PHP :: Bug #74948 :: Multiple undefined-behavior runtime errors leads to a stack-overflow?

Bug #74948

Multiple undefined-behavior runtime errors leads to a stack-overflow?

Submitted:

2017-07-19 06:32 UTC

Modified:

2017-08-12 16:50 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

geeknik at protonmail dot ch

Assigned:

Status:

Duplicate

Package:

Reproducible crash

PHP Version:

7.1.7

OS:

Fedora 26 x64

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	geeknik at protonmail dot ch
New email:
PHP Version:		OS:

New Comment:

[2017-07-19 06:32 UTC] geeknik at protonmail dot ch

Description:
------------
Built with afl-clang-fast and ASan/UBSan on Fedora 26 x64. While fuzzing with AFL this stack-overflow was triggered after multiple runtime errors.

Test script:
---------------
<?php
function test(){}function gen(){foreach(0as$t){yield;}test(...gen());}test(...gen());[

Expected result:
----------------
The opposite of whatever is happening here. 

Actual result:
--------------
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_API.c:2248:21: runtime error: member access within address 0x6080000000a0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x6080000000a0: note: pointer points here
 03 00 80 6a  01 00 00 00 00 01 00 00  50 03 00 00 40 60 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:2248:21 in
/root/php-7.1.7/Zend/zend_API.c:2248:54: runtime error: member access within address 0x6080000000a0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x6080000000a0: note: pointer points here
 03 00 80 6a  01 00 00 00 00 01 00 00  50 03 00 00 40 60 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:2248:54 in
/root/php-7.1.7/Zend/zend_API.c:2250:34: runtime error: member access within address 0x6080000001a0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x6080000001a0: note: pointer points here
 03 00 80 6a  01 00 00 00 00 01 00 00  50 04 00 00 40 60 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:2250:34 in
/root/php-7.1.7/Zend/zend_API.c:2251:23: runtime error: member access within address 0x6080000001a0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x6080000001a0: note: pointer points here
 03 00 80 6a  01 00 00 00 00 01 00 00  50 04 00 00 40 60 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:2251:23 in
/root/php-7.1.7/Zend/zend_API.c:2252:23: runtime error: member access within address 0x6080000001a0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x6080000001a0: note: pointer points here
 03 00 80 6a  01 00 00 00 00 01 00 00  50 04 00 00 40 60 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:2252:23 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_API.c:2253:23: runtime error: member access within address 0x608000002e20 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x608000002e20: note: pointer points here
 03 00 00 25  01 00 00 00 00 01 00 00  90 50 00 00 40 60 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:2253:23 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_API.c:3647:28: runtime error: member access within null pointer of type 'zend_object' (aka 'struct _zend_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:3647:28 in
/root/php-7.1.7/Zend/zend_API.c:3651:3: runtime error: member access within null pointer of type 'zend_object' (aka 'struct _zend_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:3651:3 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/date/php_date.c:2053:37: runtime error: member access within null pointer of type 'php_date_obj' (aka 'struct _php_date_obj')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/date/php_date.c:2053:37 in
/root/php-7.1.7/ext/date/php_date.c:2092:41: runtime error: member access within null pointer of type 'php_timezone_obj' (aka 'struct _php_timezone_obj')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/date/php_date.c:2092:41 in
/root/php-7.1.7/ext/date/php_date.c:2120:41: runtime error: member access within null pointer of type 'php_interval_obj' (aka 'struct _php_interval_obj')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/date/php_date.c:2120:41 in
/root/php-7.1.7/ext/date/php_date.c:2137:39: runtime error: member access within null pointer of type 'php_period_obj' (aka 'struct _php_period_obj')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/date/php_date.c:2137:39 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/sqlite3/sqlite3.c:2249:35: runtime error: member access within null pointer of type 'php_sqlite3_db_object' (aka 'struct _php_sqlite3_db_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/sqlite3/sqlite3.c:2249:35 in
/root/php-7.1.7/ext/sqlite3/sqlite3.c:2257:40: runtime error: member access within null pointer of type 'php_sqlite3_stmt' (aka 'struct _php_sqlite3_stmt_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/sqlite3/sqlite3.c:2257:40 in
/root/php-7.1.7/ext/sqlite3/sqlite3.c:2265:42: runtime error: member access within null pointer of type 'php_sqlite3_result' (aka 'struct _php_sqlite3_result_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/sqlite3/sqlite3.c:2265:42 in
/root/php-7.1.7/ext/dom/php_dom.c:599:31: runtime error: member access within null pointer of type 'dom_object' (aka 'struct _dom_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/dom/php_dom.c:599:31 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_API.c:3644:4: runtime error: member access within null pointer of type 'zend_object' (aka 'struct _zend_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_API.c:3644:4 in
/root/php-7.1.7/ext/dom/php_dom.c:843:37: runtime error: member access within null pointer of type 'dom_xpath_object' (aka 'struct _dom_xpath_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/dom/php_dom.c:843:37 in
/root/php-7.1.7/ext/dom/php_dom.c:843:73: runtime error: member access within null pointer of type 'dom_object' (aka 'struct _dom_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/dom/php_dom.c:843:73 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/fileinfo/fileinfo.c:221:33: runtime error: member access within null pointer of type 'finfo_object' (aka 'struct _finfo_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/fileinfo/fileinfo.c:221:33 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/spl/spl_iterators.c:3689:34: runtime error: member access within null pointer of type 'spl_recursive_it_object' (aka 'struct _spl_recursive_it_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_iterators.c:3689:34 in
/root/php-7.1.7/ext/spl/spl_iterators.c:3696:32: runtime error: member access within null pointer of type 'spl_dual_it_object' (aka 'struct _spl_dual_it_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_iterators.c:3696:32 in
/root/php-7.1.7/ext/spl/spl_array.c:1955:35: runtime error: member access within null pointer of type 'spl_array_object' (aka 'struct _spl_array_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_array.c:1955:35 in
/root/php-7.1.7/ext/spl/spl_directory.c:3107:42: runtime error: member access within null pointer of type 'spl_filesystem_object' (aka 'struct _spl_filesystem_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_directory.c:3107:42 in
/root/php-7.1.7/ext/spl/spl_dllist.c:1396:43: runtime error: member access within null pointer of type 'spl_dllist_object' (aka 'struct _spl_dllist_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_dllist.c:1396:43 in
/root/php-7.1.7/ext/spl/spl_heap.c:1207:39: runtime error: member access within null pointer of type 'spl_heap_object' (aka 'struct _spl_heap_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_heap.c:1207:39 in
/root/php-7.1.7/ext/spl/spl_heap.c:1229:48: runtime error: member access within null pointer of type 'spl_heap_object' (aka 'struct _spl_heap_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_heap.c:1229:48 in
/root/php-7.1.7/ext/spl/spl_fixedarray.c:1086:46: runtime error: member access within null pointer of type 'spl_fixedarray_object' (aka 'struct _spl_fixedarray_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_fixedarray.c:1086:46 in
/root/php-7.1.7/ext/spl/spl_observer.c:1250:49: runtime error: member access within null pointer of type 'spl_SplObjectStorage' (aka 'struct _spl_SplObjectStorage')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/spl/spl_observer.c:1250:49 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/pdo/pdo_dbh.c:1397:35: runtime error: member access within null pointer of type 'pdo_dbh_object_t' (aka 'struct _pdo_dbh_object_t')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/pdo/pdo_dbh.c:1397:35 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/pdo/pdo_stmt.c:2282:38: runtime error: member access within null pointer of type 'pdo_stmt_t' (aka 'struct _pdo_stmt_t')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/pdo/pdo_stmt.c:2282:38 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/reflection/php_reflection.c:6816:38: runtime error: member access within null pointer of type 'reflection_object'
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/reflection/php_reflection.c:6816:38 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/simplexml/simplexml.c:2736:31: runtime error: member access within null pointer of type 'php_sxe_object'
