From: dz at bitxtender dot com
Operating system: irrelevant
PHP version: 5.2.6
PHP Bug Type: Reproducible crash
Bug description: Segfault when using return; in combination with nested loops
and continue 2;
Description:
------------
The code below crashes reproducibly on different PHP versions and
different OS (tried OS X, Linux, Windows) including 5.2.6 and 5.3-dev
I am suspecting a problem in the bytecode generation, as the crash
does not occur if
a) XDebug is enabled or
b) any statement is put right before the return;, like $foo = 'bar';
c) the return; is not there at all
And it only happens in this foreach() / for() combination... two
foreach()es, two for()s or a foreach() in a for() works just fine.
Also note that on many PHP versions, no segfault will occur right away
with just array(1) in the foreach - instead, warnings will pop up
saying "invalid argument supplied for foreach()" for this line. Other
code may then crash much later due to memory corruption. In more
complex test cases, we get random memory output on screen when
var_dump()ing variables, or strange undefined index warnings for
variables that then, suddenly, are of "unknown type" etc. I also got
heap overflow warnings etc once. In any case, something goes wrong
deep inside the belly of the beast :)
Can provide additional, more complex reproduce cases if needed.
Obviously, the code below doesn't make much sense per se; in our
"real-life" code, the continue 2; is run only when certain conditions
are met. Here, the return is never reached, but still seems to be the
cause of the problem.
Reproduce code:
---------------
--TEST--
continue/return/loop-related segfault test case for Bug #44913
--FILE--
<?php
function something() {
foreach(array(1, 2) as $value) {
for($i = 0; $i < 1; $i++) {
continue 2;
}
return;
}
}
something();
echo 'hi';
?>
--EXPECT--
hi
Expected result:
----------------
hi
Actual result:
--------------
"Segmentation fault" or "Bus error"
--
Edit bug report at http://bugs.php.net/?id=44913&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44913&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44913&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44913&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44913&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44913&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44913&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44913&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44913&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44913&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44913&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44913&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44913&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44913&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44913&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44913&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44913&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44913&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44913&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44913&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44913&r=mysqlcfg
