PHP :: Bug #64302 :: Invalid read in ext/phar/tests/bug52013.phpt

Bug #64302	Invalid read in ext/phar/tests/bug52013.phpt
Submitted:	2013-02-26 10:24 UTC	Modified:	2018-02-04 17:13 UTC
From:	ab@php.net	Assigned:	bishop (profile)
Status:	Closed	Package:	PHAR related
PHP Version:	5.5Git-2013-02-26 (Git)	OS:	all
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	ab@php.net
New email:
PHP Version:		OS:

New/Additional Comment:

[2013-02-26 10:24 UTC] ab@php.net

Description:
------------
Running the mentioned test with valgrind is to see

Expected result:
----------------
no valgrind warnings

Actual result:
--------------
==22761== Syscall param write(buf) points to uninitialised byte(s)
==22761==    at 0x5924EB3: __write_nocancel (syscall-template.S:82)
==22761==    by 0x85852E8: _php_stream_filter_flush (filter.c:504)
==22761==    by 0x831BE2F: phar_flush (phar.c:2903)
==22761==    by 0x832B1DE: zim_Phar_compressFiles (phar_object.c:3436)
==22761==    by 0x863FFA4: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:542)
==22761==    by 0x8641374: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(zend_vm_execute.h:674)
==22761==    by 0x863E004: execute_ex (zend_vm_execute.h:356)
==22761==    by 0x863E9BA: zend_execute (zend_vm_execute.h:381)
==22761==    by 0x85FF017: zend_execute_scripts (zend.c:1316)
==22761==    by 0x85615FB: php_execute_script (main.c:2479)
==22761==    by 0x875C33C: do_cli (php_cli.c:988)
==22761==    by 0x875D785: main (php_cli.c:1364)
==22761==  Address 0x6187d1b is 11 bytes inside a block of size 15 alloc'd
==22761==    at 0x4024F20: malloc (vg_replace_malloc.c:236)
==22761==    by 0x85C3E62: _emalloc (zend_alloc.c:2427)
==22761==    by 0x85C4356: _estrndup (zend_alloc.c:2641)
==22761==    by 0x81C613C: php_zlib_deflate_filter (zlib_filter.c:250)
==22761==    by 0x8585094: _php_stream_filter_flush (filter.c:452)
==22761==    by 0x831BE2F: phar_flush (phar.c:2903)
==22761==    by 0x832B1DE: zim_Phar_compressFiles (phar_object.c:3436)
==22761==    by 0x863FFA4: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:542)
==22761==    by 0x8641374: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(zend_vm_execute.h:674)
==22761==    by 0x863E004: execute_ex (zend_vm_execute.h:356)
==22761==    by 0x863E9BA: zend_execute (zend_vm_execute.h:381)
==22761==    by 0x85FF017: zend_execute_scripts (zend.c:1316)
==22761==

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-02-26 10:27 UTC] ab@php.net

-Summary: Memory leak in ext/phar/tests/bug52013.phpt +Summary: Invalid read in ext/phar/tests/bug52013.phpt

[2013-02-26 11:33 UTC] laruence@php.net

same in 5.3

[2018-02-04 17:13 UTC] bishop@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: bishop

[2018-02-04 17:13 UTC] bishop@php.net

As of PHP 7.1 on a 64-bit Intel, I'm not able to reproduce:

$ valgrind --tool=memcheck --leak-check=full -v sapi/cli/php -d phar.readonly=0 ./ext/phar/tests/bug52013.php
...
==55816== HEAP SUMMARY:
==55816==     in use at exit: 966 bytes in 20 blocks
==55816==   total heap usage: 12,451 allocs, 12,431 frees, 1,769,055 bytes allocated
==55816==
==55816== Searching for pointers to 20 not-freed blocks
==55816== Checked 647,512 bytes
==55816==
==55816== LEAK SUMMARY:
==55816==    definitely lost: 0 bytes in 0 blocks
==55816==    indirectly lost: 0 bytes in 0 blocks
==55816==      possibly lost: 0 bytes in 0 blocks
==55816==    still reachable: 966 bytes in 20 blocks
==55816==         suppressed: 0 bytes in 0 blocks
==55816== Reachable blocks (those to which a pointer was found) are not shown.
==55816== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==55816==
==55816== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==55816== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Those leaked bytes are outside the PHAR call stack. Example:
==55838== 400 bytes in 1 blocks are still reachable in loss record 20 of 20
==55838==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==55838==    by 0x60069F1: xmlInitCharEncodingHandlers (encoding.c:1395)
==55838==    by 0x600F994: xmlInitParser__internal_alias.part.17 (parser.c:14904)
==55838==    by 0x45C908: php_libxml_initialize (libxml.c:755)
==55838==    by 0x45C95F: zm_startup_libxml (libxml.c:794)
==55838==    by 0x7028DD: zend_startup_module_ex (zend_API.c:1843)
==55838==    by 0x70299B: zend_startup_module_zval (zend_API.c:1858)
==55838==    by 0x70F7EA: zend_hash_apply (zend_hash.c:1507)
==55838==    by 0x702C49: zend_startup_modules (zend_API.c:1969)
==55838==    by 0x69ED6D: php_module_startup (main.c:2300)
==55838==    by 0x7979CC: php_cli_startup (php_cli.c:427)
==55838==    by 0x42D8C4: main (php_cli.c:1348)


If this is not the correct reproduction and the bug still exists, please re-open with further reproduction details.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 16:01:30 2024 UTC