php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78151 Segfault caused by indirect expressions in PHP 7.4a1
Submitted: 2019-06-12 19:54 UTC Modified: 2019-06-13 06:06 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jfcherng at gmail dot com Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: Next Minor Version OS: Win7 x64
Private report: No CVE-ID: None
 [2019-06-12 19:54 UTC] jfcherng at gmail dot com
Description:
------------
I downloaded the PHP 7.4 alpha 1 release from "https://windows.php.net/downloads/qa/php-7.4.0alpha1-nts-Win32-vs16-x64.zip" and decompressed it without any modification (I did not even create a php.ini).

I then ran the attached test script with the PHP QA release ( $ php.exe test.php ) and got a segfault. I *cannot* reproduce this issue on my CentOS machine somehow.


Test script:
---------------
<?php

class Arr
{
    private $foo = '';

    public function __construct(array $array = [])
    {
        $property = 'foo';

        // segfault in PHP 7.4.0alpha1 but is fine in PHP 7.3.7RC1
        $this->{$property} = &$array[$property];

        // this is fine in both PHP versions
        // $this->foo = &$array[$property];

        \var_dump($this->foo);
    }
}

$arr = new Arr(['foo' => 'bar']);


Expected result:
----------------
string(3) "bar"

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-06-12 20:01 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2019-06-12 20:01 UTC] nikic@php.net
Also repros on Ubuntu for me.
 [2019-06-12 20:46 UTC] krakjoe@php.net
Test added, first CI build that includes it is: https://dev.azure.com/phpazuredevops/PHP/_build/results?buildId=172
 [2019-06-13 05:41 UTC] krakjoe@php.net
Bisected ...

Okay at: 3820296c42e146cc080bc24314ccdfdd700e743e

Fault introduced by merge: dbd1ecd09f26015451063c6d545c9ab929a12129

Revert of be74ca497680ef544af1f650fe4717a3e0d0af67 fixes fault
 [2019-06-13 06:06 UTC] krakjoe@php.net
-Assigned To: +Assigned To: dmitry
 [2019-06-13 06:06 UTC] krakjoe@php.net
My mistake, a95014dc101756d93696c5c283578302a8334edd is the bad commit ...
 [2019-06-13 07:38 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b64107531b35e9bc2312cd1ed8c030782e7841d8
Log: Fixed bug #78151
 [2019-06-13 07:38 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 16:01:28 2024 UTC