|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61162 Passing and using tainted data in specific way crashes
Submitted: 2012-02-20 16:02 UTC Modified: 2012-02-22 14:37 UTC
From: mathieuk at gmail dot com Assigned:
Status: Duplicate Package: taint (PECL)
PHP Version: 5.3.6 OS: OS X
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: mathieuk at gmail dot com
New email:
PHP Version: OS:


 [2012-02-20 16:02 UTC] mathieuk at gmail dot com
Was running into some whitescreens with the taint module on. 
Turns out I was appending to a variable that didn't exist yet 
in a function. This crashes PHP from the taint module. 

Reproduce code:

function test($test)
$data .= $test; // $data doesn't exist yet.



Expected result:
Proper execution of code, with an E_NOTICE error message 

Actual result:

Program received signal EXC_BAD_ACCESS, Could not access 
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000004
0x00000001011e5afc in zend_hash_quick_find ()
(gdb) bt
#0  0x00000001011e5afc in zend_hash_quick_find ()
#1  0x0000000101e96990 in php_taint_assign_concat_handler ()
#2  0x00000001011fca8d in ZEND_USER_OPCODE_SPEC_HANDLER ()
#3  0x00000001011fdaeb in execute ()
#4  0x00000001011d8ffb in zend_execute_scripts ()
#5  0x0000000101181732 in php_execute_script ()
#6  0x0000000101268dbc in php_handler ()
#7  0x000000010000127b in ap_run_handler ()
#8  0x000000010000311d in ap_invoke_handler ()
#9  0x0000000100024c18 in ap_process_request ()
#10 0x00000001000217c8 in ap_process_http_connection ()
#11 0x000000010000e9bb in ap_run_process_connection ()
#12 0x00000001000294cd in child_main ()
#13 0x00000001000296ff in make_child ()
#14 0x000000010002a389 in ap_mpm_run ()
#15 0x0000000100007c18 in main ()


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-22 14:37 UTC]
-Status: Open +Status: Duplicate
 [2012-02-22 14:37 UTC]
dup to #61163
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 23:01:29 2024 UTC