PHP :: Bug #80182 :: Stack Overflow in Zend_compile.c zend_eval_const

Bug #80182	Stack Overflow in Zend_compile.c zend_eval_const_expr
Submitted:	2020-10-04 01:05 UTC	Modified:	2020-10-05 10:28 UTC
From:	m dot aldofirmansyah at gmail dot com	Assigned:	cmb (profile)
Status:	Duplicate	Package:	Scripting Engine problem
PHP Version:	8.0.0rc1	OS:	Ubuntu 16.04.1
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	m dot aldofirmansyah at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2020-10-04 01:05 UTC] m dot aldofirmansyah at gmail dot com

Description:
------------
When I'm fuzzing I found crashes and here is one of them

And here is the crash result from crashwalk and exploitable plugin

---CRASH SUMMARY---
Filename: /root/fuzzing-crash-file/php/fuzzing2/id:000012,sig:06,src:008295,op:havoc,rep:16
SHA1: 20523e8746cbbd1abec90de46d686e5b85e3fe61
Classification: EXPLOITABLE
Hash: 5104e526d3e39e337082a8c1aaf34e6b.a27eff695f3d05b2840927409286af1c
Command: /root/php/SRC/build/bin/php /root/fuzzing-crash-file/php/fuzzing2/id:000012,sig:06,src:008295,op:havoc,rep:16
Faulting Frame:
   zend_ast_get_lineno @ 0x0000000001e4b37b: in /root/php/SRC/build/bin/php
Disassembly:
Stack Head (1000 entries):
   zend_ast_get_lineno       @ 0x0000000001e4b37b: in /root/php/SRC/build/bin/php
   zend_compile_expr_inner   @ 0x0000000001ee407e: in /root/php/SRC/build/bin/php
   zend_compile_expr         @ 0x0000000001e44c7c: in /root/php/SRC/build/bin/php
   zend_compile_simple_var_n @ 0x0000000001e4d700: in /root/php/SRC/build/bin/php
   zend_compile_simple_var   @ 0x0000000001ee7055: in /root/php/SRC/build/bin/php
   zend_compile_var_inner    @ 0x0000000001ee66c0: in /root/php/SRC/build/bin/php
   zend_compile_var          @ 0x0000000001e4f714: in /root/php/SRC/build/bin/php
   zend_compile_expr_inner   @ 0x0000000001ee4a22: in /root/php/SRC/build/bin/php
   zend_compile_expr         @ 0x0000000001e44c7c: in /root/php/SRC/build/bin/php
   zend_compile_simple_var_n @ 0x0000000001e4d700: in /root/php/SRC/build/bin/php
   zend_compile_simple_var   @ 0x0000000001ee7055: in /root/php/SRC/build/bin/php
   zend_compile_var_inner    @ 0x0000000001ee66c0: in /root/php/SRC/build/bin/php
   zend_compile_var          @ 0x0000000001e4f714: in /root/php/SRC/build/bin/php
   zend_compile_expr_inner   @ 0x0000000001ee4a22: in /root/php/SRC/build/bin/php
   zend_compile_expr         @ 0x0000000001e44c7c: in /root/php/SRC/build/bin/php
   zend_compile_simple_var_n @ 0x0000000001e4d700: in /root/php/SRC/build/bin/php
Registers:
rax=0xffffffffffffff00 rbx=0x000000000497f560 rcx=0x00007f894e1987b8 rdx=0x0000000000000000 
rsi=0x0000000003461c00 rdi=0x0000000003470ae0 rbp=0x00007ffecec3f010 rsp=0x00007ffecec3efb0 
 r8=0x0000000004970600  r9=0x00000000000038dd r10=0x00007f8946ee1b00 r11=0x00007f8946ee1b58 
r12=0x00000ff128ddc36e r13=0x0000000000000018 r14=0x0000000000003400 r15=0x00007f8946ee1b70 
rip=0x0000000001e4b37b efl=0x0000000000010246  cs=0x0000000000000033  ss=0x000000000000002b 
 ds=0x0000000000000000  es=0x0000000000000000  fs=0x0000000000000000  gs=0x0000000000000000 
 k0=0x0000000000000000  k1=0x0000000000000000  k2=0x0000000000000000  k3=0x0000000000000000 
 k4=0x0000000000000000  k5=0x0000000000000000  k6=0x0000000000000000  k7=0x0000000000000000 
Extra Data:
   Description: Access violation during branch instruction
   Short description: BranchAv (4/22)
   Explanation: The target crashed on a branch instruction, which may indicate that the control flow is tainted.
---END SUMMARY---

