profiling: guard against NULL file in timeline error observer

ddog_php_prof_zend_error_observer dereferenced the error file pointer
without a NULL check. When an uncaught exception with a NULL file location
is reported as a fatal error, the engine calls the error observer with
file=NULL (location "Unknown"); on PHP 8.0 the observer receives a raw C
string and CStr::from_ptr(NULL) segfaulted in strlen().

This crashed any PHP 8.0 CLI process with the profiler loaded and timeline
enabled (the default) whenever such a fatal error occurred, e.g. the
upstream tests Zend/tests/bug50005.phpt and Zend/tests/bug64821.3.phpt
(both build an exception with a NULL file and throw it uncaught).

NULL-guard the file pointer (PHP 8.1+ already handled NULL via the
ZendString path). Add a regression test
profiling/tests/phpt/timeline_fatal_error_null_filename.phpt. Verified the
crash is gone on 8.0 ZTS and no regression on 8.4.

Author: realFlowControl

profiling/src/timeline.rs

@@ -245,12 +245,23 @@ unsafe extern "C" fn ddog_php_prof_zend_error_observer(
         return;
     }
 
+    // The engine passes a NULL file for fatal errors with no active file
+    // location, e.g. an uncaught exception reported via zend_exception_error
+    // (`zend_error_va(..., file=NULL, ...)`). CStr::from_ptr(NULL) would
+    // strlen(NULL) and segfault, so guard against it. See
+    // Zend/tests/bug50005.phpt and Zend/tests/bug64821.3.phpt.
     #[cfg(zend_error_observer_80)]
-    let filename_str = unsafe { core::ffi::CStr::from_ptr(file) };
+    let filename = if file.is_null() {
+        String::new()
+    } else {
+        unsafe { core::ffi::CStr::from_ptr(file) }
+            .to_string_lossy()
+            .into_owned()
+    };
     #[cfg(not(zend_error_observer_80))]
-    let filename_str = unsafe { zai_str_from_zstr(file.as_mut()) };
-
-    let filename = filename_str.to_string_lossy().into_owned();
+    let filename = unsafe { zai_str_from_zstr(file.as_mut()) }
+        .to_string_lossy()
+        .into_owned();
 
     let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
     if let Some(profiler) = Profiler::get() {

profiling/tests/phpt/timeline_fatal_error_null_filename.phpt

@@ -0,0 +1,46 @@
+--TEST--
+[profiling] fatal error with a NULL file location must not crash the timeline error observer
+--DESCRIPTION--
+Regression test for a NULL pointer dereference in the timeline error observer.
+
+When an uncaught exception whose `file` property is NULL is reported, the
+engine calls the error notification with file=NULL (location "Unknown"). The
+profiler's timeline error observer used to call CStr::from_ptr(NULL) (PHP 8.0,
+where the observer receives a raw C string), which segfaulted in strlen().
+
+Reproduces the upstream Zend/tests/bug50005.phpt and bug64821.3.phpt crashes
+that only triggered with the profiler loaded and timeline enabled.
+--SKIPIF--
+<?php
+if (!extension_loaded('datadog-profiling'))
+    echo "skip: test requires Datadog Continuous Profiler\n";
+// The crash is specific to PHP 8.0: the error observer receives a raw C
+// string there (NULL-unsafe), while 8.1+ gets a NULL-safe zend_string. Also,
+// Exception::$file became a typed `string` in 8.1, so `$this->file = null`
+// throws a TypeError and can no longer produce a NULL-file fatal at all.
+if (PHP_VERSION_ID < 80000 || PHP_VERSION_ID >= 80100)
+    echo "skip: NULL-file fatal error observer crash is specific to PHP 8.0\n";
+?>
+--ENV--
+DD_PROFILING_ENABLED=yes
+DD_PROFILING_TIMELINE_ENABLED=yes
+DD_PROFILING_ALLOCATION_ENABLED=no
+DD_PROFILING_EXCEPTION_ENABLED=no
+DD_PROFILING_LOG_LEVEL=off
+--FILE--
+<?php
+
+class a extends exception {
+    public function __construct() {
+        $this->file = null;
+    }
+}
+
+throw new a;
+
+?>
+--EXPECTF--
+Fatal error: Uncaught a in :%d
+Stack trace:
+#0 {main}
+  thrown in Unknown on line %d