php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77395 segfault about array_multisort ?
Submitted: 2019-01-02 03:18 UTC Modified: -
From: 954983536 at qq dot com Assigned:
Status: Closed Package: *General Issues
PHP Version: 7.3.0 OS: Ubuntu
Private report: No CVE-ID: None
 [2019-01-02 03:18 UTC] 954983536 at qq dot com
Description:
------------
My English is poor, just look the php script. 
I test php7.3.0 php7.2.3 php7.1.10, all of them cause a segfault in fpm and cli.

Test script:
---------------
<?php

function error_handle($level, $message, $file = '', $line = 0){
    $a = [1,2,3];
    $b = [3,2,1];
    array_multisort($a, SORT_ASC, $b); // if comment this line, no segfault happen
}
set_error_handler('error_handle');
$data = [['aa'=> 'bb',], ['aa'=> 'bb',],];
array_multisort(array_column($data, 'bb'),SORT_DESC, $data); // PHP Warning error 


Expected result:
----------------
no segfault happen 

Actual result:
--------------
Program terminated with signal SIGSEGV, Segmentation fault.
#0  malloc_consolidate (av=av@entry=0x7fa1af1a6b20 <main_arena>) at malloc.c:4169
4169    malloc.c: No such file or directory.
(gdb) bt
#0  malloc_consolidate (av=av@entry=0x7fa1af1a6b20 <main_arena>) at malloc.c:4169
#1  0x00007fa1aee62678 in _int_free (av=0x7fa1af1a6b20 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:4075
#2  0x00007fa1aee6653c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968
#3  0x0000000000c0dc1e in _efree (ptr=0x2b9d530, __zend_filename=0x15319d8 "/home/soft/php-7.3.0/Zend/zend_arena.h", __zend_lineno=46, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/soft/php-7.3.0/Zend/zend_alloc.c:2508
#4  0x0000000000c0fe90 in zend_arena_destroy (arena=0x2b9d530) at /home/soft/php-7.3.0/Zend/zend_arena.h:46
#5  0x0000000000c11b62 in shutdown_compiler () at /home/soft/php-7.3.0/Zend/zend_compile.c:382
#6  0x0000000000c4fa3a in zend_deactivate () at /home/soft/php-7.3.0/Zend/zend.c:1111
#7  0x0000000000b8962e in php_request_shutdown (dummy=0x0) at /home/soft/php-7.3.0/main/main.c:1926
#8  0x0000000000d40773 in do_cli (argc=2, argv=0x28f59b0) at /home/soft/php-7.3.0/sapi/cli/php_cli.c:1164
#9  0x0000000000d4111a in main (argc=2, argv=0x28f59b0) at /home/soft/php-7.3.0/sapi/cli/php_cli.c:1389

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-02 04:10 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8ebae84674c75c3483550fb6e9da49122d952c99
Log: Fixed bug #77395 (segfault about array_multisort)
 [2019-01-02 04:10 UTC] laruence@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 05:01:26 2019 UTC