php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74947 Segfault in scanner on INF number
Submitted: 2017-07-19 06:06 UTC Modified: 2017-07-21 03:52 UTC
From: geeknik at protonmail dot ch Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 7.1.7 OS: Fedora 26 x64
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: geeknik at protonmail dot ch
New email:
PHP Version: OS:

 

 [2017-07-19 06:06 UTC] geeknik at protonmail dot ch
Description:
------------
Built with afl-clang-fast and ASan/UBSan on Fedora 26 x64. While fuzzing with AFL this runtime error was triggered. 

Test script:
---------------
<?200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000[

Expected result:
----------------
Business as usual. 

Actual result:
--------------
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
    #0 0x1f0480c in zend_string_alloc /root/php-7.1.7/Zend/zend_string.h:122:36
    #1 0x1f0480c in zend_string_init /root/php-7.1.7/Zend/zend_string.h:158
    #2 0x1f0480c in _zend_hash_str_add /root/php-7.1.7/Zend/zend_hash.c:666
    #3 0x1ae0ac5 in zend_hash_str_add_mem /root/php-7.1.7/Zend/zend_hash.h:620:12
    #4 0x1ae0ac5 in sapi_register_post_entry /root/php-7.1.7/main/SAPI.c:954
    #5 0x1ae07e6 in sapi_register_post_entries /root/php-7.1.7/main/SAPI.c:940:7
    #6 0x1aeea3b in php_setup_sapi_content_types /root/php-7.1.7/main/php_content_types.c:64:2
    #7 0x29801ee in main /root/php-7.1.7/sapi/cli/php_cli.c:1326:2
    #8 0x7f08e77424d9 in __libc_start_main (/lib64/libc.so.6+0x204d9)
    #9 0x43aad9 in _start (/root/php-7.1.7/sapi/cli/php+0x43aad9)

SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-21 03:52 UTC] laruence@php.net
-Summary: runtime error: member access within null pointer of type 'zend_string' +Summary: Segfault in scanner on INF number
 [2017-07-21 04:05 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=95d2908814585bd9c3c9a1eab4989bc551b6cc73
Log: Fixed bug #74947 (Segfault in scanner on INF number)
 [2017-07-21 04:05 UTC] laruence@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Oct 08 20:01:27 2024 UTC