php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79150 memcpy-param-overlap caused by zif_mb_convert_encoding
Submitted: 2020-01-21 14:33 UTC Modified: 2020-01-22 08:34 UTC
From: wxhusst at gmail dot com Assigned: cmb (profile)
Status: Duplicate Package: mbstring related
PHP Version: 7.4Git-2020-01-21 (Git) OS: linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: wxhusst at gmail dot com
New email:
PHP Version: OS:

 

 [2020-01-21 14:33 UTC] wxhusst at gmail dot com
Description:
------------
==119497==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7f29aaa02052,0xfe535547e2db) and [0x7f29aaa59c78, 0xfe53554d5f01) overlap
    #0 0x6acd38 in __asan_memcpy /home/buildnode/jenkins/workspace/oss-swift-5.1-package-linux-ubuntu-18_04/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23:3
    #1 0x10c0f2c in zif_mb_convert_encoding /home/raven/fuzz/php-src-php-7.4.2/ext/mbstring/mbstring.c:3375:7
    #2 0x242215d in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/raven/fuzz/php-src-php-7.4.2/Zend/zend_vm_execute.h:1269:2
    #3 0x2131c97 in execute_ex /home/raven/fuzz/php-src-php-7.4.2/Zend/zend_vm_execute.h:53611:7
    #4 0x2132d52 in zend_execute /home/raven/fuzz/php-src-php-7.4.2/Zend/zend_vm_execute.h:57913:2
    #5 0x1eb6d8c in zend_execute_scripts /home/raven/fuzz/php-src-php-7.4.2/Zend/zend.c:1665:4
    #6 0x1a9b754 in php_execute_script /home/raven/fuzz/php-src-php-7.4.2/main/main.c:2617:14
    #7 0x255f9f0 in do_cli /home/raven/fuzz/php-src-php-7.4.2/sapi/cli/php_cli.c:961:5
    #8 0x255c3a7 in main /home/raven/fuzz/php-src-php-7.4.2/sapi/cli/php_cli.c:1352:18
    #9 0x7f29b00c41e2 in __libc_start_main /build/glibc-4WA41p/glibc-2.30/csu/../csu/libc-start.c:308:16
    #10 0x602b3d in _start (/home/raven/fuzz/php-src-php-7.4.2/sapi/cli/php+0x602b3d)

Address 0x7f29aaa02052 is a wild pointer.
Address 0x7f29aaa59c78 is a wild pointer.
SUMMARY: AddressSanitizer: memcpy-param-overlap /home/buildnode/jenkins/workspace/oss-swift-5.1-package-linux-ubuntu-18_04/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23:3 in __asan_memcpy
==119497==ABORTING

Test script:
---------------
<?php
try { try { mb_convert_encoding(range(0, 10), str_repeat(chr(193), 65537) + str_repeat(chr(168), 65), array(array("Volvo",100,96),range(0,10),array("a" => 1, "b" => "2", "c" => 3.0))); } catch (Exception $e) { } } catch(Error $e) { }
?>

Expected result:
----------------
normal

Actual result:
--------------
crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-01-21 16:23 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2020-01-21 16:23 UTC] cmb@php.net
Thanks for reporting!
 [2020-01-22 08:34 UTC] cmb@php.net
-Status: Verified +Status: Duplicate -Type: Security +Type: Bug
 [2020-01-22 08:34 UTC] cmb@php.net
This is actually a duplicate of bug #79149.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 04 08:01:29 2024 UTC