php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #71094 readline_completion_function corrupts static array on (second) TAB
Submitted: 2015-12-11 14:54 UTC Modified: 2015-12-11 15:19 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: ml at visu dot li Assigned: nikic (profile)
Status: Closed Package: Readline related
PHP Version: 7.0.0 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ml at visu dot li
New email:
PHP Version: OS:

 

 [2015-12-11 14:54 UTC] ml at visu dot li 
Description:
------------
Module: readline
Function: readline_completion_function
Version: PHP 7.0.0 (cli) (built: Dec  9 2015 16:07:56) ( NTS )

In PHP7 a static array containing possible matches for the readline completion that is returned gets corrupted on the second <TAB>.

If this static array of possible matches contains a string with a length of >= 16, it is changed to "Closure::__invoke".

Other values in the array might simply disappear. (See Test Script Results)

Works fine with PHP5 (5.6.12-0+deb8u1), broken in PHP7.

I'm not an expert in gdb or debugging of C programs, so please forgive me for not adding a gdb backtrace.

Test script:
---------------
<?php
error_reporting(E_ALL);

readline_completion_function(function() {
    static $possible_matches = array(
        'sixteencharacter', // 16 characters or a longer string
        '1',
        '2',
        '3',
        '4',
        '5',
    );

    var_dump($possible_matches);

    return $possible_matches;
});

readline();

Expected result:
----------------
array(6) {
  [0] =>
  string(16) "sixteencharacter"
  [1] =>
  string(1) "1"
  [2] =>
  string(1) "2"
  [3] =>
  string(1) "3"
  [4] =>
  string(1) "4"
  [5] =>
  string(1) "5"
}
array(6) {
  [0] =>
  string(16) "sixteencharacter"
  [1] =>
  string(1) "1"
  [2] =>
  string(1) "2"
  [3] =>
  string(1) "3"
  [4] =>
  string(1) "4"
  [5] =>
  string(1) "5"
}

1                2                3                4                5                sixteencharacter

Actual result:
--------------
array(6) {
  [0]=>
  string(16) "sixteencharacter"
  [1]=>
  string(1) "1"
  [2]=>
  string(1) "2"
  [3]=>
  string(1) "3"
  [4]=>
  string(1) "4"
  [5]=>
  string(1) "5"
}
array(6) {
  [0]=>
  string(17) "Closure::__invoke"
  [1]=>
  string(1) "1"
  [2]=>
  string(1) "2"
  [3]=>
  string(1) "3"
  [4]=>
  string(1) "4"
  [5]=>
  string(0) ""
}

                   1                  2                  3                  4                  Closure::__invoke

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-11 14:58 UTC] ml at visu dot li 
About the Expected and Actual results:

1st TAB click. Outputs var_dump of $possible_matches array.
2nd TAB click. Outputs var_dump of CORRUPTED $possible_matches array.
At the end the possible matches are printed.

So it's basically running the script and hitting TAB twice.
 [2015-12-11 15:19 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2015-12-11 15:19 UTC] nikic@php.net 
zval_dtor instead of zval_ptr_dtor on line http://lxr.php.net/xref/PHP_MASTER/ext/readline/readline.c#508.
 [2015-12-11 15:34 UTC] nikic@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=04407b79dfa41a38a6bce3823b3f80eab9ce3ae8
Log: Fixed bug #71094
 [2015-12-11 15:34 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2016-07-20 11:34 UTC] davey@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=04407b79dfa41a38a6bce3823b3f80eab9ce3ae8
Log: Fixed bug #71094
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 30 00:01:33 2025 UTC