
+}
+
 /* {{{ PHP_MINIT_FUNCTION */
 PHP_MINIT_FUNCTION(dl_test)
 {
+	register_class_DlTest();
+
 	/* Test backwards compatibility */
 	if (getenv("PHP_DL_TEST_USE_OLD_REGISTER_INI_ENTRIES")) {
 		zend_register_ini_entries(ini_entries, module_number);

diff --git a/ext/dl_test/dl_test.stub.php b/ext/dl_test/dl_test.stub.php
@@ -8,3 +8,7 @@
 function dl_test_test1(): void {}
 
 function dl_test_test2(string $str = ""): string {}
+
+class DlTest {
+    public function test(string $str = ""): string {}
+}
diff --git a/ext/dl_test/dl_test_arginfo.h b/ext/dl_test/dl_test_arginfo.h
diff --git a/ext/standard/tests/general_functions/gh17211.phpt b/ext/standard/tests/general_functions/gh17211.phpt
@@ -0,0 +1,42 @@
+--TEST--
+dl() / observer segfault
+--EXTENSIONS--
+zend_test
+--SKIPIF--
+<?php include dirname(__DIR__, 3) . "/dl_test/tests/skip.inc"; ?>
+--INI--
+zend_test.observer.enabled=1
+zend_test.observer.observe_functions=1
+zend_test.observer.show_output=1
+--FILE--
+<?php
+
+if (PHP_OS_FAMILY === 'Windows') {
+    $loaded = dl('php_dl_test.dll');
+} else {
+    $loaded = dl('dl_test.so');
+}
+
+var_dump(dl_test_test2("World!"));
+
+$test = new DlTest();
+var_dump($test->test("World!"));
+?>
+--EXPECTF--
+<!-- init '%sgh17211.php' -->
+<!-- init dl() -->
+<dl>
+</dl>
+<!-- init dl_test_test2() -->
+<dl_test_test2>
+</dl_test_test2>
+<!-- init var_dump() -->
+<var_dump>
+string(12) "Hello World!"
+</var_dump>
+<!-- init DlTest::test() -->
+<DlTest::test>
+</DlTest::test>
+<var_dump>
+string(12) "Hello World!"
+</var_dump>