Test script:
---------------
<?php $Ã¿ = [  ... Ã¿,""+€> 4, !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5];
$result = [0, ...$a, ...$b, 6 ,7];
?>

Actual result:
--------------
root@a9d591b2d92a:/root/php/# php poc2.php 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==7405==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc11265f38 (pc 0x000001ed3eea bp 0x7ffc11266820 sp 0x7ffc11265f40 T0)
    #0 0x1ed3ee9 in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9666
    #1 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #2 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #3 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #4 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #5 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #6 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #7 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #8 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #9 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #10 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #11 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #12 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #13 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #14 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #15 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #16 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #17 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #18 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #19 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #20 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #21 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #22 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #23 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #24 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #25 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #26 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #27 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #28 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #29 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #30 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #31 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #32 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #33 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #34 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #35 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #36 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #37 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #38 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #39 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #40 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #41 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #42 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #43 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #44 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #45 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #46 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #47 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #48 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #49 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #50 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #51 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #52 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #53 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #54 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #55 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #56 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #57 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #58 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #59 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #60 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #61 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #62 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #63 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #64 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #65 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #66 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #67 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #68 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #69 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #70 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #71 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #72 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #73 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #74 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #75 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #76 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #77 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #78 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #79 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #80 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #81 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #82 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #83 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #84 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #85 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #86 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #87 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #88 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #89 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #90 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #91 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #92 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #93 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #94 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #95 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #96 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #97 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #98 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #99 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #100 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #101 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #102 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #103 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #104 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #105 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #106 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #107 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #108 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #109 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #110 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #111 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #112 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #113 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #114 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #115 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #116 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #117 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #118 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #119 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #120 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #121 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #122 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #123 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #124 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #125 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #126 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #127 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #128 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #129 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #130 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #131 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #132 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #133 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #134 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #135 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #136 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #137 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #138 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #139 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #140 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #141 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #142 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #143 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #144 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #145 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #146 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #147 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #148 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #149 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #150 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #151 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #152 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #153 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #154 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #155 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #156 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #157 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #158 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #159 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #160 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #161 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #162 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #163 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #164 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #165 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #166 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #167 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #168 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #169 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #170 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #171 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #172 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #173 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #174 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #175 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #176 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #177 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #178 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #179 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #180 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #181 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #182 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #183 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #184 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #185 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #186 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #187 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #188 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #189 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #190 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #191 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #192 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #193 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #194 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #195 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #196 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #197 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #198 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #199 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #200 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #201 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #202 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #203 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #204 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #205 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #206 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #207 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #208 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #209 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #210 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #211 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #212 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #213 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #214 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #215 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #216 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #217 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #218 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #219 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #220 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #221 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #222 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #223 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #224 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #225 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #226 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #227 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #228 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #229 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #230 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #231 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #232 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #233 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #234 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #235 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #236 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #237 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #238 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #239 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #240 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #241 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #242 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #243 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #244 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #245 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #246 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #247 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
    #248 0x1ed540a in zend_eval_const_expr /root/php/SRC/Zend/zend_compile.c:9728:4
SUMMARY: AddressSanitizer: stack-overflow /root/php/SRC/Zend/zend_compile.c:9666 in zend_eval_const_expr
==7405==ABORTING

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-10-05 10:27 UTC] cmb@php.net

-Status: Open +Status: Not a bug -Type: Security +Type: Bug -Assigned To: +Assigned To: cmb

[2020-10-05 10:27 UTC] cmb@php.net

This is basically a duplicate of bug #80183.

[2020-10-05 10:28 UTC] cmb@php.net

-Status: Not a bug +Status: Duplicate -Package: Unknown/Other Function +Package: Scripting Engine problem

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 07:00:01 2025 UTC