Patch php7.4.3-ubuntu with upstream's fix for upstream #80781

Bug #1951031 reported by John Morton
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php7.4 (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Athos Ribeiro
Hirsute
Fix Released
Undecided
Athos Ribeiro
Impish
Invalid
Undecided
Unassigned
php8.0 (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Invalid
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned
Impish
Invalid
Undecided
Unassigned

Bug Description

[Impact]

When an ErrorException is raised on certain code paths, php will enter an infinite loop, which could possibly lead to having the process and a web server connection hanging.

The proposed upload applies the upstream fix for the issue, as shown in https://bugs.php.net/bug.php?id=80781.

[Test Plan]

On a {hirsute,focal} environment, install php and use the script proposed at

https://raw.githubusercontent.com/php/php-src/6dd85f83f78fbafc4a90b264e577a31b59323314/Zend/tests/bug80781.phpt

to reproduce the bug; php will enter an infinite loop.

Upgrade php to install the proposed fix and run the reproducer script again.

Now, php will throw an error like

PHP Fatal error: Uncaught ErrorException: Illegal offset type in isset or empty in $LOCATION_STR
Stack trace:
#0 $LOCATION_STR2: handle()
#1 {main}
  thrown in $LOCATION_STR3

Indicating the issue has been resolved.

[Where problems could occur]

The upstream patch was backported from php 8 to a newer patch version of php 7.4 than the ones being patched here (available in focal and hirsute). This could trigger uniexpected behaviors not experienced in upstream versions of php. The affected code isn't limited to a particular subfunction of PHP that we could point out, it could be triggered anytime
the slow fallback to the internal array handling is running (and the condition is to throw an exception while in that).

Moreover, php build depends on several different packages. Some of these could have been changed since the last php build, which could also lead to unseen, unexpected behavior.

[Other Info]

This bug does not affect the versions of php available in impish and later. It also does not affect bionic. Therefore, SRUs are only needed for hirsute and focal.

[Original message]

We are experiencing this reproducible crash with 7.4.3-4ubuntu2.7
https://bugs.php.net/bug.php?id=80781

This was fixed 9 months ago in upstream PHP 7.4.15.

Can you apply the patch for #80781 and get it out in the next release of Ubuntu's PHP?

Related branches

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for taking the time to report this bug and trying to make Ubuntu better.

This is the upstream commit that we need to cherry-pick to fix this issue:

https://github.com/php/php-src/commit/6dd85f83f78fbafc4a90b264e577a31b59323314

And it seems to be fixed only in version 7.4.17 onward, in despite of the upstream bug saying that it was fixed in 7.4.15. In this case, this should be impacting Focal and Hirsute.

Changed in php7.4 (Ubuntu):
status: New → Fix Released
status: Fix Released → Invalid
tags: added: server-todo
tags: added: server-next
removed: server-todo
Changed in php8.0 (Ubuntu Hirsute):
status: New → Invalid
Changed in php8.0 (Ubuntu Focal):
status: New → Invalid
Changed in php7.4 (Ubuntu Impish):
status: New → Invalid
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Adding tasks to php8.0 just to make sure it is not impacted by this bug.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

By using the reproducer script provided in [1],

- I confirm that impish and jammy are not affected (the tests resulted in the expected behavior described in [2]);
- Both hirsute and focal are affected, as already mentioned by Lucas.

I applied the patch linked by Lucas to the hirsute and focal packages in this PPA: https://launchpad.net/~athos-ribeiro/+archive/ubuntu/php7-lp-1951031/+packages

MPs were proposed in [3] and [4]. I will follow up with filling an SRU template shortly.

