PHP :: Bug #66751 :: php_strip_whitespace causes segmentation fault

Bug #66751

php_strip_whitespace causes segmentation fault

Submitted:

2014-02-21 12:01 UTC

Modified:

2014-04-13 02:00 UTC

Votes:	13
Avg. Score:	4.9 ± 0.3
Reproduced:	6 of 8 (75.0%)
Same Version:	2 (33.3%)
Same OS:	1 (16.7%)

From:

yu at hoaxster dot net

Assigned:

Status:

Duplicate

Package:

*General Issues

PHP Version:

5.6.0alpha2

OS:

OS X Mavericks

Private report:

CVE-ID:

None

View Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 21 + 8 = ?
Subscribe to this entry?

[2014-02-21 12:01 UTC] yu at hoaxster dot net

Description:
------------
php_strip_whitespace causes segmentation fault while parsing __CLASS__.

Test script:
---------------
# cat test.php
<?php __CLASS__ ?>

# php -r 'php_strip_whitespace(getcwd()."/test.php");'

Actual result:
--------------
[Fri Feb 21 20:57:50 2014]  Script:  '-'
---------------------------------------
/var/tmp/php-build/source/5.6.0alpha2/Zend/zend_highlight.c(214) : Block 0x10781c048 status:
Invalid pointer: ((size=0x0002b5a5) != (next.prev=0x444d4f4400000001))
Invalid pointer: ((prev=0x00000001) != (prev.size=0x0002b5a5))

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-02-24 19:54 UTC] krakjoe@php.net

This is a bit strange ...

diff --git a/Zend/zend_highlight.c b/Zend/zend_highlight.c
index e4f8d02..b961104 100644
--- a/Zend/zend_highlight.c
+++ b/Zend/zend_highlight.c
@@ -211,7 +211,8 @@ ZEND_API void zend_strip(TSRMLS_D)
                                        break;
 
                                default:
-                                       efree(token.value.str.val);
+                                       if (token.value.str.len)
+                                               efree(token.value.str.val);
                                        break;
                        }
                }

You wouldn't think this is necessary, so I won't submit this as a patch ...

Just a note really, I couldn't make this segfault but there is a call to efree an invalid pointer.

/me leaves this for someone else who has more of a clue ...

[2014-03-05 01:07 UTC] cidsphere at gmail dot com

I can reproduce this bug in php-5.6.0alpha3 on Ubuntu 13.10 with PHP compiled from source.

The function php_strip_whitespace is used in Composer to generate autoload file. I find it impossible to use Composer because of this bug.

[2014-03-24 13:27 UTC] ivan dot enderlin at hoa-project dot net

Any news from this bug?

[2014-04-13 02:00 UTC] tyrael@php.net

-Status: Open +Status: Duplicate

[2014-04-13 02:00 UTC] tyrael@php.net

I'm closing this, you can track the progress at the other bugreport: 
https://bugs.php.net/bug.php?id=66660

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 29 11:00:01 2025 UTC