php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77279 addslashes problem
Submitted: 2018-12-10 16:57 UTC Modified: 2019-01-02 11:42 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: kabikov at sst dot su Assigned:
Status: Duplicate Package: Strings related
PHP Version: 7.3.0 OS: FreeBSD 11
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kabikov at sst dot su
New email:
PHP Version: OS:

 

 [2018-12-10 16:57 UTC] kabikov at sst dot su 
Description:
------------
php /tmp/1.php

PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 1147720050061953400 bytes) in /tmp/1.php on line 2

Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 1147720050061953400 bytes) in /tmp/1.php on line 2

Test script:
---------------
<?php
$a=""; $b=addslashes(serialize($a)); echo '['.$b.']';

Expected result:
----------------
empty string serialized

Actual result:
--------------
Fatal error

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-10 17:00 UTC] kabikov at sst dot su
-Summary: empty string serialization +Summary: addslashes problem
 [2018-12-10 17:00 UTC] kabikov at sst dot su 
seems more related to addslashes function
 [2018-12-11 22:12 UTC] nikic@php.net 
Related To: Bug #77284
 [2018-12-14 13:05 UTC] cmb@php.net
-Status: Open +Status: Verified -Package: Unknown/Other Function +Package: Strings related
 [2018-12-14 13:05 UTC] cmb@php.net 
Simpler reproducer:

<?php
var_dump(addslashes('"'));
 [2018-12-27 13:05 UTC] pascal dot christen at hostpoint dot ch 
Same problem with PHP7.3 on FreeBSD 11.2. 

valgrind --leak-check=full /usr/local/php73/bin/php -n base64.php
....

==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BAF9A: zend_new_interned_string_permanent (in /usr/local/php73/bin/php)
==98733==    by 0x594EBC: zend_register_functions (in /usr/local/php73/bin/php)
==98733==    by 0x5965AC: do_register_internal_class (in /usr/local/php73/bin/php)
==98733==    by 0x46E859: spl_register_std_class (in /usr/local/php73/bin/php)
==98733==    by 0x47A644: zm_startup_spl_array (in /usr/local/php73/bin/php)
==98733==    by 0x46E624: zm_startup_spl (in /usr/local/php73/bin/php)
==98733==    by 0x59439A: zend_startup_module_ex (in /usr/local/php73/bin/php)
==98733==    by 0x5947EB: zend_startup_module_zval (in /usr/local/php73/bin/php)
==98733==    by 0x5A13A1: zend_hash_apply (in /usr/local/php73/bin/php)
==98733==    by 0x5946AE: zend_startup_modules (in /usr/local/php73/bin/php)
==98733==    by 0x529216: php_module_startup (in /usr/local/php73/bin/php)
==98733==    by 0x64F32C: php_cli_startup (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BB586: zend_string_equal_val (in /usr/local/php73/bin/php)
==98733==    by 0x5A26BD: zend_hash_find (in /usr/local/php73/bin/php)
==98733==    by 0x56EC1F: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733==    by 0x58EE46: zend_execute_scripts (in /usr/local/php73/bin/php)
==98733==    by 0x52A411: php_execute_script (in /usr/local/php73/bin/php)
==98733==    by 0x64F0F8: do_cli (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BAA06: zend_new_interned_string_request (in /usr/local/php73/bin/php)
==98733==    by 0x56606A: zend_emit_op (in /usr/local/php73/bin/php)
==98733==    by 0x56ECC9: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733==    by 0x58EE46: zend_execute_scripts (in /usr/local/php73/bin/php)
==98733==    by 0x52A411: php_execute_script (in /usr/local/php73/bin/php)
==98733==    by 0x64F0F8: do_cli (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BB586: zend_string_equal_val (in /usr/local/php73/bin/php)
==98733==    by 0x5A26BD: zend_hash_find (in /usr/local/php73/bin/php)
==98733==    by 0x56EC1F: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x56B9B9: zend_compile_args (in /usr/local/php73/bin/php)
==98733==    by 0x56BDD7: zend_compile_call_common (in /usr/local/php73/bin/php)
==98733==    by 0x56ECEE: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BAA06: zend_new_interned_string_request (in /usr/local/php73/bin/php)
==98733==    by 0x56606A: zend_emit_op (in /usr/local/php73/bin/php)
==98733==    by 0x56ECC9: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x56B9B9: zend_compile_args (in /usr/local/php73/bin/php)
==98733==    by 0x56BDD7: zend_compile_call_common (in /usr/local/php73/bin/php)
==98733==    by 0x56ECEE: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733== 

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 1147720050061953400 bytes) in /root/pchristen/wordpress/base64.php on line 10
==98733== 
==98733== HEAP SUMMARY:
==98733==     in use at exit: 82,690 bytes in 28 blocks
==98733==   total heap usage: 6,708 allocs, 6,680 frees, 1,343,761 bytes allocated
==98733== 
==98733== LEAK SUMMARY:
==98733==    definitely lost: 0 bytes in 0 blocks
==98733==    indirectly lost: 0 bytes in 0 blocks
==98733==      possibly lost: 0 bytes in 0 blocks
==98733==    still reachable: 82,690 bytes in 28 blocks
==98733==         suppressed: 0 bytes in 0 blocks
==98733== Reachable blocks (those to which a pointer was found) are not shown.
==98733== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==98733== 
==98733== For counts of detected and suppressed errors, rerun with: -v
==98733== Use --track-origins=yes to see where uninitialised values come from
==98733== ERROR SUMMARY: 179 errors from 25 contexts (suppressed: 0 from 0)
 [2019-01-02 11:42 UTC] nikic@php.net
-Status: Verified +Status: Duplicate
 [2019-01-02 11:42 UTC] nikic@php.net 
Closing as a duplicate of bug #77284, as the root cause is the same, just with a different function.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 22:01:28 2024 UTC