php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68057 Incorrect parsing of big arrays in PHP 5.6.0
Submitted: 2014-09-19 18:20 UTC Modified: 2015-03-23 17:51 UTC
Votes:30
Avg. Score:4.8 ± 0.6
Reproduced:25 of 27 (92.6%)
Same Version:22 (88.0%)
Same OS:21 (84.0%)
From: vostreltsov at gmail dot com Assigned: bwoebi (profile)
Status: Wont fix Package: Arrays related
PHP Version: 5.6.0 OS: Linux
Private report: No CVE-ID: None
 [2014-09-19 18:20 UTC] vostreltsov at gmail dot com
Description:
------------
So in my project I have an auto-generated lexer, it contains a big array. I created a simplified script that reproduces the bug.

There are 65538 integers and it looks like something overflows inside PHP. The var_dump call ouputs an array of only the last 2 numbers.

Removing last 2 numbers yields an empty array.

If I remove last 3 numbers, the output stops at key 32766, that is 32767 values.

Test script:
---------------
http://filebin.ca/1atoDItGZU2A

Expected result:
----------------
All of 65538 integers

Actual result:
--------------
array(2) {
  [0]=>
  int(0)
  [1]=>
  int(0)
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-19 18:25 UTC] vostreltsov at gmail dot com
Forgot to mention that the problem appeared after upgrading from 5.5.X (don't remember the exact version) to 5.6.0.
 [2014-09-19 18:45 UTC] mamontov dot dp at gmail dot com
Confirmed in Windows 8, using x86 non-thread-safe build.
 [2014-09-19 18:55 UTC] nikic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bwoebi
 [2014-09-19 18:55 UTC] nikic@php.net
Constant expression AST uses ushort child count in 5.6, which is overflowing here.
 [2014-11-14 08:18 UTC] vostreltsov at gmail dot com
Any progress on this issue? Changing ushort to uint looks easy to do.
 [2015-03-23 17:51 UTC] bwoebi@php.net
-Status: Assigned +Status: Wont fix
 [2015-03-23 17:51 UTC] bwoebi@php.net
Fixing this is an ABI break (so not really possible for 5.6.x). It's fixed in master (PHP 7+) though.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 23 15:02:14 2024 UTC