|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2018-10-10 08:16 UTC] stas@php.net
-Type: Security
+Type: Bug
[2018-10-10 08:16 UTC] stas@php.net
[2018-10-10 08:18 UTC] stas@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 18:01:29 2024 UTC |
Description: ------------ php crash.php Segmentation fault (core dumped) php -v PHP 7.0.32-0ubuntu0.16.04.1 (cli) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies with Zend OPcache v7.0.32-0ubuntu0.16.04.1, Copyright (c) 1999-2017, by Zend Technologies gdb info: ``` [----------------------------------registers-----------------------------------] RAX: 0x0 RBX: 0x0 RCX: 0x4 RDX: 0x1 RSI: 0x1 RDI: 0x7fffffffa001 --> 0x7fffffffa0 RBP: 0x7ffff3813100 --> 0x0 RSP: 0x7fffffffa1f0 --> 0x0 RIP: 0x7ffff0e24001 (<prompt_print+49>: mov esi,DWORD PTR [rbx]) R8 : 0x0 R9 : 0x0 R10: 0x1 R11: 0x7ffff10468b9 --> 0x0 R12: 0x555555ca1a58 --> 0x7ffff0e2fb20 (mov rax,QWORD PTR [rip+0x2163f9] # 0x7ffff1045f20) R13: 0x555555ca1730 --> 0x555555cc1ab0 --> 0x7fff00000000 R14: 0x555555ca1730 --> 0x555555cc1ab0 --> 0x7fff00000000 R15: 0x7ffff3872180 --> 0x5555557fecd0 (push r13) EFLAGS: 0x10206 (carry PARITY adjust zero sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff0e23ff8 <prompt_print+40>: je 0x7ffff0e24078 <prompt_print+168> 0x7ffff0e23ffa <prompt_print+42>: call QWORD PTR [r12] 0x7ffff0e23ffe <prompt_print+46>: mov rbx,rax => 0x7ffff0e24001 <prompt_print+49>: mov esi,DWORD PTR [rbx] 0x7ffff0e24003 <prompt_print+51>: xor ebp,ebp 0x7ffff0e24005 <prompt_print+53>: test esi,esi 0x7ffff0e24007 <prompt_print+55>: jne 0x7ffff0e24027 <prompt_print+87> 0x7ffff0e24009 <prompt_print+57>: jmp 0x7ffff0e24049 <prompt_print+121> [------------------------------------stack-------------------------------------] 0000| 0x7fffffffa1f0 --> 0x0 0008| 0x7fffffffa1f8 --> 0x555555bbaad0 ('\"' <repeats 200 times>...) 0016| 0x7fffffffa200 --> 0x7ffff3813100 --> 0x0 0024| 0x7fffffffa208 --> 0x7fffffffa2b0 --> 0x0 0032| 0x7fffffffa210 --> 0x0 0040| 0x7fffffffa218 --> 0x7ffff0e2523f (<re_refresh+143>: mov rbx,QWORD PTR [r14+0x58]) 0048| 0x7fffffffa220 --> 0x0 0056| 0x7fffffffa228 --> 0xffff000000000000 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0x00007ffff0e24001 in prompt_print () from /usr/lib/x86_64-linux-gnu/libedit.so.2 gdb-peda$ bt #0 0x00007ffff0e24001 in prompt_print () from /usr/lib/x86_64-linux-gnu/libedit.so.2 #1 0x00007ffff0e2523f in re_refresh () from /usr/lib/x86_64-linux-gnu/libedit.so.2 #2 0x00007ffff0e24689 in read_prepare () from /usr/lib/x86_64-linux-gnu/libedit.so.2 #3 0x00007ffff0e24a1d in el_wgets () from /usr/lib/x86_64-linux-gnu/libedit.so.2 #4 0x00007ffff0e33bc9 in el_gets () from /usr/lib/x86_64-linux-gnu/libedit.so.2 #5 0x00007ffff0e30610 in readline () from /usr/lib/x86_64-linux-gnu/libedit.so.2 #6 0x00007ffff104d9de in zif_readline () from /usr/lib/php/20151012/readline.so #7 0x00005555557fed1d in ?? () #8 0x00005555557effcb in execute_ex () #9 0x00005555558445f7 in zend_execute () #10 0x00005555557af5b3 in zend_execute_scripts () #11 0x000055555574e4b0 in php_execute_script () #12 0x00005555558462b7 in ?? () #13 0x00005555556309d4 in main () #14 0x00007ffff6413830 in __libc_start_main (main=0x555555630560 <main>, argc=0x2, argv=0x7fffffffde68, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffde58) at ../csu/libc-start.c:291 #15 0x0000555555630b19 in _start () ``` Test script: --------------- crash.php : https://github.com/xcainiao/poc/blob/master/php-crash.php