PHP :: Bug #79835 :: Segfault in php_str_replace_in

Bug #79835	Segfault in php_str_replace_in_subject
Submitted:	2020-07-11 20:08 UTC	Modified:	-
From:	changochen1 at gmail dot com	Assigned:
Status:	Open	Package:	Scripting Engine problem
PHP Version:	8.0Git-2020-07-11 (Git)	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	changochen1 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2020-07-11 20:08 UTC] changochen1 at gmail dot com

Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==173470==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000010 (pc 0x000000fbecb3 bp 0x000000000000 sp 0x7ffdf46657f0 T173470)
==173470==The signal is caused by a READ memory access.
==173470==Hint: address points to the zero page.
    #0 0xfbecb2 in php_str_replace_in_subject /home/yongheng/php_clean/ext/standard/string.c
    #1 0xfa9b3b in php_str_replace_common /home/yongheng/php_clean/ext/standard/string.c:4289:13
    #2 0x15dbed2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #3 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #4 0x1431214 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56362:2
    #5 0x138d418 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #6 0x10f0cf9 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #7 0x179c8af in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:951:5
    #8 0x1798c9f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1349:18
    #9 0x7fc89b004b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #10 0x43fa49 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43fa49)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/ext/standard/string.c in php_str_replace_in_subject
==173470==ABORTING
---

Test script:
---------------
<?
function b () {
    in_array ( $c ,   array  ( ob_start ( function ( $buffer ) {
        $GLOBALS [] = $buffer ;
    }
    , 1 ) ) , var_dump ( $a ) > mkdir ( $d ) );
}
b () ;
var_dump ( max ( function ( $f ) {}, 1  ) , array ( array ( $g , $g ) , 'x' => array ( 7 , array () ) ) ) ;
str_replace ( array ( array ( $$e  )) , 7 , $GLOBALS ) ;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2024-05-06 11:22 UTC] robert2001blodgett at outlook dot com

(https://github.com)(https://www-netbenefits.com)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Oct 30 08:00:01 2025 UTC