php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68057 Incorrect parsing of big arrays in PHP 5.6.0
Submitted: 2014-09-19 18:20 UTC Modified: 2015-03-23 17:51 UTC
Votes:30
Avg. Score:4.8 ± 0.6
Reproduced:25 of 27 (92.6%)
Same Version:22 (88.0%)
Same OS:21 (84.0%)
From: vostreltsov at gmail dot com Assigned: bwoebi (profile)
Status: Wont fix Package: Arrays related
PHP Version: 5.6.0 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: vostreltsov at gmail dot com
New email:
PHP Version: OS:

 

 [2014-09-19 18:20 UTC] vostreltsov at gmail dot com
Description:
------------
So in my project I have an auto-generated lexer, it contains a big array. I created a simplified script that reproduces the bug.

There are 65538 integers and it looks like something overflows inside PHP. The var_dump call ouputs an array of only the last 2 numbers.

Removing last 2 numbers yields an empty array.

If I remove last 3 numbers, the output stops at key 32766, that is 32767 values.

Test script:
---------------
http://filebin.ca/1atoDItGZU2A

Expected result:
----------------
All of 65538 integers

Actual result:
--------------
array(2) {
  [0]=>
  int(0)
  [1]=>
  int(0)
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-19 18:25 UTC] vostreltsov at gmail dot com
Forgot to mention that the problem appeared after upgrading from 5.5.X (don't remember the exact version) to 5.6.0.
 [2014-09-19 18:45 UTC] mamontov dot dp at gmail dot com
Confirmed in Windows 8, using x86 non-thread-safe build.
 [2014-09-19 18:55 UTC] nikic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bwoebi
 [2014-09-19 18:55 UTC] nikic@php.net
Constant expression AST uses ushort child count in 5.6, which is overflowing here.
 [2014-11-14 08:18 UTC] vostreltsov at gmail dot com
Any progress on this issue? Changing ushort to uint looks easy to do.
 [2015-03-23 17:51 UTC] bwoebi@php.net
-Status: Assigned +Status: Wont fix
 [2015-03-23 17:51 UTC] bwoebi@php.net
Fixing this is an ABI break (so not really possible for 5.6.x). It's fixed in master (PHP 7+) though.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Apr 14 02:01:24 2021 UTC