Fix GH-15208: Segfault with breakpoint map and phpdbg_clear()

nielsdos · nielsdos · commit 97b03186c4e6 · 2024-11-26T22:26:37.000+01:00
It crashes because it's gonna try accessing the breakpoint which was cleared by user code in `phpdbg_clear();`. Not all breakpoint data was properly cleaned. Closes GH-16953.
diff --git a/NEWS b/NEWS
@@ -47,6 +47,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
     (nielsdos, Hans Krentel)
 
+- PHPDBG:
+  . Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()).
+    (nielsdos)
+
 - SimpleXML:
   . Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator
     ->current() with a xml element input). (nielsdos)
diff --git a/sapi/phpdbg/phpdbg.c b/sapi/phpdbg/phpdbg.c
@@ -369,6 +369,7 @@ PHP_FUNCTION(phpdbg_clear)
 	zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE]);
 	zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE]);
 	zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD]);
+	zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP]);
 	zend_hash_clean(&PHPDBG_G(bp)[PHPDBG_BREAK_COND]);
 } /* }}} */
 
diff --git a/sapi/phpdbg/tests/gh15208.phpt b/sapi/phpdbg/tests/gh15208.phpt
@@ -0,0 +1,15 @@
+--TEST--
+GH-15208 (Segfault with breakpoint map and phpdbg_clear())
+--PHPDBG--
+r
+q
+--FILE--
+<?php
+phpdbg_break_method("foo", "bar");
+phpdbg_clear();
+?>
+--EXPECTF--
+[Successful compilation of %s]
+prompt> [Breakpoint #0 added at foo::bar]
+[Script ended normally]
+prompt>
