Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:127104 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id DB8CB1A00BC for ; Sun, 13 Apr 2025 14:37:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1744554912; bh=r48rmw8o0rjUfXtwbKf2py3gSVcsYVZy9eRJDh+lPQ0=; h=Date:Subject:To:References:From:In-Reply-To:From; b=YJutGHp/+MJZrnxvp5mKu02DHDP514+oSVlYDsp7jUmJf7V7IWo+4hLsVTYBH1FxU uUnZuKLzwr06mftK5fZK1YxuD6ipyfqzE4B+RMFodX9ybDx+vVTH1EZsPbduRReDpT ufNNiVa7mDII0kgJNF1J6twOLVszfwTHj5dKFUufzW0A6iejG+HDmqonmZfoHV22hF ZJGJqKeyMvRxXfY0w90psWmHGxEF7fsI2oQqezTlz7KjC0dJPbQXsYEtXj97Rk3Gc8 zpoluRH9RWEJ3Md4henmZuKq/JyhUtRUCOe5tgCfGyE0kYs4Yu1gEomwH7z23brULj dQkOekAMiw7+w== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B883C180053 for ; Sun, 13 Apr 2025 14:35:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,HTML_MESSAGE, RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from fhigh-b7-smtp.messagingengine.com (fhigh-b7-smtp.messagingengine.com [202.12.124.158]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 13 Apr 2025 14:35:11 +0000 (UTC) Received: from phl-compute-12.internal (phl-compute-12.phl.internal [10.202.2.52]) by mailfhigh.stl.internal (Postfix) with ESMTP id A46A125401A3 for ; Sun, 13 Apr 2025 10:37:33 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-12.internal (MEProxy); Sun, 13 Apr 2025 10:37:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rwec.co.uk; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1744555053; x=1744641453; bh=coqXH/XFGq K29NJdWU+rmYYUbLJPA1s8f2dK3co60Aw=; b=yT/zSPGZYhXIPnuAYg/IRU9OL/ De+sC9K98sQL1pVNHQRFHcyi0UDJGdZNOkaSC3bTVVaj1ug94ZABftDUZtIu47Fd vJf8QteMRcF74rNNBuiHP0VJ4zndYLBOdn1R4wG6QpXxEvAc3tfqH0pkWY9oON+k ng4A9XhfkyKpv+kmKva8qUldbRkd8wNeoguCMjRv/EMShRu6/Rbq4LQSif2pd7Se jKAcfTS6UAJli8FsWBdrUux5W25R4do7KAlNJQcEecC+E9ZTzF0D3BQZbAhlrXrj kjHdGPwkMup6PamrbX2u5QQm7LomXVLvKKveBR0StFoGcxW56vfph17exsVQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1744555053; x=1744641453; bh=coqXH/XFGqK29NJdWU+rmYYUbLJPA1s8f2d K3co60Aw=; b=iZAK1PVoqcYaBhFQW/s+/SrcQSEHMQS2pfNa7McO7JaLMD8Jvly dOujHnHEni8i3rCxipNm4ShU3PcLA+U4O1FVe/l0Qr5sqdyUR5CPS5AORqsddspw DGf8SQJSTtbNTNKDL2K44GgySwcDw38MFU2VOXSELksWD1PmDotsNJyw/acOc/l8 zpXQrY8ZCOz90zbXuVWLhutG47lNYtUtkFQj+nxTFUp5aDa5eIuO8CyJHFBdE7lp 1wf3Tl/lEYwPIdUUJFq0lGBe/OGSHnm+zAiMrZF3mAoCl9nTSCO9JopVaFL3KDhi WQW53YY6hnRtatuASpd2PCfJFy6wVuWq7ZQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvudejledtucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpegtkf ffgggfuffvfhfhjgesrgdtreertddvjeenucfhrhhomhepfdftohifrghnucfvohhmmhhi nhhsucglkffoufhorfgnfdcuoehimhhsohhprdhphhhpsehrfigvtgdrtghordhukheqne cuggftrfgrthhtvghrnhepfeekvdeukeegueekhedvgfffkeeuieeutdduuedugeffvedv feeffeejjefgtdegnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehimhhsohhprdhphhhpsehr figvtgdrtghordhukhdpnhgspghrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpd hrtghpthhtohepihhnthgvrhhnrghlsheslhhishhtshdrphhhphdrnhgvth X-ME-Proxy: Feedback-ID: id5114917:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 13 Apr 2025 10:37:32 -0400 (EDT) Content-Type: multipart/alternative; boundary="------------63GIeJ2QxRln0uj4GpXZiFwH" Message-ID: Date: Sun, 13 Apr 2025 15:37:31 +0100 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PHP-DEV] [RFC] [Discussion] Change default for zend.exception_ignore_args INI setting To: internals@lists.php.net References: Content-Language: en-GB In-Reply-To: From: imsop.php@rwec.co.uk ("Rowan Tommins [IMSoP]") This is a multi-part message in MIME