PHP :: Bug #77360 :: class_uses causes segfault

Bug #77360	class_uses causes segfault
Submitted:	2018-12-27 14:15 UTC	Modified:	2018-12-27 14:30 UTC
From:	lauri dot kentta at gmail dot com	Assigned:	nikic (profile)
Status:	Closed	Package:	SPL related
PHP Version:	7.3.0	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	lauri dot kentta at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2018-12-27 14:15 UTC] lauri dot kentta at gmail dot com

Description:
------------
Similar to bug #77359, the function spl_find_ce_by_name has use-after-free of a zend_string and causes segfault. This affects functions class_parents, class_implements and class_uses. This bug is caused by commit 084c17fe0b68d391467fd48a14433443d4fcba81.

Test script:
---------------
<?php
$a = md5(""); # Create a non-interned string.
@class_uses($a, false); # Invalid free.
@class_uses($a, false); # Use after free.
echo "{$a} + foo\n"; # Use after free.
# Notice how "foo" is not printed even if the code does not crash.
# Run it a few times to get a crash.
?>

Expected result:
----------------
No crash and full output.

Actual result:
--------------
Crash or truncated output.

Patches

0001-Fix-77360-class_uses-causes-segfault.txt (last revision 2018-12-27 14:17 UTC by lauri dot kentta at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-12-27 14:30 UTC] nikic@php.net

-Assigned To: +Assigned To: nikic

[2018-12-27 14:34 UTC] nikic@php.net

Automatic comment on behalf of lauri.kentta@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=16c62a81795c253724a957d32e242545bb05253d
Log: Fix #77360: class_uses causes segfault

[2018-12-27 14:34 UTC] nikic@php.net

-Status: Assigned +Status: Closed

[2019-01-07 12:05 UTC] cmb@php.net

Automatic comment on behalf of lauri.kentta@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f45ed833d1c7b08c868c0dc6847611e2b79bb65e
Log: Fix #77360: class_uses causes segfault

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 07:01:29 2024 UTC