php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68057 Incorrect parsing of big arrays in PHP 5.6.0
Submitted: 2014-09-19 18:20 UTC Modified: 2015-03-23 17:51 UTC
Votes:30
Avg. Score:4.8 ± 0.6
Reproduced:25 of 27 (92.6%)
Same Version:22 (88.0%)
Same OS:21 (84.0%)
From: vostreltsov at gmail dot com Assigned: bwoebi (profile)
Status: Wont fix Package: Arrays related
PHP Version: 5.6.0 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: vostreltsov at gmail dot com
New email:
PHP Version: OS:

 

 [2014-09-19 18:20 UTC] vostreltsov at gmail dot com 
Description:
------------
So in my project I have an auto-generated lexer, it contains a big array. I created a simplified script that reproduces the bug.

There are 65538 integers and it looks like something overflows inside PHP. The var_dump call ouputs an array of only the last 2 numbers.

Removing last 2 numbers yields an empty array.

If I remove last 3 numbers, the output stops at key 32766, that is 32767 values.

Test script:
---------------
http://filebin.ca/1atoDItGZU2A

Expected result:
----------------
All of 65538 integers

Actual result:
--------------
array(2) {
  [0]=>
  int(0)
  [1]=>
  int(0)
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-19 18:25 UTC] vostreltsov at gmail dot com 
Forgot to mention that the problem appeared after upgrading from 5.5.X (don't remember the exact version) to 5.6.0.
 [2014-09-19 18:45 UTC] mamontov dot dp at gmail dot com 
Confirmed in Windows 8, using x86 non-thread-safe build.
 [2014-09-19 18:55 UTC] nikic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bwoebi
 [2014-09-19 18:55 UTC] nikic@php.net 
Constant expression AST uses ushort child count in 5.6, which is overflowing here.
 [2014-11-14 08:18 UTC] vostreltsov at gmail dot com 
Any progress on this issue? Changing ushort to uint looks easy to do.
 [2014-11-16 04:23 UTC] requinix@php.net 
Related To: Bug #68427
 [2015-03-23 17:51 UTC] bwoebi@php.net
-Status: Assigned +Status: Wont fix
 [2015-03-23 17:51 UTC] bwoebi@php.net 
Fixing this is an ABI break (so not really possible for 5.6.x). It's fixed in master (PHP 7+) though.
 [2016-10-14 14:23 UTC] requinix@php.net 
Related To: Bug #73321
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 23 01:01:33 2024 UTC