|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2012-02-22 14:37 UTC] laruence@php.net
-Status: Open
+Status: Duplicate
[2012-02-22 14:37 UTC] laruence@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Mar 24 11:01:29 2025 UTC |
Description: ------------ Was running into some whitescreens with the taint module on. Turns out I was appending to a variable that didn't exist yet in a function. This crashes PHP from the taint module. Reproduce code: --------------- <?php function test($test) { $data .= $test; // $data doesn't exist yet. } test($_GET['test']); ?> Expected result: ---------------- Proper execution of code, with an E_NOTICE error message reported. Actual result: -------------- crash. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000004 0x00000001011e5afc in zend_hash_quick_find () (gdb) bt #0 0x00000001011e5afc in zend_hash_quick_find () #1 0x0000000101e96990 in php_taint_assign_concat_handler () #2 0x00000001011fca8d in ZEND_USER_OPCODE_SPEC_HANDLER () #3 0x00000001011fdaeb in execute () #4 0x00000001011d8ffb in zend_execute_scripts () #5 0x0000000101181732 in php_execute_script () #6 0x0000000101268dbc in php_handler () #7 0x000000010000127b in ap_run_handler () #8 0x000000010000311d in ap_invoke_handler () #9 0x0000000100024c18 in ap_process_request () #10 0x00000001000217c8 in ap_process_http_connection () #11 0x000000010000e9bb in ap_run_process_connection () #12 0x00000001000294cd in child_main () #13 0x00000001000296ff in make_child () #14 0x000000010002a389 in ap_mpm_run () #15 0x0000000100007c18 in main ()