|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2021-02-11 17:37 UTC] cmb@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: cmb
[2021-02-11 17:37 UTC] cmb@php.net
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 03:01:28 2024 UTC |
Description: ------------ In 7 versions the mistake doesn't appear, to povidimy because of other principle of work with memory. Probably it is possible to solve a problem check of value of a stack (ESP) by recursive/dynamic calls. tested on <= 5.6.21 versions Test script: --------------- <?php class A{ public static function __callStatic($name, $arguments){ self::inf(); } } $b = new A; $b::hello(); ?> Expected result: ---------------- Fatal error, as it is made in 7 versions. Actual result: -------------- root@de:/tmp/php-5.6.21# sapi/cli/php -v PHP 5.6.21 (cli) (built: May 10 2016 19:37:58) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies root@de:/tmp/php-5.6.21/sapi/cli# gdb --args php -f /tmp/1.php GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from php...done. (gdb) display/10i $rip (gdb) set heigth 0 No symbol "heigth" in current context. (gdb) set height 0 (gdb) r Starting program: /tmp/php-5.6.21/sapi/cli/php -f /tmp/1.php [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x00000000006a7156 in _zend_mm_alloc_int (heap=0xea81c0, size=72) at /tmp/php-5.6.21/Zend/zend_alloc.c:1881 1881 { 1: x/10i $rip => 0x6a7156 <_zend_mm_alloc_int+6>: push %r12 0x6a7158 <_zend_mm_alloc_int+8>: mov %rsi,%r13 0x6a715b <_zend_mm_alloc_int+11>: push %rbp 0x6a715c <_zend_mm_alloc_int+12>: push %rbx 0x6a715d <_zend_mm_alloc_int+13>: mov %rdi,%r12 0x6a7160 <_zend_mm_alloc_int+16>: sub $0x18,%rsp 0x6a7164 <_zend_mm_alloc_int+20>: cmp $0xf,%rsi 0x6a7168 <_zend_mm_alloc_int+24>: jbe 0x6a71f0 <_zend_mm_alloc_int+160> 0x6a716e <_zend_mm_alloc_int+30>: lea 0x7fdb93(%rip),%rax # 0xea4d08 <zend_block_interruptions> 0x6a7175 <_zend_mm_alloc_int+37>: lea 0x17(%rsi),%rbp (gdb) set logging on (gdb) bt full backtrace file (25Mb): http://rnsd.ru/down/php-bt-z8f02lds_fas.txt