php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #66751 php_strip_whitespace causes segmentation fault
Submitted: 2014-02-21 12:01 UTC Modified: 2014-04-13 02:00 UTC
Votes:13
Avg. Score:4.9 ± 0.3
Reproduced:6 of 8 (75.0%)
Same Version:2 (33.3%)
Same OS:1 (16.7%)
From: yu at hoaxster dot net Assigned:
Status: Duplicate Package: *General Issues
PHP Version: 5.6.0alpha2 OS: OS X Mavericks
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: yu at hoaxster dot net
New email:
PHP Version: OS:

 

 [2014-02-21 12:01 UTC] yu at hoaxster dot net 
Description:
------------
php_strip_whitespace causes segmentation fault while parsing __CLASS__.

Test script:
---------------
# cat test.php
<?php __CLASS__ ?>

# php -r 'php_strip_whitespace(getcwd()."/test.php");'

Actual result:
--------------
[Fri Feb 21 20:57:50 2014]  Script:  '-'
---------------------------------------
/var/tmp/php-build/source/5.6.0alpha2/Zend/zend_highlight.c(214) : Block 0x10781c048 status:
Invalid pointer: ((size=0x0002b5a5) != (next.prev=0x444d4f4400000001))
Invalid pointer: ((prev=0x00000001) != (prev.size=0x0002b5a5))

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-02-24 19:54 UTC] krakjoe@php.net 
This is a bit strange ...

diff --git a/Zend/zend_highlight.c b/Zend/zend_highlight.c
index e4f8d02..b961104 100644
--- a/Zend/zend_highlight.c
+++ b/Zend/zend_highlight.c
@@ -211,7 +211,8 @@ ZEND_API void zend_strip(TSRMLS_D)
                                        break;
 
                                default:
-                                       efree(token.value.str.val);
+                                       if (token.value.str.len)
+                                               efree(token.value.str.val);
                                        break;
                        }
                }

You wouldn't think this is necessary, so I won't submit this as a patch ...

Just a note really, I couldn't make this segfault but there is a call to efree an invalid pointer.

/me leaves this for someone else who has more of a clue ...
 [2014-03-05 01:07 UTC] cidsphere at gmail dot com 
I can reproduce this bug in php-5.6.0alpha3 on Ubuntu 13.10 with PHP compiled from source.

The function php_strip_whitespace is used in Composer to generate autoload file. I find it impossible to use Composer because of this bug.
 [2014-03-24 13:27 UTC] ivan dot enderlin at hoa-project dot net 
Any news from this bug?
 [2014-04-13 02:00 UTC] tyrael@php.net
-Status: Open +Status: Duplicate
 [2014-04-13 02:00 UTC] tyrael@php.net 
I'm closing this, you can track the progress at the other bugreport: 
https://bugs.php.net/bug.php?id=66660
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Apr 02 10:01:30 2025 UTC