php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78941 Segfault with unparenthesized expressions containing both '.' and '+'/'-'
Submitted: 2019-12-10 14:33 UTC Modified: 2019-12-10 14:43 UTC
From: marcus at synchromedia dot co dot uk Assigned:
Status: Duplicate Package: Reproducible crash
PHP Version: 7.4.0 OS: macOS 10.14
Private report: No CVE-ID: None
 [2019-12-10 14:33 UTC] marcus at synchromedia dot co dot uk
Description:
------------
PHP 7.4.0 release installed from homebrew.

If code that triggers this warning:

> The behavior of unparenthesized expressions containing both '.' and '+'/'-' will change in PHP 8: '+'/'-' will take a higher precedence

appears in a base class, creating an instance of a subclass of it will segfault.

Modules loaded:

[PHP Modules]
apcu
bcmath
bz2
calendar
Core
ctype
curl
date
dba
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
intl
json
ldap
libxml
mbstring
mysqli
mysqlnd
odbc
openssl
pcntl
pcre
PDO
pdo_dblib
pdo_mysql
PDO_ODBC
pdo_pgsql
pdo_sqlite
pgsql
Phar
phpdbg_webhelper
posix
pspell
readline
Reflection
session
shmop
SimpleXML
soap
sockets
sodium
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tidy
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

Test script:
---------------
I have provided a project to reproduce the crash: https://github.com/Synchro/seg

git clone https://github.com/Synchro/seg.git
cd seg
composer install --dev
php vendor/bin/phpunit --no-configuration --filter "/(::testBase)( .*)?$/" Synchro\seg\Test\segTest tests/segTest.php
php vendor/bin/phpunit --no-configuration --filter "/(::testGeneric)( .*)?$/" Synchro\seg\Test\segTest tests/segTest.php



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-12-10 14:42 UTC] nikic@php.net
I can't repro this on current 7.4 on Linux.
 [2019-12-10 14:43 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2019-12-10 14:43 UTC] nikic@php.net
I was able to reproduce after reverting 32c1f37574a12452d967c5d8d8c81e9b66db726c. As such, this is a duplicate of bug #78926.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Feb 18 02:01:30 2020 UTC