php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54322 Crash (null pointer) in zif_get_html_translation_table
Submitted: 2011-03-20 14:15 UTC Modified: 2011-03-20 16:17 UTC
From: decoder-php at own-hero dot net Assigned: cataphract (profile)
Status: Closed Package: Reproducible crash
PHP Version: trunk-SVN-2011-03-20 (SVN) OS: Linux x86-64
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: decoder-php at own-hero dot net
New email:
PHP Version: OS:

 

 [2011-03-20 14:15 UTC] decoder-php at own-hero dot net 
Description:
------------
Attached code crashes on PHP trunk debug build (64 bit). Looks like a null pointer deref, so I assume it's not security related.

Test script:
---------------
<?php
/* Prototype  : array get_html_translation_table ( [int $table [, int $quote_style [, string charset_hint]]] )
*/
$tt = get_html_translation_table(acos(1.01), $quote_style, "UTF-8");
?>

Expected result:
----------------
==23063== Invalid read of size 8
==23063==    at 0x6AFEEE: zif_get_html_translation_table (html.c:1625)
==23063==    by 0x7ED653: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:638)
==23063==    by 0x7F37D2: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1935)
==23063==    by 0x7EC127: execute (zend_vm_execute.h:410)
==23063==    by 0x7B0348: zend_execute_scripts (zend.c:1212)
==23063==    by 0x726A6B: php_execute_script (main.c:2344)
==23063==    by 0x8EC489: main (php_cli.c:1136)
==23063==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==23063== 
==23063== 
==23063== Process terminating with default action of signal 11 (SIGSEGV)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-20 15:21 UTC] cataphract@php.net
-Assigned To: +Assigned To: cataphract
 [2011-03-20 16:16 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2011-03-20 16:16 UTC] cataphract@php.net 
Thanks. The whole html.c was rewritten for trunk, if you could give it more emphasis it would be nice.
 [2011-03-20 16:17 UTC] cataphract@php.net 
I got the bug number wrong in the commit message, so no automatic comment here. The revision number is r309482.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Sun Feb 08 07:00:01 2026 UTC