zend_print_flat_zval_r doesn't consider reference

Bug #1674892 reported by Frederique Rijsdijk on 2017-03-22
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
php7.0 (Ubuntu)
Status tracked in Artful
Xenial
Undecided
Nish Aravamudan
Yakkety
Undecided
Nish Aravamudan
Zesty
Undecided
Nish Aravamudan
Artful
Undecided
Unassigned

Bug Description

[Impact]

 * Users hit an error with PHP7.0 when zend_print_flat_zval_r doesn't consider a reference.

The following error may be triggered:
PHP Notice: Array to string conversion;
Catchable fatal error: Object could not be converted to string.

[Test Case]

 * From the upstream bug:

$a = array('a');
class b{};
$b = new b;
$test[] =& $a;
$test[] =& $b;
test($test);
function test() {
    debug_print_backtrace();
}

Expected result:
----------------
#0 test(Array ([0] => Array ([0] => a),[1] => b Object ())) called at [/Users/playcrab/Documents/code/php/test/test7.php:7]

Actual result:
--------------
#0 test(Array ([0] => PHP Notice: Array to string conversion in /Users/playcrab/Documents/code/php/test/test7.php on line 9
PHP Stack trace:
PHP 1. {main}() /Users/playcrab/Documents/code/php/test/test7.php:0
PHP 2. test() /Users/playcrab/Documents/code/php/test/test7.php:7
PHP 3. debug_print_backtrace() /Users/playcrab/Documents/code/php/test/test7.php:9
PHP Catchable fatal error: Object of class b could not be converted to string in /Users/playcrab/Documents/code/php/test/test7.php on line 9
PHP Stack trace:
PHP 1. {main}() /Users/playcrab/Documents/code/php/test/test7.php:0
PHP 2. test() /Users/playcrab/Documents/code/php/test/test7.php:7
PHP 3. debug_print_backtrace() /Users/playcrab/Documents/code/php/test/test7.php:9

Notice: Array to string conversion in /Users/playcrab/Documents/code/php/test/test7.php on line 9

Call Stack:
    0.0068 353088 1. {main}() /Users/playcrab/Documents/code/php/test/test7.php:0
    0.0080 353928 2. test() /Users/playcrab/Documents/code/php/test/test7.php:7
    0.0080 353928 3. debug_print_backtrace() /Users/playcrab/Documents/code/php/test/test7.php:9

Array,[1] =>
Catchable fatal error: Object of class b could not be converted to string in /Users/playcrab/Documents/code/php/test/test7.php on line 9

Call Stack:
    0.0068 353088 1. {main}() /Users/playcrab/Documents/code/php/test/test7.php:0
    0.0080 353928 2. test() /Users/playcrab/Documents/code/php/test/test7.php:7
    0.0080 353928 3. debug_print_backtrace() /Users/playcrab/Documents/code/php/test/test7.php:9

[Regression Potential]

 * I believe the regression potential is low to zero for this fix (via 7.0.18 upstream). The reason is that the code as-is in 16.04 does not work and leads to backtraces. The fix introduce upstream resolves the issue.

---

https://bugs.php.net/bug.php?id=73916

We've hit this bug in 7.0.15, the current/latest version for Xenial.

It was fixed in 7.0.16 by php.net, Feb 16 2017. It would be nice if Xenials packages would be updated to reflect this fix.

Patch: http://git.php.net/?p=php-src.git;a=blobdiff;f=Zend/zend.c;h=2a47e9244ba787a2ad35e9220171b04d1a5de634;hp=3f3ca75e382b1dec98fd138307d812f36f02251e;hb=04379bcb1df25a9f9cc1d440f5c12105b9fbaf97;hpb=bd75f9e61375c7632bb55b0d49b470ecd94e8ec7

Nish Aravamudan (nacc) wrote :

I plan on SRU'ing 7.0.17 once 17.04 releases (so the archive is open).

