|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2008-01-09 22:15 UTC] gjm76 at cornell dot edu
Description:
------------
I'm actually using PHP 5.2.5-pl1-gentoo, but the drop-down was not specific enough.
I don't think that my ./configure is really relevant, but if you have trouble reproducing I'll post it.
Regardless, when parsekit encounters a function whose parameters have initializers if they are unspecified, and they are bound to constants, php_parsekit_define_name_ex() is unable to find them in the lookup list and returns UNKNOWN for the 'constant' field of the op2 field for the opcode ZEND_RECV_INIT. This wouldn't necessarily be a problem, except that it is not technically bound as a string variable. It is actually not identified as a type at all by PHP, and results in a segmentation fault when it is parsed as a string (but other operations can be performed on it, specifically anything that would not incur a type-check).
Reproduce code:
---------------
define ('zero', 0);
function y($x = zero) {
return $x + 1;
}
$opcodes = parsekit_compile_file($_SERVER['PHP_SELF'], $errors, PARSEKIT_QUIET);
foreach ($opcodes['function_table'] as $func) {
foreach ($func['opcodes'] as $op) {
if ($op['opcode'] == PARSEKIT_ZEND_RECV_INIT)
var_dump($op);
}
}
Expected result:
----------------
["op1"]=>
array(3) {
["type"]=>
int(1)
["type_name"]=>
string(8) "IS_CONST"
["constant"]=>
&int(1)
}
["op2"]=>
array(3) {
["type"]=>
int(1)
["type_name"]=>
string(8) "IS_CONST"
["constant"]=>
&int(0) <--- This would be most useful as the constant name, i think. But value would be fine too.
}
Actual result:
--------------
(... earlier var_dump omitted ...)
["op1"]=>
array(3) {
["type"]=>
int(1)
["type_name"]=>
string(8) "IS_CONST"
["constant"]=>
&int(1)
}
["op2"]=>
array(3) {
["type"]=>
int(1)
["type_name"]=>
string(8) "IS_CONST"
["constant"]=>
&UNKNOWN:0 <--- This is untyped and may be a wild pointer. It causes a segfault when a typecast happens.
}
(... var_dump continues ...)
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 06 04:00:02 2025 UTC |
Sorry it took me so long to get back to you on this. This code should reproduce the segfault, but if not I've also included a second variant that I had to use on the server I was testing on, but it was due to an unrelated issue, I hope, possibly dealing with using an alpha version of 5.3 or 6.0. The wrong function table was being used and it was complaining about trying to parse itself as a result (redeclaring the function y). test.php -------- <?php define ('zero', 0); function y($x = zero) { return $x + 1; } $opcodes = parsekit_compile_file($_SERVER['PHP_SELF'], $errors, PARSEKIT_QUIET); foreach ($opcodes['function_table'] as $func) { foreach ($func['opcodes'] as $op) { if ($op['opcode'] == PARSEKIT_ZEND_RECV_INIT) echo ($op['op2']['constant']."\n"); } } ?> Alternatively, in two separate files: test2.php --------- <?php define ('zero', 0); function y($x = zero) { return $x + 1; } ?> test.php -------- <?php $opcodes = parsekit_compile_file('test2.php', $errors, PARSEKIT_QUIET); foreach ($opcodes['function_table'] as $func) { foreach ($func['opcodes'] as $op) { if ($op['opcode'] == PARSEKIT_ZEND_RECV_INIT) echo ($op['op2']['constant']."\n"); } } ?>