|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2016-01-18 18:27 UTC] stas@php.net
[2016-01-19 11:17 UTC] vuln-report at secur3 dot us
[2016-02-01 06:21 UTC] stas@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: stas
[2016-02-01 06:21 UTC] stas@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2021 The PHP GroupAll rights reserved. |
Last updated: Mon Jan 18 18:01:23 2021 UTC |
Description: ------------ While fuzzing preg_match with afl-fuzz, I found a pattern that causes a segfault. Examination with gdb indicates that the stack has been corrupted. (The bt output is provided in the actual result section. The crashing pattern was tested with a clean build of the php-7.0.2 tag from GitHub. It was configured with defaults (./buildconf && ./configure && make) using ./sapi/cli/php as the tested binary. Test script: --------------- ./sapi/cli/php -r 'preg_match("/(?(199999999999999999)(()())())/","abcdef", $matches, PREG_OFFSET_CAPTURE);' Expected result: ---------------- No output should be returned Actual result: -------------- Segmentation Fault GDB Backtrace does not make sense: (gdb) bt #0 0x00007ffff7f66086 in ?? () #1 0x0000000000000000 in ?? ()