|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74947 Segfault in scanner on INF number
Submitted: 2017-07-19 06:06 UTC Modified: 2017-07-21 03:52 UTC
From: geeknik at protonmail dot ch Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 7.1.7 OS: Fedora 26 x64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
23 + 1 = ?
Subscribe to this entry?

 [2017-07-19 06:06 UTC] geeknik at protonmail dot ch
Built with afl-clang-fast and ASan/UBSan on Fedora 26 x64. While fuzzing with AFL this runtime error was triggered. 

Test script:

Expected result:
Business as usual. 

Actual result:
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
    #0 0x1f0480c in zend_string_alloc /root/php-7.1.7/Zend/zend_string.h:122:36
    #1 0x1f0480c in zend_string_init /root/php-7.1.7/Zend/zend_string.h:158
    #2 0x1f0480c in _zend_hash_str_add /root/php-7.1.7/Zend/zend_hash.c:666
    #3 0x1ae0ac5 in zend_hash_str_add_mem /root/php-7.1.7/Zend/zend_hash.h:620:12
    #4 0x1ae0ac5 in sapi_register_post_entry /root/php-7.1.7/main/SAPI.c:954
    #5 0x1ae07e6 in sapi_register_post_entries /root/php-7.1.7/main/SAPI.c:940:7
    #6 0x1aeea3b in php_setup_sapi_content_types /root/php-7.1.7/main/php_content_types.c:64:2
    #7 0x29801ee in main /root/php-7.1.7/sapi/cli/php_cli.c:1326:2
    #8 0x7f08e77424d9 in __libc_start_main (/lib64/
    #9 0x43aad9 in _start (/root/php-7.1.7/sapi/cli/php+0x43aad9)

SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-21 03:52 UTC]
-Summary: runtime error: member access within null pointer of type 'zend_string' +Summary: Segfault in scanner on INF number
 [2017-07-21 04:05 UTC]
Automatic comment on behalf of
Log: Fixed bug #74947 (Segfault in scanner on INF number)
 [2017-07-21 04:05 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu May 13 04:01:23 2021 UTC