php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74456 Segmentation error while running a script in CLI mode
Submitted: 2017-04-17 08:38 UTC Modified: 2017-04-17 09:33 UTC
From: dumitru at floringabriel dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: master-Git-2017-04-17 (Git) OS: Debian 8
Private report: No CVE-ID: None
 [2017-04-17 08:38 UTC] dumitru at floringabriel dot com
Description:
------------
When running the following script a 'Segmentation fault' error is being displayed and the script is stoped.


php -v
PHP 7.1.3-3+0~20170325135815.21+jessie~1.gbpafff68 (cli) (built: Mar 25 2017 14:35:42) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.1.3-3+0~20170325135815.21+jessie~1.gbpafff68, Copyright (c) 1999-2017, by Zend Technologies

Test script:
---------------
<?php


function small_numbers() {
    return [0,1,2];
}

list ($zero, $one, $two) = small_numbers();

print_r(array_keys(get_defined_vars()));

Expected result:
----------------
Segmentation fault

Actual result:
--------------
Array
(
    [0] => _GET
    [1] => _POST
    [2] => _COOKIE
    [3] => _FILES
    [4] => zero
    [5] => one
    [6] => two
)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-17 08:45 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2017-04-17 08:45 UTC] requinix@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2017-04-17 09:33 UTC] nikic@php.net
-Status: Feedback +Status: Verified
 [2017-04-17 09:33 UTC] nikic@php.net
First valgrind warning:

==2631== Conditional jump or move depends on uninitialised value(s)
==2631==    at 0xC8198F: zend_fetch_dimension_address_read (zend_execute.c:1710)
==2631==    by 0xC8222C: zend_fetch_dimension_address_read_LIST (zend_execute.c:1827)
==2631==    by 0xD0D23B: ZEND_FETCH_LIST_SPEC_TMPVAR_CONST_HANDLER (zend_vm_execute.h:49253)
==2631==    by 0xC8556F: execute_ex (zend_vm_execute.h:432)
==2631==    by 0xC8580E: zend_execute (zend_vm_execute.h:474)
==2631==    by 0xC18227: zend_execute_scripts (zend.c:1537)
==2631==    by 0xB4FF8F: php_execute_script (main.c:2548)
==2631==    by 0xD20FE0: do_cli (php_cli.c:997)
==2631==    by 0xD22472: main (php_cli.c:1390)

Dump:

L0:     V4 = FETCH_LIST array(...) int(0)
L1:     ASSIGN CV0($zero) V4
L2:     V4 = FETCH_LIST V3 int(1)
L3:     ASSIGN CV1($one) V4
L4:     V4 = FETCH_LIST V3 int(2)
L5:     ASSIGN CV2($two) V4

Clearly V3 was propagated into the FETCH_LIST, but only the first one...
 [2017-04-17 12:27 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6315c2fbb46ea8795d2158e32c32f4111e805c1
Log: Fixed bug #74456 (Segmentation error while running a script in CLI mode)
 [2017-04-17 12:27 UTC] laruence@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC