PHP :: Bug #73168 :: segfault on creating array

Bug #73168	segfault on creating array
Submitted:	2016-09-25 14:53 UTC	Modified:	2016-09-26 06:38 UTC
From:	ryan dot brothers at gmail dot com	Assigned:
Status:	Duplicate	Package:	opcache
PHP Version:	7.1.0RC2	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ryan dot brothers at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2016-09-25 14:53 UTC] ryan dot brothers at gmail dot com

Description:
------------
This might be the same underlying issue as what I reported in bug 73156, but the backtrace was different, so I wanted to submit it separately if it's a different issue.

I am getting a segmentation fault on the below code in PHP 7.0 and 7.1 when using Opcache.  I am running on CentOS 7.  The segfault occurs when the array is created in file4.php.


Test script:
---------------
Please download and unzip the below link:

https://drive.google.com/uc?export=download&id=0B37DKbJklxg_VUZxNXlaeHJqYmM

and then run:

php -n -d zend_extension=opcache.so -d opcache.enable_cli=1 file1.php


Expected result:
----------------
No output


Actual result:
--------------
Segmentation fault

backtrace is:
Program received signal SIGSEGV, Segmentation fault.
zend_mm_alloc_small (size=<optimized out>, bin_num=6, heap=0x7fffee200040) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:1250
1250                    heap->free_slot[bin_num] = p->next_free_slot;
(gdb) bt
#0  zend_mm_alloc_small (size=<optimized out>, bin_num=6, heap=0x7fffee200040) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:1250
#1  zend_mm_alloc_heap (size=140737488330160, heap=0x7fffee200040) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:1321
#2  _emalloc (size=size@entry=56) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:2406
#3  0x000000000081fbe8 in zend_string_alloc (persistent=0, len=27) at /usr/local/src/php-7.1.0RC2/Zend/zend_string.h:122
#4  zend_string_init (persistent=0, len=27, str=0x7ffff7f85b0a "abcabcabcabcabcabcabcabcabc',\n      ),\n    ),\n  ),\n);\n")
    at /usr/local/src/php-7.1.0RC2/Zend/zend_string.h:158
#5  lex_scan (zendlval=zendlval@entry=0x7fffffff9d50) at Zend/zend_language_scanner.l:1990
#6  0x0000000000833beb in zendlex (elem=elem@entry=0x7fffffff9e10) at /usr/local/src/php-7.1.0RC2/Zend/zend_compile.c:1703
#7  0x00000000008175fe in zendparse () at /usr/local/src/php-7.1.0RC2/Zend/zend_language_parser.c:4214
#8  0x0000000000819f07 in zend_compile (type=type@entry=2) at Zend/zend_language_scanner.l:585
#9  0x000000000081b383 in compile_file (file_handle=0x7fffffffac30, type=8) at Zend/zend_language_scanner.l:633
#10 0x00000000006aef10 in phar_compile_file (file_handle=<optimized out>, type=<optimized out>)
    at /usr/local/src/php-7.1.0RC2/ext/phar/phar.c:3305
#11 0x00007fffe7a81e1c in opcache_compile_file (file_handle=file_handle@entry=0x7fffffffac30, type=type@entry=8,
    op_array_p=op_array_p@entry=0x7fffffffab48, key=<optimized out>) at /usr/local/src/php-7.1.0RC2/ext/opcache/ZendAccelerator.c:1513
#12 0x00007fffe7a83b6b in persistent_compile_file (file_handle=0x7fffffffac30, type=8)
    at /usr/local/src/php-7.1.0RC2/ext/opcache/ZendAccelerator.c:1832
#13 0x000000000081b475 in compile_filename (type=type@entry=8, filename=filename@entry=0x7fffd4786c40) at Zend/zend_language_scanner.l:660
#14 0x00000000008afb5a in zend_include_or_eval (inc_filename=0x7fffd4786c40, type=8) at /usr/local/src/php-7.1.0RC2/Zend/zend_execute.c:2835
#15 0x00000000008e4a81 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER () at /usr/local/src/php-7.1.0RC2/Zend/zend_vm_execute.h:3385
#16 0x0000000000896fbb in execute_ex (ex=<optimized out>) at /usr/local/src/php-7.1.0RC2/Zend/zend_vm_execute.h:429
#17 0x00000000008e9bf4 in zend_execute (op_array=0x7fffee281380, op_array@entry=0x7fffd4786d00,
    return_value=return_value@entry=0x7fffee213030) at /usr/local/src/php-7.1.0RC2/Zend/zend_vm_execute.h:474
#18 0x0000000000852874 in zend_execute_scripts (type=type@entry=8, retval=0x7fffee213030, retval@entry=0x0, file_count=file_count@entry=2)
    at /usr/local/src/php-7.1.0RC2/Zend/zend.c:1464
#19 0x00000000007f45ab in php_execute_script (primary_file=primary_file@entry=0x7fffffffd1b0) at /usr/local/src/php-7.1.0RC2/main/main.c:2530
#20 0x00000000008ebd8f in do_cli (argc=2, argv=0x11fdbd0) at /usr/local/src/php-7.1.0RC2/sapi/cli/php_cli.c:990
#21 0x000000000044dd50 in main (argc=2, argv=0x11fdbd0) at /usr/local/src/php-7.1.0RC2/sapi/cli/php_cli.c:1378

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-09-25 14:55 UTC] ryan dot brothers at gmail dot com

Related To: Bug #73156

[2016-09-26 06:38 UTC] laruence@php.net

-Status: Open +Status: Duplicate

[2016-09-26 06:38 UTC] laruence@php.net

dup to #73156

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 18:01:29 2024 UTC