php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72767 PHP Segfaults when trying to expand an infinite operator
Submitted: 2016-08-05 15:25 UTC Modified: 2016-08-05 16:31 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: danack@php.net Assigned: nikic
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0.9 OS:
Private report: No CVE-ID:
 [2016-08-05 15:25 UTC] danack@php.net
Description:
------------
PHP Segfaults when trying to expand an infinite operator

Test script:
---------------
$iterator = new InfiniteIterator(new ArrayIterator([0, 1, 2, 3, 4]));
var_dump(...$iterator);

echo "Still alive!";

Expected result:
----------------
Something sensible, either the script aborting to lack of memory, or otherwise shutting down cleanly.

Actual result:
--------------
Segfaults apparently https://3v4l.org/6IRrp/segfault#tabs

/usr/bin/php-7.0.0(zend_call_function+0x1c6)[0x72b196]
/usr/bin/php-7.0.0(zend_call_method+0x22e)[0x754f2e]
/usr/bin/php-7.0.0(zend_user_it_move_forward+0x37)[0x755457]
/usr/bin/php-7.0.0[0x7c5e8b]
/usr/bin/php-7.0.0(execute_ex+0x1b)[0x77617b]
/usr/bin/php-7.0.0(zend_execute+0x1a7)[0x7c7e37]
/usr/bin/php-7.0.0(zend_execute_scripts+0xb4)[0x739484]
/usr/bin/php-7.0.0(php_execute_script+0x280)[0x6dd2e0]
/usr/bin/php-7.0.0[0x7c9a54]
/usr/bin/php-7.0.0[0x434198]
/usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7fd7c1dd2741]
/usr/bin/php-7.0.0(_start+0x29)[0x4342d9]

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-05 16:31 UTC] nikic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: nikic
 [2016-08-05 16:31 UTC] nikic@php.net
This is not just an infinite iterator issue, it's a problem occurring for sufficiently large iterators. I think we forget to update vm_stack_top/end when switching stack frames.
 [2016-08-05 17:58 UTC] nikic@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=807e81937b290ddb71152196aae3bbaca9a53c7e
Log: Fix bug #72767
 [2016-08-05 17:58 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2016-10-17 10:10 UTC] bwoebi@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=807e81937b290ddb71152196aae3bbaca9a53c7e
Log: Fix bug #72767
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC