Merged pull request xdebug#1003

derickr · derickr · commit 26c4b929a2ae · 2025-04-04T11:30:12.000+01:00
diff --git a/src/lib/var.c b/src/lib/var.c
@@ -462,7 +462,7 @@ static void fetch_zval_from_symbol_table(
 				if (xdebug_lib_has_active_object()) {
 					ZVAL_COPY(&tmp_retval, xdebug_lib_get_active_object());
 				} else {
-					ZVAL_NULL(&tmp_retval);
+					ZVAL_UNDEF(&tmp_retval);
 				}
 				goto cleanup;
 			}
@@ -495,40 +495,44 @@ static void fetch_zval_from_symbol_table(
 			XDEBUG_BREAK_INTENTIONALLY_MISSING
 
 		case XF_ST_OBJ_PROPERTY:
+			/* If we don't have an object, bail out */
+			if (!value_in || Z_TYPE_P(value_in) != IS_OBJECT) {
+				ZVAL_UNDEF(&tmp_retval);
+				goto cleanup;
+			}
+
 			/* Let's see if there is a debug handler */
-			if (value_in && Z_TYPE_P(value_in) == IS_OBJECT) {
-				myht = xdebug_objdebug_pp(&value_in, XDEBUG_VAR_OBJDEBUG_DEFAULT);
+			myht = xdebug_objdebug_pp(&value_in, XDEBUG_VAR_OBJDEBUG_DEFAULT);
 
-				if (myht) {
-					/* As a normal (public) property */
-					zval *tmp = zend_symtable_str_find(myht, name, name_length);
-					if (tmp != NULL) {
+			if (myht) {
+				/* As a normal (public) property */
+				zval *tmp = zend_symtable_str_find(myht, name, name_length);
+				if (tmp != NULL) {
 #if PHP_VERSION_ID >= 80400
-						if (Z_TYPE_P(tmp) == IS_PTR) {
-							zend_release_properties(myht);
-							goto skip_for_property_hook;
-						}
-#endif
-						ZVAL_COPY(&tmp_retval, tmp);
+					if (Z_TYPE_P(tmp) == IS_PTR) {
 						zend_release_properties(myht);
-						goto cleanup;
+						goto skip_for_property_hook;
 					}
+#endif
+					ZVAL_COPY(&tmp_retval, tmp);
+					zend_release_properties(myht);
+					goto cleanup;
+				}
 
-					/* As a private property */
-					{
-						char *unmangled = replace_star_by_null(name, name_length);
-						zval *tmp = zend_symtable_str_find(myht, unmangled, name_length);
-						if (tmp != NULL) {
-							ZVAL_COPY(&tmp_retval, tmp);
-							zend_release_properties(myht);
-							xdfree(unmangled);
-							goto cleanup;
-						}
+				/* As a private property */
+				{
+					char *unmangled = replace_star_by_null(name, name_length);
+					zval *tmp = zend_symtable_str_find(myht, unmangled, name_length);
+					if (tmp != NULL) {
+						ZVAL_COPY(&tmp_retval, tmp);
+						zend_release_properties(myht);
 						xdfree(unmangled);
+						goto cleanup;
 					}
-
-					zend_release_properties(myht);
+					xdfree(unmangled);
 				}
+
+				zend_release_properties(myht);
 			}
 
 #if PHP_VERSION_ID >= 80400
diff --git a/tests/debugger/bug02331.inc b/tests/debugger/bug02331.inc
@@ -0,0 +1,4 @@
+<?php
+$GLOBALS['->h'] = 5;
+echo(1);
+?>
diff --git a/tests/debugger/bug02331.phpt b/tests/debugger/bug02331.phpt
@@ -0,0 +1,45 @@
+--TEST--
+Test for bug #2331: Segmentation fault with 'invalid' variable names
+--SKIPIF--
+<?php
+require __DIR__ . '/../utils.inc';
+check_reqs('dbgp');
+?>
+--FILE--
+<?php
+require 'dbgp/dbgpclient.php';
+$filename = dirname(__FILE__) . '/bug02331.inc';
+
+$commands = array(
+	'step_into',
+	'context_get -c 1',
+	'step_into',
+	'context_get -c 1',
+	'detach',
+);
+
+dbgpRunFile( $filename, $commands );
+?>
+--EXPECTF--
+<?xml version="1.0" encoding="iso-8859-1"?>
+<init xmlns="urn:debugger_protocol_v1" xmlns:xdebug="https://xdebug.org/dbgp/xdebug" fileuri="file://bug02331.inc" language="PHP" xdebug:language_version="" protocol_version="1.0" appid=""><engine version=""><![CDATA[Xdebug]]></engine><author><![CDATA[Derick Rethans]]></author><url><![CDATA[https://xdebug.org]]></url><copyright><![CDATA[Copyright (c) 2002-2099 by Derick Rethans]]></copyright></init>
+
+-> step_into -i 1
+<?xml version="1.0" encoding="iso-8859-1"?>
+<response xmlns="urn:debugger_protocol_v1" xmlns:xdebug="https://xdebug.org/dbgp/xdebug" command="step_into" transaction_id="1" status="break" reason="ok"><xdebug:message filename="file://bug02331.inc" lineno="2"></xdebug:message></response>
+
+-> context_get -i 2 -c 1
+<?xml version="1.0" encoding="iso-8859-1"?>
+<response xmlns="urn:debugger_protocol_v1" xmlns:xdebug="https://xdebug.org/dbgp/xdebug" command="context_get" transaction_id="2" context="1">%s</response>
+
+-> step_into -i 3
+<?xml version="1.0" encoding="iso-8859-1"?>
+<response xmlns="urn:debugger_protocol_v1" xmlns:xdebug="https://xdebug.org/dbgp/xdebug" command="step_into" transaction_id="3" status="break" reason="ok"><xdebug:message filename="file://bug02331.inc" lineno="3"></xdebug:message></response>
+
+-> context_get -i 4 -c 1
+<?xml version="1.0" encoding="iso-8859-1"?>
+<response xmlns="urn:debugger_protocol_v1" xmlns:xdebug="https://xdebug.org/dbgp/xdebug" command="context_get" transaction_id="4" context="1">%s</response>
+
+-> detach -i 5
+<?xml version="1.0" encoding="iso-8859-1"?>
+<response xmlns="urn:debugger_protocol_v1" xmlns:xdebug="https://xdebug.org/dbgp/xdebug" command="detach" transaction_id="5" status="stopping" reason="ok"></response>

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +<?php
 +$GLOBALS['->h'] = 5;
 +echo(1);
 +?>