php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65035 yield / exit segfault
Submitted: 2013-06-13 22:50 UTC Modified: 2013-06-29 20:01 UTC
From: ryan dot brothers at gmail dot com Assigned: nikic
Status: Closed Package: Reproducible crash
PHP Version: 5.5Git-2013-06-13 (snap) OS: Linux
Private report: No CVE-ID:
 [2013-06-13 22:50 UTC] ryan dot brothers at gmail dot com
Description:
------------
The following script causes a segfault.  It is occurring when exit is called in a function that is called from a generator function.

Test script:
---------------
<?php
function f1()
{
    f2();

    $i = 0;

    yield $i;
}

function f2()
{
    exit;
}

$rows = f1();

foreach ($rows as $row)
{

}


Expected result:
----------------
Script exits with no output.

Actual result:
--------------
[Thu Jun 13 18:44:50 2013]  Script:  '/tmp/test.php'
---------------------------------------
/usr/local/src/php5.5-201306132030/Zend/zend_execute.h(196) : Block 0x7f7b17658d28 status:
Beginning:      Freed
    Start:      OK
      End:      Overflown (magic=0x0000005A instead of 0xEAF0B464)
                At least 4 bytes overflown
---------------------------------------


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-13 23:00 UTC] aharvey@php.net
-Status: Open +Status: Verified
 [2013-06-13 23:00 UTC] aharvey@php.net
Confirmed on a current 5.5 build. Backtrace:

#0  0x0000000000a7d621 in zend_vm_stack_destroy ()
    at /home/adamh/trees/php-src/5.5/Zend/zend_execute.h:195
#1  0x0000000000a7e092 in shutdown_executor ()
    at /home/adamh/trees/php-src/5.5/Zend/zend_execute_API.c:295
#2  0x0000000000a92e4a in zend_deactivate () at /home/adamh/trees/php-
src/5.5/Zend/zend.c:939
#3  0x00000000009fb079 in php_request_shutdown (dummy=0x0)
    at /home/adamh/trees/php-src/5.5/main/main.c:1800
#4  0x0000000000b431d0 in do_cli (argc=2, argv=0x13ae240)
    at /home/adamh/trees/php-src/5.5/sapi/cli/php_cli.c:1176
#5  0x0000000000b43a65 in main (argc=2, argv=0x13ae240)
    at /home/adamh/trees/php-src/5.5/sapi/cli/php_cli.c:1377
 [2013-06-14 08:06 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2013-06-29 20:01 UTC] nikic@php.net
-Status: Verified +Status: Closed
 [2013-06-29 20:01 UTC] nikic@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 13:02:46 2014 UTC