php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31478 SegFault/Memory Leak with empty()
Submitted: 2005-01-10 22:55 UTC Modified: 2005-01-11 22:17 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: the_deppchef at hotmail dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2005-01-12 OS: *
Private report: No CVE-ID:
 [2005-01-10 22:55 UTC] the_deppchef at hotmail dot com
Description:
------------
Well, reading the manual about empty() you should think it checks whether the given variable is set before it checks whether it is empty. 
(Given example there: 
if (empty($var)) {
   echo '$var is either 0, empty, or not set at all';
})
However, when $var really is not set, i get a Memory Leak (in a big script). I reduced the script to the code below and now even get a Segmentation fault.

Reproduce code:
---------------
<?php
if(empty($foo)){
	echo 'empty';
}else{
	echo 'not empty';
}
?>

Expected result:
----------------
Echoing "empty" and nothing else.

Actual result:
--------------
Echoing "empty"
Valgrind says: http://tdc.medieval-wars.de/valgrind.txt.pid27963
Probably most important:
==27963== Process terminating with default action of signal 11 (SIGSEGV)
==27963==  Access not within mapped region at address 0xF45
==27963==    at 0x81EDD17: zend_execute_scripts (/home/necmon/php5-200501101930/Zend/zend.c:1059)
==27963==    by 0x819E50D: php_execute_script (/home/necmon/php5-200501101930/main/main.c:1636)
==27963==    by 0x8277DAE: main (/home/necmon/php5-200501101930/sapi/cli/php_cli.c:944)

(Note: this does NOT only happen with the cli version!)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-10 23:27 UTC] sniper@php.net
Starting program: /usr/src/web/php/php5/sapi/cli/php t.php

Program received signal SIGSEGV, Segmentation fault.
0x08143e43 in execute (op_array=0x8221eb4) at zend_vm_execute.h:78
78                      if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) bt
#0  0x08143e43 in execute (op_array=0x8221eb4) at zend_vm_execute.h:78
#1  0x08121053 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/web/php/php5/Zend/zend.c:1058
#2  0x080e1601 in php_execute_script (primary_file=0xbfffd8c0)
    at /usr/src/web/php/php5/main/main.c:1636
#3  0x08190f51 in main (argc=2, argv=0xbfffd954)
    at /usr/src/web/php/php5/sapi/cli/php_cli.c:944
#4  0x42015704 in __libc_start_main () from /lib/tls/libc.so.6

 [2005-01-11 22:17 UTC] moriyoshi@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 13:02:15 2014 UTC