php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77092 array_diff_key() - segmentation fault
Submitted: 2018-11-01 22:21 UTC Modified: 2018-11-02 13:24 UTC
From: root4root at gmail dot com Assigned: nikic (profile)
Status: Closed Package: opcache
PHP Version: 7.2.11 OS: Linux/Windows
Private report: No CVE-ID: None
 [2018-11-01 22:21 UTC] root4root at gmail dot com
Description:
------------
Since PHP 7.2.0, fpm/mod_php environment. Appears only if Opcache is enabled.

When we use function array_diff_key() or array_diff_assoc() inside a class method. Including or direct running file with code below leads segmentation fault.

require/include mentioned code inside some user function, we have error described here: https://bugs.php.net/bug.php?id=77070 instead of segfault.



Test script:
---------------
<?php
class AnyClassName
{
    public function anyMethodName()
    {
        $anyArrayOne = ['foo' => 'bar', 'bar' => 'baz'];
        $anyArrayTwo = ['foo' => null];
        
        //Output or variable assignment:
        print_r(array_diff_key($anyArrayOne, $anyArrayTwo));
        //$result = [];
        //$result[] = array_diff_key($anyArrayOne, $anyArrayTwo);
    }
}
//EOF

Actual result:
--------------
#0  0xb6411bf5 in zend_parse_va_args (num_args=2, type_spec=0xb6c0cc34 "+", va=0xbfc0aee0, flags=0) at /php7.2.11/Zend/zend_API.c:920
#1  0xb6411df2 in zend_parse_parameters (num_args=2, type_spec=0xb6c0cc34 "+") at /php7.2.11/Zend/zend_API.c:990
#2  0xb6229728 in php_array_diff_key (execute_data=0xb547d000, return_value=0xbfc0b0f0, data_compare_type=-1) at /php7.2.11/ext/standard/array.c:5082
#3  0xb622ab0b in zif_array_diff_key (execute_data=0xb547d000, return_value=0xbfc0b0f0) at /php7.2.11/ext/standard/array.c:5409
#4  0xb51a4144 in ct_eval_func_call (result=0xbfc0b0f0, name=0xb546a0e0, num_args=2, args=0xbfc0b100) at /php7.2.11/ext/opcache/Optimizer/sccp.c:848
#5  0xb51a5c68 in sccp_visit_instr (scdf=0xbfc0b1b0, opline=0xb546f1e8, ssa_op=0xb548e320) at /php7.2.11/ext/opcache/Optimizer/sccp.c:1283
#6  0xb51a789a in scdf_solve (scdf=0xbfc0b1b0, name=0xb51bf95f "SCCP") at /php7.2.11/ext/opcache/Optimizer/scdf.c:167
#7  0xb51a6e9a in sccp_optimize_op_array (ctx=0xbfc0b3c8, op_array=0xb540b148, ssa=0xb548e094, call_map=0xb548e158) at /php7.2.11/ext/opcache/Optimizer/sccp.c:1673
#8  0xb517ab57 in zend_dfa_optimize_op_array (op_array=0xb540b148, ctx=0xbfc0b3c8, ssa=0xb548e094, call_map=0xb548e158) at /php7.2.11/ext/opcache/Optimizer/dfa_pass.c:567
#9  0xb5162267 in zend_optimize_script (script=0xb546f000, optimization_level=2147467263, debug_level=0) at /php7.2.11/ext/opcache/Optimizer/zend_optimizer.c:1263
#10 0xb5141b68 in cache_script_in_shared_memory (new_persistent_script=0xb546f000, key=0xb7d9bb70 "/home/pavel/bitbucket/zhostovo2/www/test.php", key_length=44, from_shared_memory=0xbfc0b47c)
    at /php7.2.11/ext/opcache/ZendAccelerator.c:1333
#11 0xb5143756 in persistent_compile_file (file_handle=0xbfc0d7e8, type=8) at /php7.2.11/ext/opcache/ZendAccelerator.c:1947
#12 0xb640e0b7 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /php7.2.11/Zend/zend.c:1490
#13 0xb6382fd1 in php_execute_script (primary_file=0xbfc0d7e8) at /php7.2.11/main/main.c:2590
#14 0xb64e7f7e in php_handler (r=0xb7d9a7a8) at /php7.2.11/sapi/apache2handler/sapi_apache2.c:701
#15 0xb771d364 in ap_run_handler ()
#16 0xb771d986 in ap_invoke_handler ()
#17 0xb7738572 in ap_process_async_request ()
#18 0xb773875b in ap_process_request ()
#19 0xb7733ef6 in ?? ()
#20 0xb7729014 in ap_run_process_connection ()
#21 0xb773fdb8 in ?? ()
#22 0xb774005b in ?? ()
#23 0xb77400bd in ?? ()
#24 0xb7740969 in ?? ()
#25 0xb76fb074 in ap_run_mpm ()
#26 0xb76f2900 in main ()


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-02 13:24 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2018-11-02 13:37 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4daa413898948dad90bc797ccab200115326efc7
Log: Fixed bug #77092
 [2018-11-02 13:37 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC