|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2020-02-01 19:41 UTC] stas@php.net
-Type: Security
+Type: Bug
-Package: CGI/CLI related
+Package: Scripting Engine problem
[2020-02-03 15:35 UTC] nikic@php.net
[2020-02-04 13:29 UTC] nikic@php.net
-Status: Open
+Status: Duplicate
[2020-02-04 13:29 UTC] nikic@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 12:01:29 2024 UTC |
Description: ------------ We found a seg fault in cli/php(PHP 8.0.0-dev (cli) (built: Jan 31 2020 21:52:09) ( NTS )) Run the test script with "php -f poc.php" The backtrace from asan is: === ==429843==ERROR: AddressSanitizer: SEGV on unknown address 0x0000b8443768 (pc 0x000000d86238 bp 0x7fffeec35800 sp 0x7fffeec357d0 T0) #0 0xd86237 in _emalloc_320 (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xd86237) #1 0xe7e44f in zend_hash_real_init_mixed (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe7e44f) #2 0xe85436 in zend_hash_add_new (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe85436) #3 0xed43af in zend_fetch_debug_backtrace (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xed43af) #4 0xee659f in zend_default_exception_new_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xee659f) #5 0xee6f75 in zend_default_exception_new (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xee6f75) #6 0xe523f0 in object_init_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe523f0) #7 0xef51e6 in zend_throw_exception (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xef51e6) #8 0xe42e10 in zend_throw_error (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe42e10) #9 0x1015e5f in ZEND_INIT_DYNAMIC_CALL_SPEC_TMPVAR_HANDLER (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1015e5f) #10 0x12459c8 in execute_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x12459c8) #11 0xdf5a2f in zend_call_function (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf5a2f) #12 0xdf3145 in _call_user_function_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf3145) #13 0xe418a0 in zend_error_va_list (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe418a0) #14 0xe427b5 in zend_error (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe427b5) #15 0xfb6611 in zend_undefined_index (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xfb6611) #16 0xfbfe42 in zend_fetch_dimension_address_read_R (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xfbfe42) #17 0x1034d92 in ZEND_FETCH_DIM_R_SPEC_CONST_TMPVAR_HANDLER (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1034d92) #18 0x124c9c2 in execute_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x124c9c2) #19 0x127aab7 in zend_execute (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x127aab7) #20 0xe43dfb in zend_execute_scripts (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe43dfb) #21 0xcab3b7 in php_execute_script (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xcab3b7) #22 0x1280971 in do_cli (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1280971) #23 0x1282acb in main (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1282acb) #24 0x7f9ec764482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #25 0x428a78 in _start (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x428a78) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 _emalloc_320 ==429843==ABORTING Test script: --------------- <? array () [ set_error_handler ( function () { ( set_error_handler ( function () { $a [ $GLOBALS [ $a ] = $a ] = 2 ; } ) == list ( $a [ ++ $b [ 1 ] ] ) = $GLOBALS [ var_dump ( $GLOBALS ) ] = & $b ) () ; } ) ] ;