Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault (access null pointer) in ext/spl/spl_array.c #15833

Closed
YuanchengJiang opened this issue Sep 11, 2024 · 3 comments
Closed

Segmentation fault (access null pointer) in ext/spl/spl_array.c #15833

YuanchengJiang opened this issue Sep 11, 2024 · 3 comments
Assignees
@Girgias
Labels
Bug Extension: spl Status: Verified

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
class C {
public int $a;
}
$reflector = new ReflectionClass(C::class);
$obj = $reflector->newLazyProxy(function ($obj) {
$obj = new C();
return $obj;
});
$fusion = $obj;
$recursiveArrayIterator = new RecursiveArrayIterator($fusion);
$test = new RecursiveIteratorIterator($recursiveArrayIterator);
var_dump($test->current());

Resulted in this output:

/php-src/ext/spl/spl_array.c:79:7: runtime error: member access within null pointer of type 'HashTable' (aka 'struct _zend_array')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/spl/spl_array.c:79:7

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04
@iluuu1994
Copy link
Member

This should probably go to @arnaud-lb instead.

@Girgias
Copy link
Member

Girgias commented Sep 11, 2024

@arnaud-lb I think the issue is related to the calls to zend_std_get_properties_ex() didn't you change the semantics of it?

@arnaud-lb
Copy link
Member

Yes this seems related. I will take a look

nielsdos added a commit to nielsdos/php-src that referenced this issue Dec 21, 2024
@nielsdos
Fix phpGH-15833: Segmentation fault (access null pointer) in ext/spl/…
34f1450 
…spl_array.c

We're accessing the object properties table directly in spl, but we're
not accounting for lazy objects. Upon accessing we should trigger the
initialization as spl is doing direct manipulations on the object
property table and expects a real object.
@nielsdos nielsdos linked a pull request Dec 21, 2024 that will close this issue
Fix GH-15833: Segmentation fault (access null pointer) in ext/spl/spl_array.c #17235
Closed
nielsdos added a commit that referenced this issue Jan 9, 2025
@nielsdos
Merge branch 'PHP-8.4'
8c44301 
* PHP-8.4:
  Fix GH-17307: Internal closure causes JIT failure
  Generate inline frameless icall handlers only if the optimization level is set to inline
  Fix GH-15981: Segfault with frameless jumps and minimal JIT
  Fix GH-15833: Segmentation fault (access null pointer) in ext/spl/spl_array.c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Girgias Girgias

Labels
Bug Extension: spl Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-15833: Segmentation fault (access null pointer) in ext/spl/spl_array.c nielsdos/php-src
5 participants
@arnaud-lb @iluuu1994 @devnexen @Girgias @YuanchengJiang