php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74377 null pointer deref and crash in zval_addref_p()
Submitted: 2017-04-05 19:24 UTC Modified: -
From: brian dot carpenter at gmail dot com Assigned:
Status: Open Package: Reproducible crash
PHP Version: 5.6.30 OS: Debian 8 x64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: brian dot carpenter at gmail dot com
New email:
PHP Version: OS:

 

 [2017-04-05 19:24 UTC] brian dot carpenter at gmail dot com
Description:
------------
PHP 5.6.30 on Debian 8 x64 compiled with afl-gcc and ASAN.

Test script:
---------------
https://drive.google.com/file/d/0B3Tl4QiWJUt8TkVpZFZaZUVHQlU/view?usp=sharing

Expected result:
----------------
No crash.

Actual result:
--------------
==22740==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000001cf6a5c sp 0x7ffd0bcd1980 bp 0x7fc8ca0b49f8 T0)
    #0 0x1cf6a5b in zval_addref_p /root/php-5.6.30/Zend/zend.h:407
    #1 0x1cf6a5b in zend_binary_assign_op_helper_SPEC_CV_CV /root/php-5.6.30/Zend/zend_vm_execute.h:40099
    #2 0x1a2f7d6 in execute_ex /root/php-5.6.30/Zend/zend_vm_execute.h:363
    #3 0x1898d30 in zend_execute_scripts /root/php-5.6.30/Zend/zend.c:1341
    #4 0x15d377f in php_execute_script /root/php-5.6.30/main/main.c:2613
    #5 0x1e5d29f in do_cli /root/php-5.6.30/sapi/cli/php_cli.c:998
    #6 0x456eb8 in main /root/php-5.6.30/sapi/cli/php_cli.c:1382
    #7 0x7fc8c7c0fb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #8 0x457e3e (/root/php-5.6.30/sapi/cli/php+0x457e3e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/php-5.6.30/Zend/zend.h:407 zval_addref_p

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC