php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79780 Stack overflow in zend_string_init
Submitted: 2020-07-04 00:34 UTC Modified: 2020-07-04 00:42 UTC
From: changochen1 at gmail dot com Assigned:
Status: Duplicate Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-04 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-04 00:34 UTC] changochen1 at gmail dot com 
Description:
------------
Cmdline: php -f poc

Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==216578==ERROR: MemorySanitizer: stack-overflow on address 0x7ffc286a4cf8 (pc 0x00000044c652 bp 0x7ffc286a5540 sp 0x7ffc286a4ce0 T216578)
    #0 0x44c651 in __msan_memcpy.part.330 (/home/yongheng/php_clean/bld/sapi/cli/php+0x44c651)
    #1 0x134c0b4 in zend_string_init /home/yongheng/php_clean/Zend/zend_string.h:165:2
    #2 0x134c0b4 in zend_long_to_str /home/yongheng/php_clean/Zend/zend_operators.c:2890
    #3 0x134c0b4 in _convert_to_string /home/yongheng/php_clean/Zend/zend_operators.c:630
    #4 0x138b210 in zend_parse_arg_str_weak /home/yongheng/php_clean/Zend/zend_API.c:493:3
    #5 0x138b73c in zend_parse_arg_str_slow /home/yongheng/php_clean/Zend/zend_API.c:517:9
    #6 0x1402966 in zend_parse_arg_str /home/yongheng/php_clean/Zend/zend_API.h:1784:10
    #7 0x1402966 in class_exists_impl /home/yongheng/php_clean/Zend/zend_builtin_functions.c:1053
    #8 0x15c5942 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1236:2
    #9 0x142669f in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:51852:7
    #10 0x132a6fa in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:803:3
    #11 0x132cb58 in zend_call_known_function /home/yongheng/php_clean/Zend/zend_execute_API.c:890:15
    #12 0xd3cd88 in spl_perform_autoload /home/yongheng/php_clean/ext/spl/php_spl.c:447:3
    #13 0x132e090 in zend_lookup_class_ex /home/yongheng/php_clean/Zend/zend_execute_API.c:1015:7
...
---

Test script:
---------------
<?
spl_autoload_register (
    function () {
        static $a ;
        $a ++  ;
        class_exists ( $a ) ;
    }
) ;
class_exists ( 'x' )  ;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-04 00:42 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2020-07-04 00:42 UTC] requinix@php.net 
Duplicate of #64196.
 [2020-07-04 00:42 UTC] requinix@php.net 
And by the I mean bug #64196
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 17:01:32 2024 UTC