format. --------------63GIeJ2QxRln0uj4GpXZiFwH Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 13/04/2025 15:07, Kamil Tekiela wrote: >> This discussion seems to have overlooked that the setting doesn't just >> restrict the*display* of arguments, it restricts the*collection* of >> those arguments into the Exception object, which has visible effects on >> the behaviour and performance of the program. > Oh, I didn't know that. I assumed the arguments wouldn't be freed > until the exception is destructed with it either on or off. In that > case, please ignore everything I said previously. For reference, this is the code in question: https://github.com/php/php-src/blob/1684c52a88d1429cf19d4927fe2edf7ff37c66be/Zend/zend_exceptions.c#L257 When the exception is created, it calls the internal implementation of debug_backtrace, passing either DEBUG_BACKTRACE_IGNORE_ARGS or 0 (which is why it never captures $this). The result is then stored in the private $trace property, to be used by whatever wants it later. zend.exception_string_param_max_len, on the other hand, is used only in zend_trace_to_string - i.e. when converting the stored trace for display, or on call to the getTraceAsString() method. It has no effect if zend.exception_ignore_args was set to 1 when the exception was created, because the 'args' key won't be there to display. It might be useful to have a "middle way" for both debug_backtrace() and exception traces which directly summarised the arguments in some way, and stored only that summary, thus limiting the performance and side-effects of capturing the original values. This wouldn't solve the sensitive information problem, though, so I'm not sure how good an idea it would be. -- Rowan Tommins [IMSoP] --------------63GIeJ2QxRln0uj4GpXZiFwH Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
On 13/04/2025 15:07, Kamil Tekiela wrote:
This discussion seems to have overlooked that the setting doesn't just
restrict the *display* of arguments, it restricts the *collection* of
those arguments into the Exception object, which has visible effects on
the behaviour and performance of the program.

Oh, I didn't know that. I assumed the arguments wouldn't be freed
until the exception is destructed with it either on or off. In that
case, please ignore everything I said previously.


For reference, this is the code in question: https://github.com/php/php-src/blob/1684c52a88d1429cf19d4927fe2edf7ff37c66be/Zend/zend_exceptions.c#L257

When the exception is created, it calls the internal implementation of debug_backtrace, passing either DEBUG_BACKTRACE_IGNORE_ARGS or 0 (which is why it never captures $this). The result is then stored in the private $trace property, to be used by whatever wants it later.

zend.exception_string_param_max_len, on the other hand, is used only in zend_trace_to_string - i.e. when converting the stored trace for display, or on call to the getTraceAsString() method. It has no effect if zend.exception_ignore_args was set to 1 when the exception was created, because the 'args' key won't be there to display.

It might be useful to have a "middle way" for both debug_backtrace() and exception traces which directly summarised the arguments in some way, and stored only that summary, thus limiting the performance and side-effects of capturing the original values. This wouldn't solve the sensitive information problem, though, so I'm not sure how good an idea it would be.


-- 
Rowan Tommins
[IMSoP]
--------------63GIeJ2QxRln0uj4GpXZiFwH--