|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65035 yield / exit segfault
Submitted: 2013-06-13 22:50 UTC Modified: 2013-06-29 20:01 UTC
From: ryan dot brothers at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.5Git-2013-06-13 (snap) OS: Linux
Private report: No CVE-ID: None
 [2013-06-13 22:50 UTC] ryan dot brothers at gmail dot com
The following script causes a segfault.  It is occurring when exit is called in a function that is called from a generator function.

Test script:
function f1()

    $i = 0;

    yield $i;

function f2()

$rows = f1();

foreach ($rows as $row)


Expected result:
Script exits with no output.

Actual result:
[Thu Jun 13 18:44:50 2013]  Script:  '/tmp/test.php'
/usr/local/src/php5.5-201306132030/Zend/zend_execute.h(196) : Block 0x7f7b17658d28 status:
Beginning:      Freed
    Start:      OK
      End:      Overflown (magic=0x0000005A instead of 0xEAF0B464)
                At least 4 bytes overflown


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-13 23:00 UTC]
-Status: Open +Status: Verified
 [2013-06-13 23:00 UTC]
Confirmed on a current 5.5 build. Backtrace:

#0  0x0000000000a7d621 in zend_vm_stack_destroy ()
    at /home/adamh/trees/php-src/5.5/Zend/zend_execute.h:195
#1  0x0000000000a7e092 in shutdown_executor ()
    at /home/adamh/trees/php-src/5.5/Zend/zend_execute_API.c:295
#2  0x0000000000a92e4a in zend_deactivate () at /home/adamh/trees/php-
#3  0x00000000009fb079 in php_request_shutdown (dummy=0x0)
    at /home/adamh/trees/php-src/5.5/main/main.c:1800
#4  0x0000000000b431d0 in do_cli (argc=2, argv=0x13ae240)
    at /home/adamh/trees/php-src/5.5/sapi/cli/php_cli.c:1176
#5  0x0000000000b43a65 in main (argc=2, argv=0x13ae240)
    at /home/adamh/trees/php-src/5.5/sapi/cli/php_cli.c:1377
 [2013-06-14 08:06 UTC]
-Assigned To: +Assigned To: nikic
 [2013-06-29 20:01 UTC]
-Status: Verified +Status: Closed
 [2013-06-29 20:01 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Apr 24 03:01:29 2024 UTC