php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79835 Segfault in php_str_replace_in_subject
Submitted: 2020-07-11 20:08 UTC Modified: -
From: changochen1 at gmail dot com Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-11 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-11 20:08 UTC] changochen1 at gmail dot com
Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==173470==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000010 (pc 0x000000fbecb3 bp 0x000000000000 sp 0x7ffdf46657f0 T173470)
==173470==The signal is caused by a READ memory access.
==173470==Hint: address points to the zero page.
    #0 0xfbecb2 in php_str_replace_in_subject /home/yongheng/php_clean/ext/standard/string.c
    #1 0xfa9b3b in php_str_replace_common /home/yongheng/php_clean/ext/standard/string.c:4289:13
    #2 0x15dbed2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #3 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #4 0x1431214 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56362:2
    #5 0x138d418 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #6 0x10f0cf9 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #7 0x179c8af in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:951:5
    #8 0x1798c9f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1349:18
    #9 0x7fc89b004b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #10 0x43fa49 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43fa49)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/ext/standard/string.c in php_str_replace_in_subject
==173470==ABORTING
---

Test script:
---------------
<?
function b () {
    in_array ( $c ,   array  ( ob_start ( function ( $buffer ) {
        $GLOBALS [] = $buffer ;
    }
    , 1 ) ) , var_dump ( $a ) > mkdir ( $d ) );
}
b () ;
var_dump ( max ( function ( $f ) {}, 1  ) , array ( array ( $g , $g ) , 'x' => array ( 7 , array () ) ) ) ;
str_replace ( array ( array ( $$e  )) , 7 , $GLOBALS ) ;


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2024-05-06 11:22 UTC] robert2001blodgett at outlook dot com
(https://github.com)(https://www-netbenefits.com)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 11:01:30 2024 UTC