|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2019-05-28 00:18 UTC] stas@php.net
-PHP Version: 7.3.5
+PHP Version: 7.1.29
-CVE-ID:
+CVE-ID: 2019-11040
[2019-05-28 00:28 UTC] stas@php.net
-Assigned To:
+Assigned To: stas
[2019-05-28 00:28 UTC] stas@php.net
[2019-05-28 00:28 UTC] stas@php.net
-Status: Assigned
+Status: Closed
[2019-05-28 07:07 UTC] cmb@php.net
[2019-07-27 15:13 UTC] orestiskourides+php at gmail dot com
-: orestiskourides at gmail dot com
+: orestiskourides+php at gmail dot com
[2019-07-27 15:13 UTC] orestiskourides+php at gmail dot com
[2021-08-04 09:24 UTC] 978297127 at qq dot com
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Jan 30 09:01:27 2025 UTC |
Description: ------------ ==29489==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001715 at pc 0x00000080609e bp 0x7fff9a5e15d0 sp 0x7fff9a5e15c8 READ of size 1 at 0x602000001715 thread T0 #0 0x80609d in php_jpg_get16 /home/ninja/php/php-7.3.5/ext/exif/exif.c:1437:38 #1 0x7f3d12 in exif_scan_thumbnail /home/ninja/php/php-7.3.5/ext/exif/exif.c:3923:12 #2 0x7effa6 in zif_exif_read_data /home/ninja/php/php-7.3.5/ext/exif/exif.c:4581:4 #3 0x104aa9f in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/ninja/php/php-7.3.5/Zend/zend_vm_execute.h:690:2 #4 0xf2b1d3 in execute_ex /home/ninja/php/php-7.3.5/Zend/zend_vm_execute.h:55334:7 #5 0xf2b71d in zend_execute /home/ninja/php/php-7.3.5/Zend/zend_vm_execute.h:60881:2 #6 0xdeb7be in zend_execute_scripts /home/ninja/php/php-7.3.5/Zend/zend.c:1568:4 #7 0xbe2d4c in php_execute_script /home/ninja/php/php-7.3.5/main/main.c:2630:14 #8 0x1167fe9 in do_cli /home/ninja/php/php-7.3.5/sapi/cli/php_cli.c:997:5 #9 0x1165929 in main /home/ninja/php/php-7.3.5/sapi/cli/php_cli.c:1389:18 #10 0x7fec9e4e0b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #11 0x4388e9 in _start (/home/ninja/php/php-7.3.5/sapi/cli/php+0x4388e9) Test script: --------------- <? $img = fopen("php://memory","r+"); fwrite($img,hex2bin("ffd83000103030303030303030303030303030fffe000e303030303030303030303000fffe000e303030303030303030303000fffe00103030303030303030303030303000ffe102994578696600004d4d002a00000008000282980002000000300000002692860002000000300000004f000000683030303030303030303030300400303030303000303030303030303030303030303030303030303030554e49434f4445003030303030303030303030303030303030000202010004000000010000008602020004000000010000000430303030ffd8ff00027fff30303030303030303030303030ff30008430303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030ffc000303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030305230303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030ff300084303030303000043030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030393030303030303030303030303030303030303030303030303030303030303030303030303030303030ffc00011303030303003303030303030303030ff3000043030ff30013f3030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303029303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030304830303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030ffda000330")); $test=exif_read_data($img, 'COMMENT', FALSE, TRUE); ?> Expected result: ---------------- No crash Actual result: -------------- ==29770== Memcheck, a memory error detector ==29770== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==29770== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==29770== Command: sapi/cli/php test.php ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5E01E8: zend_register_ini_entries (zend_ini.c:261) ==29770== by 0x566180: php_module_startup (main.c:2275) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x5CD8DD: zend_register_internal_class (zend_API.c:2775) ==29770== by 0x5CD8DD: zend_register_internal_class_ex (zend_API.c:2747) ==29770== by 0x5E696A: zend_register_default_exception (zend_exceptions.c:827) ==29770== by 0x602B3A: zend_register_default_classes (zend_default_classes.c:32) ==29770== by 0x5DB403: zm_startup_core (zend_builtin_functions.c:307) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CFB26: zval_make_interned_string (zend_API.c:3692) ==29770== by 0x5CFB26: zend_declare_property_ex (zend_API.c:3713) ==29770== by 0x5CFE56: zend_declare_property (zend_API.c:3783) ==29770== by 0x5CFFFE: zend_declare_property_string (zend_API.c:3830) ==29770== by 0x5E69B6: zend_register_default_exception (zend_exceptions.c:831) ==29770== by 0x602B3A: zend_register_default_classes (zend_default_classes.c:32) ==29770== by 0x5DB403: zm_startup_core (zend_builtin_functions.c:307) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CFCC3: zend_declare_property_ex (zend_API.c:3758) ==29770== by 0x5CFE56: zend_declare_property (zend_API.c:3783) ==29770== by 0x5CFFFE: zend_declare_property_string (zend_API.c:3830) ==29770== by 0x5E69D7: zend_register_default_exception (zend_exceptions.c:832) ==29770== by 0x602B3A: zend_register_default_classes (zend_default_classes.c:32) ==29770== by 0x5DB403: zm_startup_core (zend_builtin_functions.c:307) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CFCC3: zend_declare_property_ex (zend_API.c:3758) ==29770== by 0x5CFE56: zend_declare_property (zend_API.c:3783) ==29770== by 0x5CFF0A: zend_declare_property_long (zend_API.c:3812) ==29770== by 0x5E69F5: zend_register_default_exception (zend_exceptions.c:833) ==29770== by 0x602B3A: zend_register_default_classes (zend_default_classes.c:32) ==29770== by 0x5DB403: zm_startup_core (zend_builtin_functions.c:307) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CFCC3: zend_declare_property_ex (zend_API.c:3758) ==29770== by 0x5CFE56: zend_declare_property (zend_API.c:3783) ==29770== by 0x5CFEAA: zend_declare_property_null (zend_API.c:3794) ==29770== by 0x5E6A10: zend_register_default_exception (zend_exceptions.c:834) ==29770== by 0x602B3A: zend_register_default_classes (zend_default_classes.c:32) ==29770== by 0x5DB403: zm_startup_core (zend_builtin_functions.c:307) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CFD2F: zend_declare_property_ex (zend_API.c:3770) ==29770== by 0x5CFE56: zend_declare_property (zend_API.c:3783) ==29770== by 0x5CFFFE: zend_declare_property_string (zend_API.c:3830) ==29770== by 0x5E6B5F: zend_register_default_exception (zend_exceptions.c:849) ==29770== by 0x602B3A: zend_register_default_classes (zend_default_classes.c:32) ==29770== by 0x5DB403: zm_startup_core (zend_builtin_functions.c:307) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5D013F: zval_make_interned_string (zend_API.c:3692) ==29770== by 0x5D013F: zend_declare_class_constant_ex (zend_API.c:3859) ==29770== by 0x5D0315: zend_declare_class_constant (zend_API.c:3895) ==29770== by 0x5D0485: zend_declare_class_constant_stringl (zend_API.c:3942) ==29770== by 0x41F9B4: date_register_classes (php_date.c:2114) ==29770== by 0x41F9B4: zm_startup_date (php_date.c:877) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CDA74: do_register_internal_class (zend_API.c:2731) ==29770== by 0x4CDE4C: zm_startup_reflection (php_reflection.c:6636) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CDE90: zm_startup_reflection (php_reflection.c:6639) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CE049: zm_startup_reflection (php_reflection.c:6660) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CE0D3: zm_startup_reflection (php_reflection.c:6666) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CE2B1: zm_startup_reflection (php_reflection.c:6687) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CE3E3: zm_startup_reflection (php_reflection.c:6701) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CE48E: zm_startup_reflection (php_reflection.c:6708) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CE5A5: zm_startup_reflection (php_reflection.c:6720) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4CE62F: zm_startup_reflection (php_reflection.c:6726) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F05AA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F05AA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F05AA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F05AA: zend_new_interned_string_permanent (zend_string.c:196) ==29770== by 0x5CCA5F: zend_register_functions (zend_API.c:2283) ==29770== by 0x5CDA5D: do_register_internal_class (zend_API.c:2727) ==29770== by 0x4D1BE1: spl_register_std_class (spl_functions.c:44) ==29770== by 0x4DCD59: zm_startup_spl_array (spl_array.c:2002) ==29770== by 0x4D19CD: zm_startup_spl (php_spl.c:998) ==29770== by 0x5CBB8B: zend_startup_module_ex (zend_API.c:1878) ==29770== by 0x5CBF88: zend_startup_module_zval (zend_API.c:1893) ==29770== by 0x5D8201: zend_hash_apply (zend_hash.c:1688) ==29770== by 0x5CBE62: zend_startup_modules (zend_API.c:2004) ==29770== by 0x566222: php_module_startup (main.c:2333) ==29770== by 0x67C09B: php_cli_startup (php_cli.c:420) ==29770== by 0x67AFF2: main (php_cli.c:1356) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F0056: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F0056: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F0056: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F0056: zend_new_interned_string_request (zend_string.c:224) ==29770== by 0x59F920: zval_make_interned_string (zend_compile.c:473) ==29770== by 0x59F920: zend_insert_literal (zend_compile.c:485) ==29770== by 0x59F920: zend_add_literal (zend_compile.c:505) ==29770== by 0x59F920: zend_emit_op (zend_compile.c:2121) ==29770== by 0x5A8109: zend_compile_call (zend_compile.c:4042) ==29770== by 0x5A2F4A: zend_compile_assign (zend_compile.c:2980) ==29770== by 0x5AB1BE: zend_compile_stmt (zend_compile.c:8309) ==29770== by 0x5B1A3C: zend_compile_top_stmt (zend_compile.c:8195) ==29770== by 0x5B1A2B: zend_compile_top_stmt (zend_compile.c:8190) ==29770== by 0x58A707: zend_compile (zend_language_scanner.l:602) ==29770== by 0x58A5D5: compile_file (zend_language_scanner.l:636) ==29770== by 0x5C6A35: zend_execute_scripts (zend.c:1562) ==29770== by 0x5672D6: php_execute_script (main.c:2630) ==29770== by 0x67BE92: do_cli (php_cli.c:997) ==29770== by 0x67B049: main (php_cli.c:1389) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F0056: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F0056: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F0056: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F0056: zend_new_interned_string_request (zend_string.c:224) ==29770== by 0x59F920: zval_make_interned_string (zend_compile.c:473) ==29770== by 0x59F920: zend_insert_literal (zend_compile.c:485) ==29770== by 0x59F920: zend_add_literal (zend_compile.c:505) ==29770== by 0x59F920: zend_emit_op (zend_compile.c:2121) ==29770== by 0x5A8109: zend_compile_call (zend_compile.c:4042) ==29770== by 0x5AB1BE: zend_compile_stmt (zend_compile.c:8309) ==29770== by 0x5B1A3C: zend_compile_top_stmt (zend_compile.c:8195) ==29770== by 0x5B1A2B: zend_compile_top_stmt (zend_compile.c:8190) ==29770== by 0x58A707: zend_compile (zend_language_scanner.l:602) ==29770== by 0x58A5D5: compile_file (zend_language_scanner.l:636) ==29770== by 0x5C6A35: zend_execute_scripts (zend.c:1562) ==29770== by 0x5672D6: php_execute_script (main.c:2630) ==29770== by 0x67BE92: do_cli (php_cli.c:997) ==29770== by 0x67B049: main (php_cli.c:1389) ==29770== ==29770== Conditional jump or move depends on uninitialised value(s) ==29770== at 0x5F00FA: zend_string_equal_val (zend_string.c:403) ==29770== by 0x5F00FA: zend_string_equal_content (zend_string.h:310) ==29770== by 0x5F00FA: zend_interned_string_ht_lookup (zend_string.c:156) ==29770== by 0x5F00FA: zend_new_interned_string_request (zend_string.c:230) ==29770== by 0x5A3793: zval_make_interned_string (zend_compile.c:473) ==29770== by 0x5A3793: zend_try_compile_cv (zend_compile.c:2534) ==29770== by 0x5A408B: zend_compile_simple_var (zend_compile.c:2606) ==29770== by 0x5A408B: zend_compile_var (zend_compile.c:8450) ==29770== by 0x5A5056: zend_compile_args (zend_compile.c:3211) ==29770== by 0x5A51D0: zend_compile_call_common (zend_compile.c:3314) ==29770== by 0x5A812A: zend_compile_call (zend_compile.c:4045) ==29770== by 0x5AB1BE: zend_compile_stmt (zend_compile.c:8309) ==29770== by 0x5B1A3C: zend_compile_top_stmt (zend_compile.c:8195) ==29770== by 0x5B1A2B: zend_compile_top_stmt (zend_compile.c:8190) ==29770== by 0x58A707: zend_compile (zend_language_scanner.l:602) ==29770== by 0x58A5D5: compile_file (zend_language_scanner.l:636) ==29770== by 0x5C6A35: zend_execute_scripts (zend.c:1562) ==29770== by 0x5672D6: php_execute_script (main.c:2630) ==29770== by 0x67BE92: do_cli (php_cli.c:997) ==29770== by 0x67B049: main (php_cli.c:1389) ==29770== ==29770== Invalid read of size 1 ==29770== at 0x4BCDAB: php_jpg_get16 (exif.c:1437) ==29770== by 0x4BCDAB: exif_scan_thumbnail (exif.c:3923) ==29770== by 0x4BB57D: zif_exif_read_data (exif.c:4581) ==29770== by 0x652772: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:690) ==29770== by 0x608DB7: execute_ex (zend_vm_execute.h:55334) ==29770== by 0x608F0F: zend_execute (zend_vm_execute.h:60881) ==29770== by 0x5C6A63: zend_execute_scripts (zend.c:1568) ==29770== by 0x5672D6: php_execute_script (main.c:2630) ==29770== by 0x67BE92: do_cli (php_cli.c:997) ==29770== by 0x67B049: main (php_cli.c:1389) ==29770== Address 0x645c385 is 0 bytes after a block of size 5 alloc'd ==29770== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29770== by 0x59D4B8: __zend_malloc (zend_alloc.c:2903) ==29770== by 0x59D687: _estrndup (zend_alloc.c:2607) ==29770== by 0x4BE526: exif_thumbnail_extract (exif.c:2942) ==29770== by 0x4BE526: exif_process_IFD_in_JPEG (exif.c:3620) ==29770== by 0x4BBEE7: exif_process_TIFF_in_JPEG (exif.c:3666) ==29770== by 0x4BBEE7: exif_process_APP1 (exif.c:3691) ==29770== by 0x4BBEE7: exif_scan_JPEG_header (exif.c:3836) ==29770== by 0x4BBEE7: exif_scan_FILE_header (exif.c:4229) ==29770== by 0x4BBEE7: exif_read_from_impl (exif.c:4370) ==29770== by 0x4BBEE7: exif_read_from_stream (exif.c:4387) ==29770== by 0x4BA86C: zif_exif_read_data (exif.c:4477) ==29770== by 0x652772: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:690) ==29770== by 0x608DB7: execute_ex (zend_vm_execute.h:55334) ==29770== by 0x608F0F: zend_execute (zend_vm_execute.h:60881) ==29770== by 0x5C6A63: zend_execute_scripts (zend.c:1568) ==29770== by 0x5672D6: php_execute_script (main.c:2630) ==29770== by 0x67BE92: do_cli (php_cli.c:997) ==29770== by 0x67B049: main (php_cli.c:1389) ==29770== ==29770== ==29770== HEAP SUMMARY: ==29770== in use at exit: 0 bytes in 0 blocks ==29770== total heap usage: 7,157 allocs, 7,157 frees, 1,606,143 bytes allocated ==29770== ==29770== All heap blocks were freed -- no leaks are possible ==29770== ==29770== For counts of detected and suppressed errors, rerun with: -v ==29770== Use --track-origins=yes to see where uninitialised values come from ==29770== ERROR SUMMARY: 170 errors from 22 contexts (suppressed: 0 from 0)