|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75033 memory corrupton
Submitted: 2017-08-04 04:30 UTC Modified: 2017-08-11 20:58 UTC
From: zhihua dot yao at dbappsecurity dot com dot cn Assigned:
Status: Duplicate Package: Reproducible crash
PHP Version: 7.1.8 OS:
Private report: No CVE-ID: None
 [2017-08-04 04:30 UTC] zhihua dot yao at dbappsecurity dot com dot cn
It cause deinal of service.

Test script:
class A {
         public $a;
         public function __destruct() {
              $this->a=new A ;               


Expected result:

Actual result:
Program received signal SIGSEGV, Segmentation fault.

EAX: 0xbf800000 
EBX: 0xbf8002d0 
ECX: 0xbf800270 
EDX: 0xb454db8c --> 0xb440300c --> 0x6d697402 
ESI: 0xb440300c --> 0x6d697402 
EDI: 0x0 
EBP: 0xbf800158 
ESP: 0xbf7fffb0 
EIP: 0x9ba47c8 (<zend_call_function+72>:	mov    DWORD PTR [ebp-0x18c],eax)
EFLAGS: 0x210282 (carry parity adjust zero SIGN trap INTERRUPT direction overflow)
   0x9ba47b6 <zend_call_function+54>:	lea    eax,[ebp-0x158]
   0x9ba47bc <zend_call_function+60>:	sub    esp,0x19c
   0x9ba47c2 <zend_call_function+66>:	mov    edi,DWORD PTR ds:0xac55ca0
=> 0x9ba47c8 <zend_call_function+72>:	mov    DWORD PTR [ebp-0x18c],eax
   0x9ba47ce <zend_call_function+78>:	test   edi,edi
   0x9ba47d0 <zend_call_function+80>:	
    jne    0x9bae338 <zend_call_function+39864>
   0x9ba47d6 <zend_call_function+86>:	xchg   ax,ax
   0x9ba47d8 <zend_call_function+88>:	lea    esp,[esp-0x10]
Invalid $SP address: 0xbf7fffb0
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x09ba47c8 in zend_call_function (fci=0xbf800270, fci_cache=0xbf8001f0)
    at /home/hjy/Desktop/php-7.1.8/Zend/zend_execute_API.c:677
677	{


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-08-11 20:58 UTC]
-Status: Open +Status: Duplicate
 [2017-08-11 20:58 UTC]
Duplicate of bug #64280.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Jun 04 00:03:37 2023 UTC