[1] https://github.com/php/php-src/commit/6dd85f83f78fbafc4a90b264e577a31b59323314#diff-ec66169649c48cc98a3bb86b988d4486d2fdd7d6bf0ec85ddf3a3593bfc00e8fR4-R26
[2] https://github.com/php/php-src/commit/6dd85f83f78fbafc4a90b264e577a31b59323314#diff-ec66169649c48cc98a3bb86b988d4486d2fdd7d6bf0ec85ddf3a3593bfc00e8fR27-R32
[3] https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/php7.4/+git/php7.4/+merge/412416
[4] https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/php7.4/+git/php7.4/+merge/412418

Changed in php8.0 (Ubuntu Impish):
status: New → Invalid
Changed in php7.4 (Ubuntu Focal):
status: New → Triaged
Changed in php7.4 (Ubuntu Hirsute):
status: New → Triaged
Changed in php8.0 (Ubuntu):
status: New → Invalid
description: updated
description: updated
description: updated
Changed in php7.4 (Ubuntu Focal):
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Changed in php7.4 (Ubuntu Hirsute):
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Changed in php7.4 (Ubuntu Focal):
status: Triaged → In Progress
Changed in php7.4 (Ubuntu Hirsute):
status: Triaged → In Progress
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello John, or anyone else affected,

Accepted php7.4 into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in php7.4 (Ubuntu Hirsute):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-hirsute
Changed in php7.4 (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello John, or anyone else affected,

Accepted php7.4 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (php7.4/7.4.16-1ubuntu2.3)

All autopkgtests for the newly accepted php7.4 (7.4.16-1ubuntu2.3) for hirsute have finished running.
The following regressions have been reported in tests triggered by the package:

php-pda-pheanstalk/4.0.3-1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/hirsute/update_excuses.html#php7.4

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote (last edit ):

I performed the verification for both focal and hirsute following the test plan described above.

on a hirsute/focal environment:

- Install php7.4
- Fetch and run the test script:

$ wget https://raw.githubusercontent.com/php/php-src/6dd85f83f78fbafc4a90b264e577a31b59323314/Zend/tests/bug80781.phpt
$ php bug80781.phpt

This will trigger the bug and php will enter an infinite loop.

- Enable the proposed pocked and upgrade php7.4 to the proposed fix version

The new installed versions were 7.4.3-4ubuntu2.8 in focal, and 7.4.16-1ubuntu2.3 in hirsute

- Re-run the test script

$ php bug80781.phpt

Now, php exists with an error, as expected:

--TEST--
Bug #80781: Error handler that throws ErrorException infinite loop
--FILE--
PHP Fatal error: Uncaught ErrorException: Illegal offset type in isset or empty in /root/bug80781.phpt:22
Stack trace:
#0 $PATH/bug80781.phpt(22): handle()
#1 {main}
  thrown in $PATH/bug80781.phpt on line 22

The results were the same (as expected) for both focal and hirsute.

tags: added: verification-done verification-done-focal verification-done-hirsute
removed: verification-needed verification-needed-focal verification-needed-hirsute
Revision history for this message
John Morton (ipromote-john) wrote :

We see Athos tested via the script, so we focused on testing our app. We have the deployed PHP from the proposed repo. We have verified it fixes our crash issue.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.4 - 7.4.16-1ubuntu2.3

---------------
php7.4 (7.4.16-1ubuntu2.3) hirsute; urgency=medium

  * d/p/0047-fix-exception-infinite-loop.patch: Fix ErrorException infinite
    loop (LP: #1951031)

 -- Athos Ribeiro <email address hidden> Thu, 25 Nov 2021 18:36:47 -0300

Changed in php7.4 (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for php7.4 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.4 - 7.4.3-4ubuntu2.8

---------------
php7.4 (7.4.3-4ubuntu2.8) focal; urgency=medium

  * d/p/0047-fix-exception-infinite-loop.patch: Fix ErrorException infinite
    loop (LP: #1951031)

 -- Athos Ribeiro <email address hidden> Thu, 25 Nov 2021 20:16:22 -0300

Changed in php7.4 (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
John Morton (ipromote-john) wrote :

Will this patch make it into the normal Ubuntu 20.04 repos?

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hi @John,

It just landed in the focal-updates pocket and should be available for 20.04 users.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers