protobuf-3.3.2 segment fault: 11

[roczpwu]

php-version: php 7.1.7
protobuf-vsesion:protobuf 3.3.2(https://pecl.php.net/package/protobuf/3.3.2)

Here is the proto file and backtrace message:
//=================================================
syntax = "proto3";
package com;
message A
{
string str = 1;
}
message B
{
A a = 307001;
string json_body_req = 308000;
}
//=======================================================
php script is :
$b = new \Com\B();
$a = new Com\A();
$a->setStr("hello");
$b->setJsonBodyReq("world");
$b->setA($a);
$str = $b->serializeToString();

$b = new \Com\B();
$b->mergeFromString($str);
var_dump($b->getA()->getStr());
//=======================================================
Core was generated by `php Client.php'.
Program terminated with signal 11, Segmentation fault.
#0 stringdata_handler (closure=0x600000002, hd=0x322d2f0,
str=0x7efe59462419 "hello", len=5, handle=0x7fff883d3820)
at /root/protobuf-3.3.2/encode_decode.c:325
325 /root/protobuf-3.3.2/encode_decode.c: No such file or directory.
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 glibc-2.17-157.el7_3.5.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.14.1-27.el7_3.x86_64 libcom_err-1.42.9-9.el7.x86_64 libcurl-7.29.0-35.el7.centos.x86_64 libidn-1.28-4.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libmcrypt-2.5.8-13.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 libselinux-2.5-6.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 nspr-4.13.1-1.0.el7_3.x86_64 nss-3.28.4-1.2.el7_3.x86_64 nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 nss-util-3.28.4-1.0.el7_3.x86_64 openssl-libs-1.0.1e-60.el7_3.1.x86_64 pcre-8.32-15.el7_2.1.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) bt
#0 stringdata_handler (closure=0x600000002, hd=0x322d2f0,
str=0x7efe59462419 "hello", len=5, handle=0x7fff883d3820)
at /root/protobuf-3.3.2/encode_decode.c:325
#1 0x00007efe58ec4cc7 in upb_sink_putstring (handle=0x7fff883d3820, n=5,
buf=, sel=2, s=)
at /root/protobuf-3.3.2/upb.h:6285
#2 run_decoder_vm (d=0x7fff883d3908, group=, handle=0x7fff883d3820)
at /root/protobuf-3.3.2/upb.c:9942
#3 0x00007efe58eb6b86 in upb_bytessink_putbuf (s=0x7fff883d3910,
handle=0x7fff883d3820, size=22,
buf=0x7efe59462408 "\202\262\226\001\005world\312\363\225\001\a\n\005hello",
subc=) at /root/protobuf-3.3.2/upb.h:6228
#4 upb_bufsrc_putbuf (
buf=0x7efe59462408 "\202\262\226\001\005world\312\363\225\001\a\n\005hello",
len=22, sink=0x7fff883d3910) at /root/protobuf-3.3.2/upb.c:5106
#5 0x00007efe58ead8f1 in zim_Message_mergeFromString (
execute_data=, return_value=)
at /root/protobuf-3.3.2/encode_decode.c:1449
#6 0x000000000089a696 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER ()
at /root/php-7.1.7/Zend/zend_vm_execute.h:970
#7 0x000000000084930b in execute_ex (ex=)
at /root/php-7.1.7/Zend/zend_vm_execute.h:429
#8 0x000000000089c3f4 in zend_execute (op_array=0x7efe59480000,
op_array@entry=0x7efe59463ae0, return_value=return_value@entry=0x7efe59413030)
at /root/php-7.1.7/Zend/zend_vm_execute.h:474
#9 0x00000000008045a4 in zend_execute_scripts (type=type@entry=8,
retval=0x7efe59413030, retval@entry=0x0, file_count=file_count@entry=3)
at /root/php-7.1.7/Zend/zend.c:1476
#10 0x00000000007a56f0 in php_execute_script (
primary_file=primary_file@entry=0x7fff883d6d50)
at /root/php-7.1.7/main/main.c:2537
#11 0x000000000089e58f in do_cli (argc=2, argv=0x306dae0)
at /root/php-7.1.7/sapi/cli/php_cli.c:993
#12 0x000000000043cea0 in main (argc=2, argv=0x306dae0)
at /root/php-7.1.7/sapi/cli/php_cli.c:1381
(gdb) source /root/php-7.1.7/.gdbinit
(gdb) zbacktrace
[0x7efe59413260] Google\Protobuf\Internal\Message->mergeFromString("\37777777602\37777777662\37777777626\1\5world\37777777712\37777777763\37777777625\1\7\12\5hello") [internal function]
[0x7efe59413030] (main) /root/test/tsf2.0/App/Udp/Client.php:26
(gdb)

[TeBoring]

Does this still happen with 3.4.0 release?

[jbq]

This issue can be closed, starting with version 3.4.0 the crash has vanished. See full testcase at https://github.com/jbq/protobuf-bug-3402