Patch php7.4.3-ubuntu with upstream's fix for upstream #80781
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php7.4 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Athos Ribeiro | ||
Hirsute |
Fix Released
|
Undecided
|
Athos Ribeiro | ||
Impish |
Invalid
|
Undecided
|
Unassigned | ||
php8.0 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Hirsute |
Invalid
|
Undecided
|
Unassigned | ||
Impish |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[Impact]
When an ErrorException is raised on certain code paths, php will enter an infinite loop, which could possibly lead to having the process and a web server connection hanging.
The proposed upload applies the upstream fix for the issue, as shown in https:/
[Test Plan]
On a {hirsute,focal} environment, install php and use the script proposed at
to reproduce the bug; php will enter an infinite loop.
Upgrade php to install the proposed fix and run the reproducer script again.
Now, php will throw an error like
PHP Fatal error: Uncaught ErrorException: Illegal offset type in isset or empty in $LOCATION_STR
Stack trace:
#0 $LOCATION_STR2: handle()
#1 {main}
thrown in $LOCATION_STR3
Indicating the issue has been resolved.
[Where problems could occur]
The upstream patch was backported from php 8 to a newer patch version of php 7.4 than the ones being patched here (available in focal and hirsute). This could trigger uniexpected behaviors not experienced in upstream versions of php. The affected code isn't limited to a particular subfunction of PHP that we could point out, it could be triggered anytime
the slow fallback to the internal array handling is running (and the condition is to throw an exception while in that).
Moreover, php build depends on several different packages. Some of these could have been changed since the last php build, which could also lead to unseen, unexpected behavior.
[Other Info]
This bug does not affect the versions of php available in impish and later. It also does not affect bionic. Therefore, SRUs are only needed for hirsute and focal.
[Original message]
We are experiencing this reproducible crash with 7.4.3-4ubuntu2.7
https:/
This was fixed 9 months ago in upstream PHP 7.4.15.
Can you apply the patch for #80781 and get it out in the next release of Ubuntu's PHP?
Related branches
- Christian Ehrhardt (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 225 lines (+203/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/0047-fix-exception-infinite-loop.patch (+195/-0)
debian/patches/series (+1/-0)
- Christian Ehrhardt (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 225 lines (+203/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/0047-fix-exception-infinite-loop.patch (+195/-0)
debian/patches/series (+1/-0)
tags: |
added: server-next removed: server-todo |
Changed in php8.0 (Ubuntu Hirsute): | |
status: | New → Invalid |
Changed in php8.0 (Ubuntu Focal): | |
status: | New → Invalid |
Changed in php7.4 (Ubuntu Impish): | |
status: | New → Invalid |
description: | updated |
description: | updated |
description: | updated |
Changed in php7.4 (Ubuntu Focal): | |
assignee: | nobody → Athos Ribeiro (athos-ribeiro) |
Changed in php7.4 (Ubuntu Hirsute): | |
assignee: | nobody → Athos Ribeiro (athos-ribeiro) |
Changed in php7.4 (Ubuntu Focal): | |
status: | Triaged → In Progress |
Changed in php7.4 (Ubuntu Hirsute): | |
status: | Triaged → In Progress |
Thanks for taking the time to report this bug and trying to make Ubuntu better.
This is the upstream commit that we need to cherry-pick to fix this issue:
https:/ /github. com/php/ php-src/ commit/ 6dd85f83f78fbaf c4a90b264e577a3 1b59323314
And it seems to be fixed only in version 7.4.17 onward, in despite of the upstream bug saying that it was fixed in 7.4.15. In this case, this should be impacting Focal and Hirsute.