php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72767 PHP Segfaults when trying to expand an infinite operator
Submitted: 2016-08-05 15:25 UTC Modified: 2016-08-05 16:31 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: danack@php.net Assigned: nikic (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0.9 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: danack@php.net
New email:
PHP Version: OS:

 

 [2016-08-05 15:25 UTC] danack@php.net 
Description:
------------
PHP Segfaults when trying to expand an infinite operator

Test script:
---------------
$iterator = new InfiniteIterator(new ArrayIterator([0, 1, 2, 3, 4]));
var_dump(...$iterator);

echo "Still alive!";

Expected result:
----------------
Something sensible, either the script aborting to lack of memory, or otherwise shutting down cleanly.

Actual result:
--------------
Segfaults apparently https://3v4l.org/6IRrp/segfault#tabs

/usr/bin/php-7.0.0(zend_call_function+0x1c6)[0x72b196]
/usr/bin/php-7.0.0(zend_call_method+0x22e)[0x754f2e]
/usr/bin/php-7.0.0(zend_user_it_move_forward+0x37)[0x755457]
/usr/bin/php-7.0.0[0x7c5e8b]
/usr/bin/php-7.0.0(execute_ex+0x1b)[0x77617b]
/usr/bin/php-7.0.0(zend_execute+0x1a7)[0x7c7e37]
/usr/bin/php-7.0.0(zend_execute_scripts+0xb4)[0x739484]
/usr/bin/php-7.0.0(php_execute_script+0x280)[0x6dd2e0]
/usr/bin/php-7.0.0[0x7c9a54]
/usr/bin/php-7.0.0[0x434198]
/usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7fd7c1dd2741]
/usr/bin/php-7.0.0(_start+0x29)[0x4342d9]

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-05 16:31 UTC] nikic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: nikic
 [2016-08-05 16:31 UTC] nikic@php.net 
This is not just an infinite iterator issue, it's a problem occurring for sufficiently large iterators. I think we forget to update vm_stack_top/end when switching stack frames.
 [2016-08-05 17:58 UTC] nikic@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=807e81937b290ddb71152196aae3bbaca9a53c7e
Log: Fix bug #72767
 [2016-08-05 17:58 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2016-10-17 10:10 UTC] bwoebi@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=807e81937b290ddb71152196aae3bbaca9a53c7e
Log: Fix bug #72767
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Dec 03 17:01:29 2024 UTC