php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79828 Segfault when trying to access non-existing variable
Submitted: 2020-07-10 23:04 UTC Modified: 2020-07-13 07:55 UTC
From: sam at rmcreative dot ru Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 8.0.0alpha2 OS:
Private report: No CVE-ID: None
 [2020-07-10 23:04 UTC] sam at rmcreative dot ru
Description:
------------
Executing test script under php:8.00-rc-cli-alpine segfaults.

Can also be seen at https://3v4l.org/VRAoq

Test script:
---------------
<?php
function getTime(): DateTimeInterface
{
    return $time;
}

echo __LINE__; // OK
getTime(); // Segfault
echo __LINE__; // We aren't getting here

Expected result:
----------------
Same output as PHP 7:

7
Notice: Undefined variable: time in /in/VRAoq on line 4

Fatal error: Uncaught TypeError: Return value of getTime() must implement interface DateTimeInterface, null returned in /in/VRAoq:4
Stack trace:
#0 /in/VRAoq(8): getTime()
#1 {main}
  thrown in /in/VRAoq on line 4

Process exited with code 255.

Actual result:
--------------
7
Process exited with code 139.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-10 23:53 UTC] requinix@php.net
-Status: Open +Status: Verified
 [2020-07-10 23:53 UTC] requinix@php.net
Repro is returning an uninitialized variable inside a return-typed function.

function foo(): AnyType {
   return $uninitialized;
}
foo();

#0  0x0000000008696c3f in zend_get_executed_lineno () at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend_execute_API.c:560
#1  0x00000000086adcfc in get_filename_lineno (type=2, filename=0x7ffffffea6e8, lineno=0x7ffffffea6e4)
    at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend.c:1447
#2  0x00000000086adedd in zend_error (type=2, format=0x8f58527 "Undefined variable $%s") at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend.c:1483
#3  0x00000000086d8a9a in zval_undefined_cv (var=80) at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend_execute.c:269
#4  0x00000000086d8be6 in _get_zval_ptr_cv_BP_VAR_R (var=80) at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend_execute.c:342
#5  0x00000000087450c3 in ZEND_VERIFY_RETURN_TYPE_SPEC_CV_UNUSED_HANDLER () at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend_vm_execute.h:44554
#6  0x0000000008751842 in execute_ex (ex=0x7ffff4a13020) at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend_vm_execute.h:55746
#7  0x0000000008751db7 in zend_execute (op_array=0x7ffff4a5c280, return_value=0x0)
    at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend_vm_execute.h:56094
#8  0x00000000086aea0e in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/ubuntu/php/php-8.0.0alpha2-src/Zend/zend.c:1667
#9  0x0000000008617bdc in php_execute_script (primary_file=0x7ffffffed020) at /home/ubuntu/php/php-8.0.0alpha2-src/main/main.c:2537
#10 0x000000000879068f in do_cli (argc=2, argv=0x962c870) at /home/ubuntu/php/php-8.0.0alpha2-src/sapi/cli/php_cli.c:955
#11 0x0000000008791771 in main (argc=2, argv=0x962c870) at /home/ubuntu/php/php-8.0.0alpha2-src/sapi/cli/php_cli.c:1353

valgrind reports use of initialized value followed by an invalid read.
 [2020-07-13 07:55 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2020-07-13 08:05 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=213852de782df32a4de2cfc56a3d112c74db4ccf
Log: Fixed bug #79828
 [2020-07-13 08:05 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Jan 20 14:01:23 2021 UTC