Nish Aravamudan (nacc) wrote :

If you wouldn't mind testing: https://launchpad.net/~nacc/+archive/ubuntu/php7testbuilds has 7.0.17 for xenial. Please do no run this in production, but see if it resolves your issue.

If it does, and given the small fix needed, I can probably squeeze this in during the freeze if it's urgent on your end (it will still take at least a week to make it in to 16.04).

This solves our problems!

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in php7.0 (Ubuntu Xenial):
status: New → Confirmed
Changed in php7.0 (Ubuntu Yakkety):
status: New → Confirmed
Changed in php7.0 (Ubuntu):
status: New → Confirmed
Nish Aravamudan (nacc) wrote :

I just uploaded 7.0.18 to artful. I will SRU this back next to the various releases.

Changed in php7.0 (Ubuntu Artful):
status: Confirmed → Fix Committed
Nish Aravamudan (nacc) on 2017-04-26
Changed in php7.0 (Ubuntu Artful):
status: Fix Committed → Fix Released
assignee: Nish Aravamudan (nacc) → nobody
Changed in php7.0 (Ubuntu Zesty):
assignee: nobody → Nish Aravamudan (nacc)
Changed in php7.0 (Ubuntu Yakkety):
assignee: nobody → Nish Aravamudan (nacc)
Changed in php7.0 (Ubuntu Xenial):
assignee: nobody → Nish Aravamudan (nacc)
Nish Aravamudan (nacc) wrote :

Just as an FYI, I'm uploading the SRU of 7.0.18 to all three release today, it will need some help testing from proposed once it's landed.

Nish Aravamudan (nacc) on 2017-04-27
description: updated

Hello Frederique, or anyone else affected,

Accepted php7.0 into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/php7.0/7.0.18-0ubuntu0.17.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in php7.0 (Ubuntu Zesty):
status: Confirmed → Fix Committed
tags: added: verification-needed
Brian Murray (brian-murray) wrote :

Hello Frederique, or anyone else affected,

Accepted php7.0 into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/php7.0/7.0.18-0ubuntu0.16.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in php7.0 (Ubuntu Yakkety):
status: Confirmed → Fix Committed
Nish Aravamudan (nacc) wrote :

Set up LXD containers of 16.10 and 17.04. Ran the testcase in the description with the actual and expected results before/after the upgrade to the proposed versions. Testcase passes with the following versions:

16.10:

# apt policy php7.0-cli
php7.0-cli:
  Installed: 7.0.18-0ubuntu0.16.10.1
  Candidate: 7.0.18-0ubuntu0.16.10.1
  Version table:
 *** 7.0.18-0ubuntu0.16.10.1 500
        500 http://archive.ubuntu.com/ubuntu yakkety-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     7.0.15-0ubuntu0.16.10.4 500
        500 http://archive.ubuntu.com/ubuntu yakkety-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu yakkety-security/main amd64 Packages
     7.0.8-3ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu yakkety/main amd64 Packages

17.04:

# apt policy php7.0-cli
php7.0-cli:
  Installed: 7.0.18-0ubuntu0.17.04.1
  Candidate: 7.0.18-0ubuntu0.17.04.1
  Version table:
 *** 7.0.18-0ubuntu0.17.04.1 500
        500 http://archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     7.0.15-1ubuntu4 500
        500 http://archive.ubuntu.com/ubuntu zesty/main amd64 Packages

Marking v-d.

tags: added: verification-done-yakkety verification-done-zesty
removed: verification-needed

Brian Murray - I don't see the packages yet in xenial-proposed, is this correct?

