Package: php-yaml
Version: 2.0.2+1.3.1-4
Severity: normal
Dear Maintainer,
I'm observing a repeatable PHP segfault then php-yaml attempts to parse any
file that uses the "<<" array-merge syntax. A minimal example:
- <<:
foo: bar
After placing this text in a file called "demo.yml", the markup can be parsed
via this command-line invovation of PHP:
php -r 'yaml_parse(file_get_contents("demo.yml"));'
The above command prints "Segmentation fault", and exits with code
139. A GDB session showing the stack trace:
$ gdb php
GNU gdb (Debian 8.2-1) 8.2
...
(gdb) run -r 'yaml_parse(file_get_contents("demo.yml"));'
Starting program: /usr/bin/php -r 'yaml_parse(file_get_contents("demo.yml"));'
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x5580b82c in zend_hash_merge ()
(gdb) bt
#0 0x5580b82c in zend_hash_merge ()
#1 0x71023b49 in handle_mapping () from /usr/lib/php/20180731/yaml.so
#2 0x71023d16 in handle_sequence () from /usr/lib/php/20180731/yaml.so
#3 0x7102329b in handle_document () from /usr/lib/php/20180731/yaml.so
#4 0x7102350f in php_yaml_read_partial () from
/usr/lib/php/20180731/yaml.so
#5 0x71022983 in ?? () from /usr/lib/php/20180731/yaml.so
#6 0x74d598d5 in xdebug_execute_internal
(current_execute_data=0x74a1c0a0, return_value=0x7fffc868)
at ./build-7.3/xdebug.c:1977
#7 0x55651f16 in ?? ()
#8 0x5587ab67 in execute_ex ()
#9 0x74d58f03 in xdebug_execute_ex
(execute_data=0x74a1c030) at ./build-7.3/xdebug.c:1868
#10 0x55881097 in zend_execute ()
#11 0x557ed017 in zend_eval_stringl ()
#12 0x557ed0f9 in zend_eval_stringl_ex ()
#13 0x55883212 in ?? ()
#14 0x5566184f in ?? ()
#15 0x7703a09b in __libc_start_main (main=0x556613c0,
argc=3, argv=0x7fffe128, init=,
fini=, rtld_fini=,
stack_end=0x7fffe118) at ../csu/libc-start.c:308
#16 0x5566194a in _start ()
(gdb) quit
A file that does not use this syntax does not exhibit the issue, eg:
- foo: bar
There are similarities between this crash and an upstream bug which is
reportedly fixed in 1.3.2:
- https://bugs.php.net/bug.php?id=74886
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages php-yaml depends on:
ii libapache2-mod-php7.3 [phpapi-20180731] 7.3.1-1
ii libc62.28-5
ii libyaml-0-2 0.2.1-1
ii php-common 2:69
ii php7.3-cli [phpapi-20180731] 7.3.1-1
ii php7.3-phpdbg [phpapi-20180731] 7.3.1-1
php-yaml recommends no packages.
php-yaml suggests no packages.