php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74456 Segmentation error while running a script in CLI mode
Submitted: 2017-04-17 08:38 UTC Modified: 2017-04-17 09:33 UTC
From: dumitru at floringabriel dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: master-Git-2017-04-17 (Git) OS: Debian 8
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dumitru at floringabriel dot com
New email:
PHP Version: OS:

 

 [2017-04-17 08:38 UTC] dumitru at floringabriel dot com
Description:
------------
When running the following script a 'Segmentation fault' error is being displayed and the script is stoped.


php -v
PHP 7.1.3-3+0~20170325135815.21+jessie~1.gbpafff68 (cli) (built: Mar 25 2017 14:35:42) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.1.3-3+0~20170325135815.21+jessie~1.gbpafff68, Copyright (c) 1999-2017, by Zend Technologies

Test script:
---------------
<?php


function small_numbers() {
    return [0,1,2];
}

list ($zero, $one, $two) = small_numbers();

print_r(array_keys(get_defined_vars()));

Expected result:
----------------
Segmentation fault

Actual result:
--------------
Array
(
    [0] => _GET
    [1] => _POST
    [2] => _COOKIE
    [3] => _FILES
    [4] => zero
    [5] => one
    [6] => two
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-17 08:45 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2017-04-17 08:45 UTC] requinix@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2017-04-17 09:33 UTC] nikic@php.net
-Status: Feedback +Status: Verified
 [2017-04-17 09:33 UTC] nikic@php.net
First valgrind warning:

==2631== Conditional jump or move depends on uninitialised value(s)
==2631==    at 0xC8198F: zend_fetch_dimension_address_read (zend_execute.c:1710)
==2631==    by 0xC8222C: zend_fetch_dimension_address_read_LIST (zend_execute.c:1827)
==2631==    by 0xD0D23B: ZEND_FETCH_LIST_SPEC_TMPVAR_CONST_HANDLER (zend_vm_execute.h:49253)
==2631==    by 0xC8556F: execute_ex (zend_vm_execute.h:432)
==2631==    by 0xC8580E: zend_execute (zend_vm_execute.h:474)
==2631==    by 0xC18227: zend_execute_scripts (zend.c:1537)
==2631==    by 0xB4FF8F: php_execute_script (main.c:2548)
==2631==    by 0xD20FE0: do_cli (php_cli.c:997)
==2631==    by 0xD22472: main (php_cli.c:1390)

Dump:

L0:     V4 = FETCH_LIST array(...) int(0)
L1:     ASSIGN CV0($zero) V4
L2:     V4 = FETCH_LIST V3 int(1)
L3:     ASSIGN CV1($one) V4
L4:     V4 = FETCH_LIST V3 int(2)
L5:     ASSIGN CV2($two) V4

Clearly V3 was propagated into the FETCH_LIST, but only the first one...
 [2017-04-17 12:27 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6315c2fbb46ea8795d2158e32c32f4111e805c1
Log: Fixed bug #74456 (Segmentation error while running a script in CLI mode)
 [2017-04-17 12:27 UTC] laruence@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Oct 08 12:01:26 2024 UTC