|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74377 null pointer deref and crash in zval_addref_p()
Submitted: 2017-04-05 19:24 UTC Modified: -
From: brian dot carpenter at gmail dot com Assigned:
Status: Open Package: Reproducible crash
PHP Version: 5.6.30 OS: Debian 8 x64
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-04-05 19:24 UTC] brian dot carpenter at gmail dot com
PHP 5.6.30 on Debian 8 x64 compiled with afl-gcc and ASAN.

Test script:

Expected result:
No crash.

Actual result:
==22740==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000001cf6a5c sp 0x7ffd0bcd1980 bp 0x7fc8ca0b49f8 T0)
    #0 0x1cf6a5b in zval_addref_p /root/php-5.6.30/Zend/zend.h:407
    #1 0x1cf6a5b in zend_binary_assign_op_helper_SPEC_CV_CV /root/php-5.6.30/Zend/zend_vm_execute.h:40099
    #2 0x1a2f7d6 in execute_ex /root/php-5.6.30/Zend/zend_vm_execute.h:363
    #3 0x1898d30 in zend_execute_scripts /root/php-5.6.30/Zend/zend.c:1341
    #4 0x15d377f in php_execute_script /root/php-5.6.30/main/main.c:2613
    #5 0x1e5d29f in do_cli /root/php-5.6.30/sapi/cli/php_cli.c:998
    #6 0x456eb8 in main /root/php-5.6.30/sapi/cli/php_cli.c:1382
    #7 0x7fc8c7c0fb44 in __libc_start_main (/lib/x86_64-linux-gnu/
    #8 0x457e3e (/root/php-5.6.30/sapi/cli/php+0x457e3e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/php-5.6.30/Zend/zend.h:407 zval_addref_p


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Oct 27 03:01:23 2020 UTC