|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78151 Segfault caused by indirect expressions in PHP 7.4a1
Submitted: 2019-06-12 19:54 UTC Modified: 2019-06-13 06:06 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jfcherng at gmail dot com Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: Next Minor Version OS: Win7 x64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: jfcherng at gmail dot com
New email:
PHP Version: OS:


 [2019-06-12 19:54 UTC] jfcherng at gmail dot com
I downloaded the PHP 7.4 alpha 1 release from "" and decompressed it without any modification (I did not even create a php.ini).

I then ran the attached test script with the PHP QA release ( $ php.exe test.php ) and got a segfault. I *cannot* reproduce this issue on my CentOS machine somehow.

Test script:

class Arr
    private $foo = '';

    public function __construct(array $array = [])
        $property = 'foo';

        // segfault in PHP 7.4.0alpha1 but is fine in PHP 7.3.7RC1
        $this->{$property} = &$array[$property];

        // this is fine in both PHP versions
        // $this->foo = &$array[$property];


$arr = new Arr(['foo' => 'bar']);

Expected result:
string(3) "bar"

Actual result:
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-06-12 20:01 UTC]
-Status: Open +Status: Verified
 [2019-06-12 20:01 UTC]
Also repros on Ubuntu for me.
 [2019-06-12 20:46 UTC]
Test added, first CI build that includes it is:
 [2019-06-13 05:41 UTC]
Bisected ...

Okay at: 3820296c42e146cc080bc24314ccdfdd700e743e

Fault introduced by merge: dbd1ecd09f26015451063c6d545c9ab929a12129

Revert of be74ca497680ef544af1f650fe4717a3e0d0af67 fixes fault
 [2019-06-13 06:06 UTC]
-Assigned To: +Assigned To: dmitry
 [2019-06-13 06:06 UTC]
My mistake, a95014dc101756d93696c5c283578302a8334edd is the bad commit ...
 [2019-06-13 07:38 UTC]
Automatic comment on behalf of
Log: Fixed bug #78151
 [2019-06-13 07:38 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Aug 06 18:01:25 2020 UTC