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/simplexml/simplexml.c:2736:31 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/xmlreader/php_xmlreader.c:1310:37: runtime error: member access within null pointer of type 'xmlreader_object' (aka 'struct _xmlreader_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/xmlreader/php_xmlreader.c:1310:37 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/ext/xmlwriter/php_xmlwriter.c:1846:37: runtime error: member access within null pointer of type 'ze_xmlwriter_object' (aka 'struct _ze_xmlwriter_object')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/ext/xmlwriter/php_xmlwriter.c:1846:37 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_execute_API.c:142:46: runtime error: index -1 out of bounds for type 'zend_array *[32]'
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_execute_API.c:142:46 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
Zend/zend_string.h:122:36: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: AddressSanitizer: undefined-behavior Zend/zend_string.h:122:36 in
/root/php-7.1.7/Zend/zend_alloc.c:593:46: runtime error: left shift of 1 by 63 places cannot be represented in type 'long'
SUMMARY: AddressSanitizer: undefined-behavior /root/php-7.1.7/Zend/zend_alloc.c:593:46 in
ASAN:DEADLYSIGNAL
=================================================================
==3696==ERROR: AddressSanitizer: stack-overflow on address 0x7ffea1ee1ed8 (pc 0x00000046be87 bp 0x7ffea1ee2750 sp 0x7ffea1ee1ee0 T0)
    #0 0x46be86 in __interceptor_strlen.part.30 (/root/php-7.1.7/sapi/cli/php+0x46be86)
    #1 0x1ab93b7 in xbuf_format_converter /root/php-7.1.7/main/spprintf.c:605:16
    #2 0x1ab7f19 in vspprintf /root/php-7.1.7/main/spprintf.c:843:2
    #3 0x1a9a21d in php_printf /root/php-7.1.7/main/main.c:731:9
    #4 0x1aa6200 in php_error_cb /root/php-7.1.7/main/main.c
    #5 0x1e3401f in zend_error /root/php-7.1.7/Zend/zend.c
    #6 0x23f778a in ZEND_FE_RESET_R_SPEC_CONST_HANDLER /root/php-7.1.7/Zend/zend_vm_execute.h:3600:3
    #7 0x21a9e8a in execute_ex /root/php-7.1.7/Zend/zend_vm_execute.h:432:7
    #8 0x207ddc8 in zend_generator_resume /root/php-7.1.7/Zend/zend_generators.c:817:3
    #9 0x2083f02 in zend_generator_ensure_initialized /root/php-7.1.7/Zend/zend_generators.c:858:3
    #10 0x2095f05 in zend_generator_rewind /root/php-7.1.7/Zend/zend_generators.c:867:2
    #11 0x2095f05 in zend_generator_iterator_rewind /root/php-7.1.7/Zend/zend_generators.c:1166
    #12 0x27f4124 in ZEND_SEND_UNPACK_SPEC_HANDLER /root/php-7.1.7/Zend/zend_vm_execute.h:1319:5
    #13 0x21a9e8a in execute_ex /root/php-7.1.7/Zend/zend_vm_execute.h:432:7
    #14 0x207ddc8 in zend_generator_resume /root/php-7.1.7/Zend/zend_generators.c:817:3
    #15 0x2083f02 in zend_generator_ensure_initialized /root/php-7.1.7/Zend/zend_generators.c:858:3
    #16 0x2095f05 in zend_generator_rewind /root/php-7.1.7/Zend/zend_generators.c:867:2
    #17 0x2095f05 in zend_generator_iterator_rewind /root/php-7.1.7/Zend/zend_generators.c:1166
    #18 0x27f4124 in ZEND_SEND_UNPACK_SPEC_HANDLER /root/php-7.1.7/Zend/zend_vm_execute.h:1319:5
    #19 0x21a9e8a in execute_ex /root/php-7.1.7/Zend/zend_vm_execute.h:432:7
    #20 0x207ddc8 in zend_generator_resume /root/php-7.1.7/Zend/zend_generators.c:817:3
    #21 0x2083f02 in zend_generator_ensure_initialized /root/php-7.1.7/Zend/zend_generators.c:858:3
    #22 0x2095f05 in zend_generator_rewind /root/php-7.1.7/Zend/zend_generators.c:867:2
    #23 0x2095f05 in zend_generator_iterator_rewind /root/php-7.1.7/Zend/zend_generators.c:1166
    #24 0x27f4124 in ZEND_SEND_UNPACK_SPEC_HANDLER /root/php-7.1.7/Zend/zend_vm_execute.h:1319:5
    #25 0x21a9e8a in execute_ex /root/php-7.1.7/Zend/zend_vm_execute.h:432:7
/zend_generators.c:1166

...

SUMMARY: AddressSanitizer: stack-overflow (/root/php-7.1.7/sapi/cli/php+0x46be86) in __interceptor_strlen.part.30
==3696==ABORTING

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-07-19 07:14 UTC] requinix@php.net

Breaking news: 9 out of 10 fuzzers don't know what infinite recursion is.

Not sure about the "runtime errors", since they seem to be happening all over the codebase.

[2017-08-12 16:50 UTC] nikic@php.net

-Status: Open +Status: Duplicate

[2017-08-12 16:50 UTC] nikic@php.net

This is a standard infinite recursion stack overflow. Marking this as a duplicate of bug #64196 (which is for __clone()), as these are all the same really.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 03:01:29 2024 UTC