Problem/Motivation

If a module contains an empty libraries.yml file, LibraryDiscoveryParser::parseLibraryInfo() passes NULL to hook_library_info_alter implementations. If any implementation type hints the $libraries parameter as an array, a fatal error occurs:

TypeError: Argument 1 passed to locale_library_info_alter() must be of the type array, null given, called in web/core/lib/Drupal/Core/Extension/ModuleHandler.php on line 539 in locale_library_info_alter() (line 592 of core/modules/locale/locale.module).

Since library definitions are normally only loaded when a library from the module is attached to the page, this error may not occur in normal operation. However, the Content Security Policy Module needs to enumerate all library definitions for a site, resulting in files that wouldn't otherwise be accessed getting parsed.

Steps to reproduce

  1. Create an empty libraries.yml file in a module
  2. Enable the locale module, which type hints locale_library_info_alter()
  3. Enable csp.module and clear caches
  4. Load any page on the site

Proposed resolution

Check that the result of parsing libraries.yml file is not NULL

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

CommentFileSizeAuthor
#15 Screenshot from 2020-08-31 17-56-04.png240.45 KBthalles
#13 drupal-3167036-13.patch2.17 KBgapple
#13 drupal-3167036-13-test-only.patch1.39 KBgapple
#7 Screenshot from 2020-08-25 12-22-19.png296.34 KBanu.a_95
#7 Screenshot from 2020-08-25 12-22-10.png128.83 KBanu.a_95
#2 drupal-3167036-2.patch799 bytesgapple
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

gapple created an issue. See original summary.

gapple’s picture

gapple
he/they
Primary language English
CreditAttribution: gapple as a volunteer commented
Status: Active » Needs review
Issue tags: +Contributed project blocker
FileSize
drupal-3167036-2.patch799 bytes

Null Coalesce operator makes this a short fix for D9

gapple’s picture

gapple
he/they
Primary language English
CreditAttribution: gapple as a volunteer commented

Please give credit to @rang501 for providing the steps to reproduce in #3109201: null passed to hook_library_info_alter() after module installed causes fatal error

jaredsmith’s picture

jaredsmith CreditAttribution: jaredsmith as a volunteer commented

Looks good to me... simple one-line patch.

cilefen’s picture

cilefen CreditAttribution: cilefen commented

Is an empty file a valid YAML file?

poorva’s picture

poorva CreditAttribution: poorva as a volunteer and commented

It looks good but is this valid? an empty file should not be the part of module.

anu.a_95’s picture

anu.a_95 CreditAttribution: anu.a_95 at Zyxware Technologies commented
FileSize
Screenshot from 2020-08-25 12-22-10.png128.83 KB
Screenshot from 2020-08-25 12-22-19.png296.34 KB

Was not able to reproduce the issue

[ Drupal 9.1.x-dev, PHP 7.3, MySQL 5.7.29 ]

I have followed the steps

  • Created an empty libraries.yml file in a module and installed it
  • Enabled Content Security Policy module and cleared caches
  • Load different pages

I didn't get any errors as specified in the issue. When I checked the log messages, I found some warnings and for reference they are attached here.

warning list

Warning

gapple’s picture

gapple
he/they
Primary language English
CreditAttribution: gapple as a volunteer commented
Issue summary: View changes

@anu.a_zyxware I've updated the repro steps - the fatal error also requires enabling a module that type hints its hook_library_info_alter() implementation, such as locale.module. I tested using the demo_umami profile, which has locale enabled.
The warning you posted is caused be the same issue - the same null is being passed to a `foreach`.

----

YAML can serialize / parse scalar values, so false, an empty array (serialized to {}), and an empty file (parsed to NULL) are all valid as the sole contents of a file.

The contents of *.libraries.yml is currently never validated against a schema, so as long as it parses as valid YAML any other issues with the contents are only exposed when code tries to use it.
Modules probably shouldn't have an empty libraries file, so there's an argument for throwing InvalidDataTypeException like is done if the YAML cannot be parsed, but I don't see any harm in converting it to an empty array.

joelpittet’s picture

joelpittet
Primary language English
Location Vancouver
CreditAttribution: joelpittet as a volunteer and at The University of British Columbia commented
Status: Needs review » Reviewed & tested by the community

Considering this function is supposed to return an array, and an empty libraries.yml shouldn't cause a fatal

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented
Status: Reviewed & tested by the community » Needs work
Issue tags: +Needs tests

Thanks folks, can we get a simple test here that demonstrates that the issue is resolved.

Should be able to follow @gapple's instructions in #8 to mimic the conditions

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented
Issue tags: +Bug Smash Initiative
anu.a_95’s picture

anu.a_95 CreditAttribution: anu.a_95 at Zyxware Technologies commented

Applied patch #3

Reproduced issue by installing a Drupal 9.1.x-dev instance with Umami profile for demonstration purpose (Since the fatal error also requires enabling a module that type hints its hook_library_info_alter() implementation, such as locale.module which is already enabled in umami -- as updated by the reporter in #8) and adding an empty libraries.yml file to a module and later installed and enabled csp module. The website won't load further.

The error log of apache shows an error as specified in the issue description.

After applying the patch, the website worked normally. Didn't find any other issue related to the application of the patch,

gapple’s picture

gapple
he/they
Primary language English
CreditAttribution: gapple as a volunteer commented
Status: Needs work » Needs review
FileSize
drupal-3167036-13-test-only.patch1.39 KB
drupal-3167036-13.patch2.17 KB

The test failed for me locally due to the PHP warning being raised, even before getting to the assertion.

The last submitted patch, 13: drupal-3167036-13-test-only.patch, failed testing. View results

thalles’s picture

thalles
Primary language Portuguese, Brazil
Location Teófilo Otoni - MG
CreditAttribution: thalles at CI&T commented
Status: Needs review » Reviewed & tested by the community
FileSize
Screenshot from 2020-08-31 17-56-04.png240.45 KB

After #13 works fine to me!
But before #13:

  • catch committed 863b2b3 on 9.1.x 
    Issue #3167036 by gapple, anu.a_zyxware, thalles, larowlan: Empty *....

  • catch committed 1d77816 on 9.0.x 
    Issue #3167036 by gapple, anu.a_zyxware, thalles, larowlan: Empty *....
catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch at Third and Grove commented
Status: Reviewed & tested by the community » Fixed
Issue tags: -Needs tests

Committed/pushed to 9.1.x and cherry-picked back to 8.9.x, thanks!

  • catch committed e1968a3 on 8.9.x 
    Issue #3167036 by gapple, anu.a_zyxware, thalles, larowlan: Empty *....
rodrigoaguilera’s picture

rodrigoaguilera
Primary language Spanish
Location Madrid
CreditAttribution: rodrigoaguilera at Amazee Labs for Amazee Labs commented
Status: Reviewed & tested by the community » Fixed

I think this is fixed now

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.