php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63899 Use after scope error in zend_compile
Submitted: 2013-01-04 01:16 UTC Modified: 2013-01-04 03:03 UTC
From: slangley at google dot com Assigned: laruence
Status: Closed Package: Scripting Engine problem
PHP Version: 5.4Git-2013-01-04 (Git) OS:
Private report: No CVE-ID:
 [2013-01-04 01:16 UTC] slangley at google dot com
Description:
------------
Address sanitizer detected a use after scope error in zend_compile.c - in the 
current GIT repository this problem starts at line 5044.

	if (CG(current_namespace)) {
		/* Prefix class name with name of current namespace */
		znode tmp;

		tmp.u.constant = *CG(current_namespace);
		zval_copy_ctor(&tmp.u.constant);
		zend_do_build_namespace_name(&tmp, &tmp, class_name TSRMLS_CC);
		class_name = &tmp;
		efree(lcname);
		lcname = zend_str_tolower_dup(Z_STRVAL(class_name->u.constant), 
Z_STRLEN(class_name->u.constant));
	}

	if (error) {
		char *tmp = zend_str_tolower_dup(Z_STRVAL_PP(ns_name), 
Z_STRLEN_PP(ns_name));

		if (Z_STRLEN_PP(ns_name) != Z_STRLEN(class_name->u.constant) ||
			memcmp(tmp, lcname, Z_STRLEN(class_name->u.constant))) {
			zend_error(E_COMPILE_ERROR, "Cannot declare class %s 
because the name is already in use", Z_STRVAL(class_name->u.constant));
		}
		efree(tmp);
	}


There is a scoped variable "znode tmp" on line 5046. It's address is assigned to 
the 
pointer class_name on line 5051 (class_name = &tmp). class_name is then used on 
line 5059 after the 
value it points to (tmp) has gone out of scope when the block finished on line 
5054.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-04 03:02 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489
Log: Fixed bug #63899 (Use after scope error in zend_compile)
 [2013-01-04 03:02 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2013-01-04 03:03 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2013-01-04 03:03 UTC] laruence@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

slangley thanks,  I think it should be a typo :)
 [2013-01-04 03:05 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489
Log: Fixed bug #63899 (Use after scope error in zend_compile)
 [2013-01-04 03:06 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489
Log: Fixed bug #63899 (Use after scope error in zend_compile)
 [2013-01-04 03:06 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489
Log: Fixed bug #63899 (Use after scope error in zend_compile)
 [2013-01-12 16:39 UTC] derick@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489
Log: Fixed bug #63899 (Use after scope error in zend_compile)
 [2013-03-01 18:32 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489
Log: Fixed bug #63899 (Use after scope error in zend_compile)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 21:01:56 2014 UTC