PHP :: Bug #64302 :: Invalid read in ext/phar/tests/bug52013.phpt

Bug #64302	Invalid read in ext/phar/tests/bug52013.phpt
Submitted:	2013-02-26 10:24 UTC	Modified:	2018-02-04 17:13 UTC
From:	ab@php.net	Assigned:	bishop (profile)
Status:	Closed	Package:	PHAR related
PHP Version:	5.5Git-2013-02-26 (Git)	OS:	all
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ab@php.net
New email:
PHP Version:		OS:

New Comment:

[2013-02-26 10:24 UTC] ab@php.net

Description:
------------
Running the mentioned test with valgrind is to see

Expected result:
----------------
no valgrind warnings

Actual result:
--------------
==22761== Syscall param write(buf) points to uninitialised byte(s)
==22761==    at 0x5924EB3: __write_nocancel (syscall-template.S:82)
==22761==    by 0x85852E8: _php_stream_filter_flush (filter.c:504)
==22761==    by 0x831BE2F: phar_flush (phar.c:2903)
==22761==    by 0x832B1DE: zim_Phar_compressFiles (phar_object.c:3436)
==22761==    by 0x863FFA4: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:542)
==22761==    by 0x8641374: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(zend_vm_execute.h:674)
==22761==    by 0x863E004: execute_ex (zend_vm_execute.h:356)
==22761==    by 0x863E9BA: zend_execute (zend_vm_execute.h:381)
==22761==    by 0x85FF017: zend_execute_scripts (zend.c:1316)
==22761==    by 0x85615FB: php_execute_script (main.c:2479)
==22761==    by 0x875C33C: do_cli (php_cli.c:988)
==22761==    by 0x875D785: main (php_cli.c:1364)
==22761==  Address 0x6187d1b is 11 bytes inside a block of size 15 alloc'd
==22761==    at 0x4024F20: malloc (vg_replace_malloc.c:236)
==22761==    by 0x85C3E62: _emalloc (zend_alloc.c:2427)
==22761==    by 0x85C4356: _estrndup (zend_alloc.c:2641)
==22761==    by 0x81C613C: php_zlib_deflate_filter (zlib_filter.c:250)
==22761==    by 0x8585094: _php_stream_filter_flush (filter.c:452)
==22761==    by 0x831BE2F: phar_flush (phar.c:2903)
==22761==    by 0x832B1DE: zim_Phar_compressFiles (phar_object.c:3436)
==22761==    by 0x863FFA4: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:542)
==22761==    by 0x8641374: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(zend_vm_execute.h:674)
==22761==    by 0x863E004: execute_ex (zend_vm_execute.h:356)
==22761==    by 0x863E9BA: zend_execute (zend_vm_execute.h:381)
==22761==    by 0x85FF017: zend_execute_scripts (zend.c:1316)
==22761==

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-02-26 10:27 UTC] ab@php.net

-Summary: Memory leak in ext/phar/tests/bug52013.phpt +Summary: Invalid read in ext/phar/tests/bug52013.phpt

[2013-02-26 11:33 UTC] laruence@php.net

same in 5.3

[2018-02-04 17:13 UTC] bishop@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: bishop

[2018-02-04 17:13 UTC] bishop@php.net

As of PHP 7.1 on a 64-bit Intel, I'm not able to reproduce:

$ valgrind --tool=memcheck --leak-check=full -v sapi/cli/php -d phar.readonly=0 ./ext/phar/tests/bug52013.php
...
==55816== HEAP SUMMARY:
==55816==     in use at exit: 966 bytes in 20 blocks
==55816==   total heap usage: 12,451 allocs, 12,431 frees, 1,769,055 bytes allocated
==55816==
==55816== Searching for pointers to 20 not-freed blocks
==55816== Checked 647,512 bytes
==55816==
==55816== LEAK SUMMARY:
==55816==    definitely lost: 0 bytes in 0 blocks
==55816==    indirectly lost: 0 bytes in 0 blocks
==55816==      possibly lost: 0 bytes in 0 blocks
==55816==    still reachable: 966 bytes in 20 blocks
==55816==         suppressed: 0 bytes in 0 blocks
==55816== Reachable blocks (those to which a pointer was found) are not shown.
==55816== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==55816==
==55816== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==55816== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Those leaked bytes are outside the PHAR call stack. Example:
==55838== 400 bytes in 1 blocks are still reachable in loss record 20 of 20
==55838==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==55838==    by 0x60069F1: xmlInitCharEncodingHandlers (encoding.c:1395)
==55838==    by 0x600F994: xmlInitParser__internal_alias.part.17 (parser.c:14904)
==55838==    by 0x45C908: php_libxml_initialize (libxml.c:755)
==55838==    by 0x45C95F: zm_startup_libxml (libxml.c:794)
==55838==    by 0x7028DD: zend_startup_module_ex (zend_API.c:1843)
==55838==    by 0x70299B: zend_startup_module_zval (zend_API.c:1858)
==55838==    by 0x70F7EA: zend_hash_apply (zend_hash.c:1507)
==55838==    by 0x702C49: zend_startup_modules (zend_API.c:1969)
==55838==    by 0x69ED6D: php_module_startup (main.c:2300)
==55838==    by 0x7979CC: php_cli_startup (php_cli.c:427)
==55838==    by 0x42D8C4: main (php_cli.c:1348)


If this is not the correct reproduction and the bug still exists, please re-open with further reproduction details.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 06 11:01:30 2025 UTC