That's correct, the SRU for Xenial has not been accepted yet.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.0 - 7.0.18-0ubuntu0.17.04.1

---------------
php7.0 (7.0.18-0ubuntu0.17.04.1) zesty; urgency=medium

  * New upstream release 7.0.18
    - LP: #1686237
    - LP: #1674892
    - Refresh patches for new upstream release
  * Drop:
    - debian/patches/0050-Fix-pdo_pgsql.patch: Fixed #73959 - lastInsertId
      fails to throw an exception in pdsql. Thanks to andrewnester
      <email address hidden>. Closes LP #1658289.
      [ Fixed upstream in 7.0.16 ]
    - SECURITY REGRESSION: large mysql requests broken (LP #1668017)
      + debian/patches/fix_74021.patch: fix fetch_array with more than
        MEDIUMBLOB in ext/mysqlnd/mysqlnd_wireprotocol.c, added tests to
        ext/mysqli/tests/bug73800.phpt, ext/mysqli/tests/bug74021.phpt.
      [ Fixed upstream in 7.0.17 ]

 -- Nishanth Aravamudan <email address hidden> Wed, 26 Apr 2017 16:59:48 -0700

Changed in php7.0 (Ubuntu Zesty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for php7.0 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Hello Frederique, or anyone else affected,

Accepted php7.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/php7.0/7.0.18-0ubuntu0.16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in php7.0 (Ubuntu Xenial):
status: Confirmed → Fix Committed
tags: added: verification-needed
Nish Aravamudan (nacc) wrote :

Set up LXD container of 16.04. Ran the testcase in the description with the actual and expected results before/after the upgrade to the proposed versions. Testcase passes with the following versions:

# apt policy php7.0-cli
php7.0-cli:
  Installed: 7.0.18-0ubuntu0.16.04.1
  Candidate: 7.0.18-0ubuntu0.16.04.1
  Version table:
 *** 7.0.18-0ubuntu0.16.04.1 500
        500 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     7.0.15-0ubuntu0.16.04.4 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
     7.0.4-7ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Marking verification-done.

tags: added: verification-done-xenial
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.0 - 7.0.18-0ubuntu0.16.10.1

---------------
php7.0 (7.0.18-0ubuntu0.16.10.1) yakkety; urgency=medium

  * New upstream release 7.0.18
    - LP: #1686237
    - LP: #1674892
    - Refresh patches for new upstream release
  * Drop:
    - debian/patches/0048-Fix-pdo_pgsql.patch: Fixed #73959 - lastInsertId
      fails to throw an exception in pdsql. Thanks to andrewnester
      <email address hidden>. Closes LP #1658289.
      [ Fixed upstream in 7.0.16 ]
    - SECURITY REGRESSION: large mysql requests broken (LP #1668017)
      + debian/patches/fix_74021.patch: fix fetch_array with more than
        MEDIUMBLOB in ext/mysqlnd/mysqlnd_wireprotocol.c, added tests to
        ext/mysqli/tests/bug73800.phpt, ext/mysqli/tests/bug74021.phpt.
      [ Fixed upstream in 7.0.17 ]

 -- Nishanth Aravamudan <email address hidden> Wed, 26 Apr 2017 16:55:19 -0700

Changed in php7.0 (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.0 - 7.0.18-0ubuntu0.16.04.1

---------------
php7.0 (7.0.18-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream release 7.0.18
    - LP: #1686237
    - LP: #1674892
    - Refresh patches for new upstream release
  * Drop:
    - debian/patches/0053-Fix-pdo_pgsql.patch: Fixed #73959 - lastInsertId
      fails to throw an exception in pdsql. Thanks to andrewnester
      <email address hidden>. Closes LP #1658289.
      [ Fixed upstream in 7.0.16, prior changelog referred to wrong
        patchfile ]
    - SECURITY REGRESSION: large mysql requests broken (LP #1668017)
      + debian/patches/fix_74021.patch: fix fetch_array with more than
        MEDIUMBLOB in ext/mysqlnd/mysqlnd_wireprotocol.c, added tests to
        ext/mysqli/tests/bug73800.phpt, ext/mysqli/tests/bug74021.phpt.
      [ Fixed upstream in 7.0.17 ]
  * d/control{,.in}: Backport "libapache2-mod-phpX.Y now recommends
    apache2 package (as this is what most people want anyway)" from
    Debian 8.0.7-3 (LP: #1689646).

 -- Nishanth Aravamudan <email address hidden> Wed, 10 May 2017 09:19:03 -0700

Changed in php7.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers