PHP :: Bug #79207 :: Stackoverflow with header callback

Bug #79207	Stackoverflow with header callback
Submitted:	2020-02-01 17:51 UTC	Modified:	2020-02-04 14:06 UTC
From:	changochen1 at gmail dot com	Assigned:
Status:	Open	Package:	Scripting Engine problem
PHP Version:	master-Git-2020-02-01 (Git)	OS:	ALL
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	changochen1 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2020-02-01 17:51 UTC] changochen1 at gmail dot com

Description:
------------
The following test script triggers stack overflow in the latest code of php(PHP 8.0.0-dev (cli) (built: Jan 28 2020 14:15:44) ( NTS )). The crash locations varies each time we run it.

Run the script with "php -f poc.php", and with asan we got:

===
==121897==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd2563ae68 (pc 0x00000123867a bp 0x7ffd2563de60 sp 0x7ffd2563ae60 T0)
    #0 0x1238679 in execute_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1238679)
    #1 0xdf5a2f in zend_call_function (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf5a2f)
    #2 0x91a287 in zif_spl_autoload_call (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x91a287)
    #3 0xdf5c7d in zend_call_function (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf5c7d)
    #4 0xdf7f71 in zend_lookup_class_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf7f71)
    #5 0xdfa8dd in zend_fetch_class_by_name (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdfa8dd)
...
===

Test script:
---------------
<?
spl_autoload_register ( function () {
		header_register_callback ( function () {
				new a    ;
				}
				)    ;
		}
		) ;
class a implements b {       }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-02-01 19:42 UTC] stas@php.net

-Type: Security +Type: Bug -Package: CGI/CLI related +Package: Scripting Engine problem

[2020-02-04 14:06 UTC] nikic@php.net

-Summary: Stackoverflow in cli/php +Summary: Stackoverflow with header callback

[2020-02-04 14:06 UTC] nikic@php.net

The stack overflow is principally due to bug #64196. However, there might be a header_register_callback specific issue here, because we probably shouldn't be recursing into the header callback when trying to emit a header while inside the callback.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Nov 24 04:01:32 2024 UTC