|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patchesoverflow_in_phar_build (last revision 2014-05-09 22:11 UTC by crrodriguez at opensuse dot org)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
[2014-05-11 12:46 UTC] felipe@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: felipe
[2014-05-11 12:46 UTC] felipe@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu May 02 15:01:33 2024 UTC |
Description: ------------ There is an off-by-one in phar_build, misuse of estrndup Test script: --------------- running the phar test suite with -fsanitize=address + gcc 4.9 Expected result: ---------------- No error Actual result: -------------- ==90012==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000011699c9 at pc 0xad1269 bp 0x7ffffd831c70 sp 0x7ffffd831c68 READ of size 1 at 0x0000011699c9 thread T0 #0 0xad1268 in memcpy /usr/include/bits/string3.h:51 #1 0xad1268 in _estrndup /home/crrodriguez/scm/php-src/Zend/zend_alloc.c:2655 #2 0x80682e in phar_build /home/crrodriguez/scm/php-src/ext/phar/phar_object.c:1480 #3 0x89ce86 in spl_iterator_apply /home/crrodriguez/scm/php-src/ext/spl/spl_iterators.c:3454 #4 0x801dba in zim_Phar_buildFromIterator /home/crrodriguez/scm/php-src/ext/phar/phar_object.c:1919 #5 0xd8bf2e in zend_do_fcall_common_helper_SPEC /home/crrodriguez/scm/php-src/Zend/zend_vm_execute.h:558 #6 0xc07060 in execute_ex /home/crrodriguez/scm/php-src/Zend/zend_vm_execute.h:363 #7 0xb4c26b in zend_execute_scripts /home/crrodriguez/scm/php-src/Zend/zend.c:1330 #8 0xa3b8c3 in php_execute_script /home/crrodriguez/scm/php-src/main/main.c:2549 #9 0xd901d1 in do_cli /home/crrodriguez/scm/php-src/sapi/cli/php_cli.c:994 #10 0x4387c2 in main /home/crrodriguez/scm/php-src/sapi/cli/php_cli.c:1378 #11 0x7f123098eb04 in __libc_start_main (/lib64/libc.so.6+0x21b04) #12 0x438f86 (/home/crrodriguez/scm/php-src/sapi/cli/php+0x438f86)