php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72085 SEGV on unknown address zif_xml_parse
Submitted: 2016-04-23 04:07 UTC Modified: 2016-08-16 23:26 UTC
From: fernando at null-life dot com Assigned: cmb
Status: Closed Package: *XML functions
PHP Version: 5.6.20 OS: Linux
Private report: No CVE-ID:
 [2016-04-23 04:07 UTC] fernando at null-life dot com
Description:
------------
Run attached script test with ASAN

Test script:
---------------
<?php

$var1=xml_parser_create_ns();
xml_set_element_handler($var1, new Exception(""), 4096);
xml_parse($var1,  str_repeat("<a>", 10));


Expected result:
----------------
No complains from asan

Actual result:
--------------
Warning: Invalid callback exception 'Exception' in /ramdisk/22/xmlparse.php:5
Stack trace:
#0 {main}, no array or string given in /ramdisk/22/xmlparse.php on line 6
ASAN:SIGSEGV
=================================================================
==24991==ERROR: AddressSanitizer: SEGV on unknown address 0x00000005 (pc 0x094dd093 bp 0xb3f4a3e4 sp 0xbff2e810 T0)
    #0 0x94dd092 in zend_hash_index_find /home/fmunozs/phpgit/php56/Zend/zend_hash.c:942
    #1 0x90e7c39 in xml_call_handler /home/fmunozs/phpgit/php56/ext/xml/xml.c:538
    #2 0x90e7c39 in _xml_startElementHandler /home/fmunozs/phpgit/php56/ext/xml/xml.c:802
    #3 0x90ffd67 in _start_element_handler_ns /home/fmunozs/phpgit/php56/ext/xml/compat.c:190
    #4 0xb6f6e1a7  (/usr/lib/i386-linux-gnu/libxml2.so.2+0x3a1a7)
    #5 0xb6f785f0  (/usr/lib/i386-linux-gnu/libxml2.so.2+0x445f0)
    #6 0xb6f79f62 in xmlParseChunk (/usr/lib/i386-linux-gnu/libxml2.so.2+0x45f62)
    #7 0x9102a2b in php_XML_Parse /home/fmunozs/phpgit/php56/ext/xml/compat.c:605
    #8 0x90dee1e in zif_xml_parse /home/fmunozs/phpgit/php56/ext/xml/xml.c:1454
    #9 0x9a7c718 in zend_do_fcall_common_helper_SPEC /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:558
    #10 0x9640316 in execute_ex /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:363
    #11 0x9a6c9c8 in zend_execute /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:388
    #12 0x9470b59 in zend_execute_scripts /home/fmunozs/phpgit/php56/Zend/zend.c:1341
    #13 0x91acc6b in php_execute_script /home/fmunozs/phpgit/php56/main/main.c:2613
    #14 0x9a8648a in do_cli /home/fmunozs/phpgit/php56/sapi/cli/php_cli.c:994
    #15 0x808a502 in main /home/fmunozs/phpgit/php56/sapi/cli/php_cli.c:1378
    #16 0xb6d97645 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18645)
    #17 0x808aaba  (/home/fmunozs/phpgit/php56/sapi/cli/php+0x808aaba)

AddressSanitizer can not provide additional info.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-16 22:22 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2016-08-16 22:22 UTC] cmb@php.net
-Summary: AddressSanitizer: SEGV on unknown address zif_xml_parse +Summary: SEGV on unknown address zif_xml_parse
 [2016-08-16 23:26 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC