|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74456 Segmentation error while running a script in CLI mode
Submitted: 2017-04-17 08:38 UTC Modified: 2017-04-17 09:33 UTC
From: dumitru at floringabriel dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: master-Git-2017-04-17 (Git) OS: Debian 8
Private report: No CVE-ID: None
 [2017-04-17 08:38 UTC] dumitru at floringabriel dot com
When running the following script a 'Segmentation fault' error is being displayed and the script is stoped.

php -v
PHP 7.1.3-3+0~20170325135815.21+jessie~1.gbpafff68 (cli) (built: Mar 25 2017 14:35:42) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.1.3-3+0~20170325135815.21+jessie~1.gbpafff68, Copyright (c) 1999-2017, by Zend Technologies

Test script:

function small_numbers() {
    return [0,1,2];

list ($zero, $one, $two) = small_numbers();


Expected result:
Segmentation fault

Actual result:
    [0] => _GET
    [1] => _POST
    [2] => _COOKIE
    [3] => _FILES
    [4] => zero
    [5] => one
    [6] => two


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-17 08:45 UTC]
-Status: Open +Status: Feedback
 [2017-04-17 08:45 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2017-04-17 09:33 UTC]
-Status: Feedback +Status: Verified
 [2017-04-17 09:33 UTC]
First valgrind warning:

==2631== Conditional jump or move depends on uninitialised value(s)
==2631==    at 0xC8198F: zend_fetch_dimension_address_read (zend_execute.c:1710)
==2631==    by 0xC8222C: zend_fetch_dimension_address_read_LIST (zend_execute.c:1827)
==2631==    by 0xD0D23B: ZEND_FETCH_LIST_SPEC_TMPVAR_CONST_HANDLER (zend_vm_execute.h:49253)
==2631==    by 0xC8556F: execute_ex (zend_vm_execute.h:432)
==2631==    by 0xC8580E: zend_execute (zend_vm_execute.h:474)
==2631==    by 0xC18227: zend_execute_scripts (zend.c:1537)
==2631==    by 0xB4FF8F: php_execute_script (main.c:2548)
==2631==    by 0xD20FE0: do_cli (php_cli.c:997)
==2631==    by 0xD22472: main (php_cli.c:1390)


L0:     V4 = FETCH_LIST array(...) int(0)
L1:     ASSIGN CV0($zero) V4
L2:     V4 = FETCH_LIST V3 int(1)
L3:     ASSIGN CV1($one) V4
L4:     V4 = FETCH_LIST V3 int(2)
L5:     ASSIGN CV2($two) V4

Clearly V3 was propagated into the FETCH_LIST, but only the first one...
 [2017-04-17 12:27 UTC]
Automatic comment on behalf of
Log: Fixed bug #74456 (Segmentation error while running a script in CLI mode)
 [2017-04-17 12:27 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Jun 04 08:03:42 2023 UTC