|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2015-12-24 13:11 UTC] rasmus@php.net
-Status: Open
+Status: Not a bug
[2015-12-24 13:11 UTC] rasmus@php.net
[2015-12-28 01:38 UTC] stas@php.net
-Type: Security
+Type: Bug
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Apr 26 20:01:29 2024 UTC |
Description: ------------ <?php function arraysSum(array ...$arrays): array { return array_map(function(array $array): int { return arrayssum($array); }, $arrays); } print_r(arraysSum([1,2,3], [4,5,6], [7,8,9])); The above file segfaults php 7.0.1 Actual result: -------------- (gdb) bt #0 0x00000000006e0b80 in zend_is_callable_ex (callable=0x7fffff7ff1c0, object=0x0, check_flags=8, callable_name=0x7fffff7ff120, fcc=0x7fffff7ff200, error=0x7fffff7ff128) at /home/omair/Desktop/php-7.0.1/php-7.0.1/Zend/zend_API.c:3344 #1 0x00000000006cbc51 in zend_call_function (fci=0x7fffff7ff1b0, fci_cache=0x7fffff7ff200) at /home/omair/Desktop/php-7.0.1/php-7.0.1/Zend/zend_execute_API.c:743 #2 0x000000000061460e in zif_array_map (execute_data=<optimized out>, return_value=0x7ffff59ec5c0) at /home/omair/Desktop/php-7.0.1/php-7.0.1/ext/standard/array.c:5264 #3 0x00000000007260e2 in ZEND_DO_ICALL_SPEC_HANDLER ( execute_data=0x7ffff59ec540) at /home/omair/Desktop/php-7.0.1/php-7.0.1/Zend/zend_vm_execute.h:586 #4 0x0000000000716cf0 in execute_ex (ex=<optimized out>) at /home/omair/Desktop/php-7.0.1/php-7.0.1/Zend/zend_vm_execute.h:417 #5 0x00000000006cbf6d in zend_call_function (fci=0x7fffff7ff450, fci_cache=0x7fffff7ff4a0) at /home/omair/Desktop/php-7.0.1/php-7.0.1/Zend/zend_execute_API.c:854 #6 0x000000000061460e in zif_array_map (execute_data=<optimized out>, return_value=0x7ffff59ec420) at /home/omair/Desktop/php-7.0.1/php-7.0.1/ext/standard/array.c:5264 #7 0x00000000007260e2 in ZEND_DO_ICALL_SPEC_HANDLER ( execute_data=0x7ffff59ec3a0) ---Type <return> to continue, or q <return> to quit---q at /home/omair/Desktop/php-7.0.1/php-7.0.1/ZendQuit (gdb) set disassembly-flavor intel (gdb) x/i $rip => 0x6e0b80 <zend_is_callable_ex+544>: mov QWORD PTR [rsp],r9 (gdb) i r rax 0x700ee0 7343840 rbx 0x7fffff7ff200 140737479963136 rcx 0x7fffff7ff120 140737479962912 rdx 0x8 8 rsi 0x0 0 rdi 0x7fffff7ff1c0 140737479963072 rbp 0x7fffff7ff120 0x7fffff7ff120 rsp 0x7fffff7feff0 0x7fffff7feff0 r8 0x7fffff7ff200 140737479963136 r9 0x7fffff7ff128 140737479962920 r10 0x7ffff564e770 140737310418800 r11 0x7ffff6a5b640 140737331443264 r12 0x7fffff7ff1c0 140737479963072 r13 0x8 8 r14 0x7fffff7ff200 140737479963136 r15 0x0 0 rip 0x6e0b80 0x6e0b80 <zend_is_callable_ex+544> eflags 0x10202 [ IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 ---Type <return> to continue, or q <return> to quit---q Quit (gdb) x/x $rsp 0x7fffff7feff0: Cannot access memory at address 0x7fffff7feff0 (gdb) list 3339 *callable_name = zend_string_init("Array", sizeof("Array")-1, 0); 3340 } 3341 } 3342 return 0; 3343 case IS_OBJECT: 3344 if (Z_OBJ_HANDLER_P(callable, get_closure) && Z_OBJ_HANDLER_P(callable, get_closure)(callable, &fcc->calling_scope, &fcc->function_handler, &fcc->object) == SUCCESS) { 3345 fcc->called_scope = fcc->calling_scope; 3346 if (callable_name) { 3347 zend_class_entry *ce = Z_OBJCE_P(callable); /* TBFixed: what if it's overloaded? */ 3348 (gdb)