php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77844 Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED
Submitted: 2019-04-04 10:39 UTC Modified: 2019-04-08 08:55 UTC
From: hanno at hboeck dot de Assigned: nikic (profile)
Status: Closed Package: *General Issues
PHP Version: 7.2 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: hanno at hboeck dot de
New email:
PHP Version: OS:

 

 [2019-04-04 10:39 UTC] hanno at hboeck dot de 
Description:
------------
The example command will cause a segfault.

With ASAN I get this stack trace, indicating a null pointer access:

==1102==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7f0cdd59b756 bp 0x7ffed002f990 sp 0x7ffed002f7f0 T0)
==1102==The signal is caused by a READ memory access.
==1102==Hint: address points to the zero page.
    #0 0x7f0cdd59b755  (/lib64/libc.so.6+0x3e755)
    #1 0x4bd858 in __interceptor_strtol (/r/php/php+0x4bd858)
    #2 0x177eb4c in atoi /usr/include/stdlib.h:363:16
    #3 0x177eb4c in zend_ini_do_op /f/php-7.3.3/Zend/zend_ini_parser.c:132
    #4 0x177ae78 in ini_parse /f/php-7.3.3/Zend/zend_ini_parser.c:1859:7
    #5 0x177defd in zend_parse_ini_string /f/php-7.3.3/Zend/zend_ini_parser.c:336:11
    #6 0x14a8294 in zif_parse_ini_string /f/php-7.3.3/ext/standard/basic_functions.c:6129:6
    #7 0x1bbc5a8 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /f/php-7.3.3/Zend/zend_vm_execute.h:690:2
    #8 0x19ef40c in execute_ex /f/php-7.3.3/Zend/zend_vm_execute.h:55334:7
    #9 0x19efcdf in zend_execute /f/php-7.3.3/Zend/zend_vm_execute.h:60881:2
    #10 0x183f138 in zend_eval_stringl /f/php-7.3.3/Zend/zend_execute_API.c:1018:4
    #11 0x183f85f in zend_eval_stringl_ex /f/php-7.3.3/Zend/zend_execute_API.c:1059:11
    #12 0x183f85f in zend_eval_string_ex /f/php-7.3.3/Zend/zend_execute_API.c:1070
    #13 0x1cc51c8 in do_cli /f/php-7.3.3/sapi/cli/php_cli.c:1030:8
    #14 0x1cc23e2 in main /f/php-7.3.3/sapi/cli/php_cli.c:1392:18
    #15 0x7f0cdd5814fa in __libc_start_main (/lib64/libc.so.6+0x244fa)
    #16 0x424419 in _start (/r/php/php+0x424419)


Test script:
---------------
php -r 'parse_ini_string("0=.0&0", TRUE, INI_SCANNER_TYPED);'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-04-08 08:52 UTC] nikic@php.net
-Summary: Crass due to null pointer in parse_ini_string with INI_SCANNER_TYPED +Summary: Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED -Status: Open +Status: Verified -PHP Version: 7.3.3 +PHP Version: 7.2
 [2019-04-08 08:52 UTC] nikic@php.net 
Also segfaults on PHP 7.2.
 [2019-04-08 08:55 UTC] nikic@php.net
-Status: Verified +Status: Assigned -Assigned To: +Assigned To: nikic
 [2019-04-08 09:13 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eea61cda7df1466a1f40a17c21b65901c1c68ce0
Log: Fixed bug #77844
 [2019-04-08 09:13 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC