php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70111 Segfault when a function uses both an explicit return type and an explicit cast
Submitted: 2015-07-22 10:31 UTC Modified: 2015-07-22 19:59 UTC
From: malte dot skoruppa at gmail dot com Assigned: laruence (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.0Git-2015-07-22 (Git) OS: Ubuntu 14.04 LTS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: malte dot skoruppa at gmail dot com
New email:
PHP Version: OS:

 

 [2015-07-22 10:31 UTC] malte dot skoruppa at gmail dot com 
Description:
------------
When a function both
* specifies an explicit return type
* AND uses an explicit cast of the return value,
then the PHP interpreter segfaults non-deterministically with high probability.

To reproduce, execute the following script with the PHP interpreter several times in a row. Sometimes it works, sometimes it segfaults.


Test script:
---------------
<?php

foo();

function foo() : string {
  return (string) 42;
}


Expected result:
----------------
PHP interpreter should not crash, no matter how many times the script is run.


Actual result:
--------------
The PHP interpreter segfaults when running this script. Not always, but very often:

$ php crash.php
Segmentation fault (core dumped)


gdb backtrace:

Core was generated by `php crash.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x0000000000888c20 in execute_ex (ex=0x7fa8daa14030) at /home/malte/php7/php-src/Zend/zend_vm_execute.h:406
#2  0x0000000000888d32 in zend_execute (op_array=0x7fa8daa75100, return_value=0x0) at /home/malte/php7/php-src/Zend/zend_vm_execute.h:450
#3  0x000000000082ee86 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/malte/php7/php-src/Zend/zend.c:1399
#4  0x000000000079aefc in php_execute_script (primary_file=0x7ffdb976c850) at /home/malte/php7/php-src/main/main.c:2475
#5  0x00000000008ec6ac in do_cli (argc=2, argv=0x2f6b0e0) at /home/malte/php7/php-src/sapi/cli/php_cli.c:971
#6  0x00000000008ed870 in main (argc=2, argv=0x2f6b0e0) at /home/malte/php7/php-src/sapi/cli/php_cli.c:1338

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-22 11:30 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2015-07-22 11:30 UTC] laruence@php.net 
this is an opcache issue...
 [2015-07-22 14:48 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3e479ef424b2193f41a28fda18bde076a79ea71e
Log: Fixed bug #70111 (Segfault when a function uses both an explicit return type and an explicit cast)
 [2015-07-22 14:48 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2015-07-22 19:59 UTC] malte dot skoruppa at gmail dot com 
Great! That was incredibly fast. :)

Please note that the bug did not happen everytime (especially the first 1-2 times when executing the script), so the test case you added might randomly pass even if the bug reappears. Is there a facility to run the regresstion test more than once?
 [2015-08-04 20:54 UTC] ab@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3e479ef424b2193f41a28fda18bde076a79ea71e
Log: Fixed bug #70111 (Segfault when a function uses both an explicit return type and an explicit cast)
 [2016-07-20 11:37 UTC] davey@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3e479ef424b2193f41a28fda18bde076a79ea71e
Log: Fixed bug #70111 (Segfault when a function uses both an explicit return type and an explicit cast)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC