PHP :: Bug #67801 :: PHPNG: SIGSEGV in zend_hash_index_find

Bug #67801

PHPNG: SIGSEGV in zend_hash_index_find_bucket (assigning values w/o key)

Submitted:

2014-08-06 21:32 UTC

Modified:

2014-08-15 11:52 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

bugs dot php dot net at majkl578 dot cz

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

master-Git-2014-08-06 (Git)

OS:

Debian

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bugs dot php dot net at majkl578 dot cz
New email:
PHP Version:		OS:

New Comment:

[2014-08-06 21:32 UTC] bugs dot php dot net at majkl578 dot cz

Description:
------------
While trying PHPNG, I encountered a strange segmentation fault while appending entries to an array. I'm providing full reproduce case as I was unable to isolate it in a smaller script.

The crash occurs in file Tester/Runner/Runner.php on line 83:
$running[] = $job = array_shift($this->jobs);

PHPNG built from 414762fc12 using clang.

Test script:
---------------
$ git clone git://github.com/nette/tester.git
$ cd tester/
$ git checkout 5d7e2b4f4
$ gdb --args /path/to/sapi/cli/php -n tests/Runner.annotations.phpt
(gdb) run

Expected result:
----------------
No segmentation fault.

Actual result:
--------------
#0  0x0000000000cc0fed in zend_hash_index_find_bucket (ht=0x7fffed034a30, h=8) at Zend/zend_hash.c:239
#1  0x0000000000cbd700 in _zend_hash_index_update_or_next_insert_i (ht=0x7fffed034a30, h=8, pData=0x15c6db0 <executor_globals>, flag=4, __zend_filename=0x12259ce "/build/php/php-src/Zend/zend_execute.c", 
    __zend_lineno=1124) at Zend/zend_hash.c:479
#2  0x0000000000cbdb2b in _zend_hash_next_index_insert (ht=0x7fffed034a30, pData=0x15c6db0 <executor_globals>, __zend_filename=0x12259ce "/build/php/php-src/Zend/zend_execute.c", __zend_lineno=1124)
    at Zend/zend_hash.c:543
#3  0x0000000000d5d32b in zend_fetch_dimension_address (result=0x7ffff7e88be0, container_ptr=0x7ffff7e88860, dim=0x0, dim_type=8, type=1, is_ref=0) at Zend/zend_execute.c:1124
#4  0x0000000000d5c037 in zend_fetch_dimension_address_W (result=0x7ffff7e88be0, container_ptr=0x7ffff7e88860, dim=0x0, dim_type=8) at Zend/zend_execute.c:1253
#5  0x0000000000d4ac64 in ZEND_ASSIGN_DIM_SPEC_CV_UNUSED_HANDLER (execute_data=0x7ffff7e887d0) at Zend/zend_vm_execute.h:38691
#6  0x0000000000cf659c in execute_ex (execute_data=0x7ffff7e887d0) at Zend/zend_vm_execute.h:354
#7  0x0000000000cf673b in zend_execute (op_array=0x7ffff7f83318, return_value=0x0) at Zend/zend_vm_execute.h:383
#8  0x0000000000ca7655 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at Zend/zend.c:1322
#9  0x0000000000bea53e in php_execute_script (primary_file=0x7fffffffe028) at main/main.c:2564
#10 0x0000000000d7f4f9 in do_cli (argc=2, argv=0x15cbce0) at sapi/cli/php_cli.c:980
#11 0x0000000000d7e369 in main (argc=2, argv=0x15cbce0) at sapi/cli/php_cli.c:1358

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-08-15 11:52 UTC] bugs dot php dot net at majkl578 dot cz

-Status: Open +Status: Closed

[2014-08-15 11:52 UTC] bugs dot php dot net at majkl578 dot cz

Seems to be fixed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 16:01:36 2025 UTC