php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69872 uninitialised value in strtr with array
Submitted: 2015-06-18 12:50 UTC Modified: -
From: arjen at react dot com Assigned:
Status: Closed Package: Strings related
PHP Version: 7.0Git-2015-06-18 (Git) OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: arjen at react dot com
New email:
PHP Version: OS:

 

 [2015-06-18 12:50 UTC] arjen at react dot com
Description:
------------
Array contains some non-ascii chars, so I put some serialize/base64_encode around it.

USE_ZEND_ALLOC=0 valgrind --tool=memcheck --smc-check=all --error-limit=no --num-callers=30 --track-origins=yes --num-callers=30 --leak-check=full php-src/sapi/cli/php uninitialize_var_strtr.php

Test script:
---------------
<?php


$replace = unserialize(base64_decode('YTo1NTp7czoxOiIAIjtzOjE6IjIiO3M6MToiASI7czoxOiIzIjtzOjE6IgIiO3M6MToiNCI7czoxOiIDIjtzOjE6IjUiO3M6MToiBCI7czoxOiI2IjtzOjE6IgUiO3M6MToiNyI7czoxOiIGIjtzOjE6IjgiO3M6MToiByI7czoxOiI5IjtzOjE6IggiO3M6MToiYSI7czoxOiIJIjtzOjE6ImIiO3M6MToiCiI7czoxOiJkIjtzOjE6IgsiO3M6MToiZSI7czoxOiIMIjtzOjE6ImYiO3M6MToiDSI7czoxOiJnIjtzOjE6Ig4iO3M6MToiaCI7czoxOiIPIjtzOjE6ImkiO3M6MToiECI7czoxOiJqIjtzOjE6IhEiO3M6MToiayI7czoxOiISIjtzOjE6Im0iO3M6MToiEyI7czoxOiJuIjtzOjE6IhQiO3M6MToicCI7czoxOiIVIjtzOjE6InEiO3M6MToiFiI7czoxOiJyIjtzOjE6IhciO3M6MToicyI7czoxOiIYIjtzOjE6InQiO3M6MToiGSI7czoxOiJ1IjtzOjE6IhoiO3M6MToidiI7czoxOiIbIjtzOjE6InciO3M6MToiHCI7czoxOiJ4IjtzOjE6Ih0iO3M6MToieSI7czoxOiIeIjtzOjE6InoiO3M6MToiHyI7czoxOiJBIjtzOjE6IiAiO3M6MToiQiI7czoxOiIhIjtzOjE6IkMiO3M6MToiIiI7czoxOiJEIjtzOjE6IiMiO3M6MToiRSI7czoxOiIkIjtzOjE6IkYiO3M6MToiJSI7czoxOiJHIjtzOjE6IiYiO3M6MToiSCI7czoxOiInIjtzOjE6IkoiO3M6MToiKCI7czoxOiJLIjtzOjE6IikiO3M6MToiTCI7czoxOiIqIjtzOjE6Ik0iO3M6MToiKyI7czoxOiJOIjtzOjE6IiwiO3M6MToiUCI7czoxOiItIjtzOjE6IlEiO3M6MToiLiI7czoxOiJSIjtzOjE6Ii8iO3M6MToiUyI7aTowO3M6MToiVCI7aToxO3M6MToiVSI7aToyO3M6MToiViI7aTozO3M6MToiVyI7aTo0O3M6MToiWCI7aTo1O3M6MToiWSI7aTo2O3M6MToiWiI7fQ=='));

$search = hex2bin('02250724281413111027360315340632360c1422');

$result = strtr($search, $replace);
var_dump($result);


Expected result:
----------------
Non valgrind errors.

Actual result:
--------------
==4820== Conditional jump or move depends on uninitialised value(s)
==4820==    at 0x84CF89: php_strtr_array (string.c:3057)
==4820==    by 0x84EA67: zif_strtr (string.c:3485)
==4820==    by 0x99FD3D: ZEND_DO_ICALL_SPEC_HANDLER (zend_vm_execute.h:576)
==4820==    by 0x99F77A: execute_ex (zend_vm_execute.h:403)
==4820==    by 0x99F88B: zend_execute (zend_vm_execute.h:447)
==4820==    by 0x947253: zend_execute_scripts (zend.c:1389)
==4820==    by 0x8B88B0: php_execute_script (main.c:2475)
==4820==    by 0xA04966: do_cli (php_cli.c:967)
==4820==    by 0xA0592E: main (php_cli.c:1334)
==4820==  Uninitialised value was created by a stack allocation
==4820==    at 0x84CAD8: php_strtr_array (string.c:2981)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-18 14:33 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=20f34166829a6f6c4b4f5f05b10ca296e3742f1c
Log: Fixed bug #69872 (uninitialised value in strtr with array)
 [2015-06-18 14:33 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2015-06-23 18:04 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=20f34166829a6f6c4b4f5f05b10ca296e3742f1c
Log: Fixed bug #69872 (uninitialised value in strtr with array)
 [2016-07-20 11:38 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=20f34166829a6f6c4b4f5f05b10ca296e3742f1c
Log: Fixed bug #69872 (uninitialised value in strtr with array)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Nov 03 06:01:29 2024 UTC