php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79836 Segfault in concat_function
Submitted: 2020-07-11 20:14 UTC Modified: 2023-05-16 21:09 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: changochen1 at gmail dot com Assigned: nielsdos (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-11 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-11 20:14 UTC] changochen1 at gmail dot com
Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==167862==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000010 (pc 0x000001367a21 bp 0x000000000000 sp 0x7fffd3643eb0 T167862)
==167862==The signal is caused by a READ memory access.
==167862==Hint: address points to the zero page.
    #0 0x1367a20 in concat_function /home/yongheng/php_clean/Zend/zend_operators.c:1847:6
    #1 0x14c91a9 in zend_binary_op /home/yongheng/php_clean/Zend/zend_execute.c:1290:9
    #2 0x14c91a9 in ZEND_ASSIGN_OP_SPEC_CV_TMPVAR_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:41337
    #3 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #4 0x1334451 in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:785:3
    #5 0xe760d2 in zif_array_map /home/yongheng/php_clean/ext/standard/array.c:6061:10
    #6 0x15dbed2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #7 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #8 0x1431214 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56362:2
    #9 0x138d418 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #10 0x10f0cf9 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #11 0x179c8af in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:951:5
    #12 0x1798c9f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1349:18
    #13 0x7f9d81a3bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #14 0x43fa49 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43fa49)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_operators.c:1847:6 in concat_function
==167862==ABORTING
---

Test script:
---------------
<?
for ( ; $b < 8 ; ob_start ( function () use ( & $c ) { $c = $d ;}, 1 ) )
    str_replace ( $e , 0 , 'x' , $a  [ ++ $b ] ) ;
array_map ( function () use ( & $c ) {
    $c .= debug_backtrace () ;
}, $a );


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2023-05-16 21:09 UTC] nielsdos@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nielsdos
 [2023-05-16 21:09 UTC] nielsdos@php.net
The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

Fixed in https://github.com/php/php-src/commit/727e26f9f27ed0737fdbf6d2626d37a916e08c22
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 01:01:30 2024 UTC