php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66751 php_strip_whitespace causes segmentation fault
Submitted: 2014-02-21 12:01 UTC Modified: 2014-04-13 02:00 UTC
Votes:13
Avg. Score:4.9 ± 0.3
Reproduced:6 of 8 (75.0%)
Same Version:2 (33.3%)
Same OS:1 (16.7%)
From: yu at hoaxster dot net Assigned:
Status: Duplicate Package: *General Issues
PHP Version: 5.6.0alpha2 OS: OS X Mavericks
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: yu at hoaxster dot net
New email:
PHP Version: OS:

 

 [2014-02-21 12:01 UTC] yu at hoaxster dot net
Description:
------------
php_strip_whitespace causes segmentation fault while parsing __CLASS__.

Test script:
---------------
# cat test.php
<?php __CLASS__ ?>

# php -r 'php_strip_whitespace(getcwd()."/test.php");'

Actual result:
--------------
[Fri Feb 21 20:57:50 2014]  Script:  '-'
---------------------------------------
/var/tmp/php-build/source/5.6.0alpha2/Zend/zend_highlight.c(214) : Block 0x10781c048 status:
Invalid pointer: ((size=0x0002b5a5) != (next.prev=0x444d4f4400000001))
Invalid pointer: ((prev=0x00000001) != (prev.size=0x0002b5a5))

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-02-24 19:54 UTC] krakjoe@php.net
This is a bit strange ...

diff --git a/Zend/zend_highlight.c b/Zend/zend_highlight.c
index e4f8d02..b961104 100644
--- a/Zend/zend_highlight.c
+++ b/Zend/zend_highlight.c
@@ -211,7 +211,8 @@ ZEND_API void zend_strip(TSRMLS_D)
                                        break;
 
                                default:
-                                       efree(token.value.str.val);
+                                       if (token.value.str.len)
+                                               efree(token.value.str.val);
                                        break;
                        }
                }

You wouldn't think this is necessary, so I won't submit this as a patch ...

Just a note really, I couldn't make this segfault but there is a call to efree an invalid pointer.

/me leaves this for someone else who has more of a clue ...
 [2014-03-05 01:07 UTC] cidsphere at gmail dot com
I can reproduce this bug in php-5.6.0alpha3 on Ubuntu 13.10 with PHP compiled from source.

The function php_strip_whitespace is used in Composer to generate autoload file. I find it impossible to use Composer because of this bug.
 [2014-03-24 13:27 UTC] ivan dot enderlin at hoa-project dot net
Any news from this bug?
 [2014-04-13 02:00 UTC] tyrael@php.net
-Status: Open +Status: Duplicate
 [2014-04-13 02:00 UTC] tyrael@php.net
I'm closing this, you can track the progress at the other bugreport: 
https://bugs.php.net/bug.php?id=66660
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 08:01:27 2024 UTC