php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79821 Segfault in zend_get_properties_for
Submitted: 2020-07-09 05:45 UTC Modified: 2020-07-10 20:21 UTC
From: changochen1 at gmail dot com Assigned: twosee (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-09 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-09 05:45 UTC] changochen1 at gmail dot com 
Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==90629==ERROR: MemorySanitizer: SEGV on unknown address 0x0001000000c1 (pc 0x0000016f0d06 bp 0x2fff3f021520 sp 0x7fff3f021510 T90629)
==90629==The signal is caused by a READ memory access.
    #0 0x16f0d05 in zend_get_properties_for /home/yongheng/php_clean/Zend/zend_object_handlers.c:1783:22
    #1 0xfbd6ec in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:153:11
    #2 0xfbe156 in php_array_element_dump /home/yongheng/php_clean/ext/standard/var.c:47:2
    #3 0xfbe156 in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:136
    #4 0xfbe156 in php_array_element_dump /home/yongheng/php_clean/ext/standard/var.c:47:2
    #5 0xfbe156 in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:136
    #6 0xfbe156 in php_array_element_dump /home/yongheng/php_clean/ext/standard/var.c:47:2
    #7 0xfbe156 in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:136
    #8 0xfbf671 in zif_var_dump /home/yongheng/php_clean/ext/standard/var.c:217:3
    #9 0x15763b2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #10 0x13ed9df in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:51800:7
    #11 0x13ee1d4 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56094:2
    #12 0x1338298 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #13 0x10c2327 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #14 0x171f571 in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:955:5
    #15 0x171b94f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1353:18
    #16 0x7f42389fbb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #17 0x440419 in _start (/home/yongheng/php_clean/asan/sapi/cli/php+0x440419)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_object_handlers.c:1783:22 in zend_get_properties_for
==90629==ABORTING
---

Test script:
---------------
<?
for ( ;;$a ++ )
    switch ( $a ) {
    case $b  = array (  $b, array ( & $_FILES   )   ) :
    case 3 :
        break 2 ;
    }
ob_start ( function () {$_FILES [] []=$buffer ;}, 20 ) ;
foreach ( $b as $c ) var_dump ( $c ) ;

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-10 20:21 UTC] twosee@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: twosee
 [2020-07-10 20:59 UTC] twosee@php.net 
The following pull request has been associated:

Patch Name: Fixed bug #79821
On GitHub:  https://github.com/php/php-src/pull/5837
Patch:      https://github.com/php/php-src/pull/5837.patch
 [2020-07-10 22:24 UTC] twosee@php.net 
Automatic comment on behalf of twose@qq.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=150504e6b1ea2b2eac3177c8cff2657a243da22c
Log: Fixed bug #79821
 [2020-07-10 22:24 UTC] twosee@php.net
-Status: Assigned +Status: Closed
 [2020-07-11 06:48 UTC] twosee@php.net 
Automatic comment on behalf of twose@qq.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=56dec3cc73829cefe9817d4c59ea3873dde1f443
Log: Fixed bug #79830 introduced by fixing bug #79821
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Apr 03 07:01:30 2025 UTC