|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75034 memory corrupton
Submitted: 2017-08-04 04:31 UTC Modified: 2017-08-04 05:49 UTC
From: zhihua dot yao at dbappsecurity dot com dot cn Assigned:
Status: Duplicate Package: Reproducible crash
PHP Version: 7.1.8 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
3 + 43 = ?
Subscribe to this entry?

 [2017-08-04 04:31 UTC] zhihua dot yao at dbappsecurity dot com dot cn
It cause deinal of service.

Test script:
class A {
         public $a;
         public function __destruct() {
              $this->a=new A ;               


Expected result:

Actual result:
Program received signal SIGSEGV, Segmentation fault.

EAX: 0xbf800000 
EBX: 0xbf8002d0 
ECX: 0xbf800270 
EDX: 0xb454db8c --> 0xb440300c --> 0x6d697402 
ESI: 0xb440300c --> 0x6d697402 
EDI: 0x0 
EBP: 0xbf800158 
ESP: 0xbf7fffb0 
EIP: 0x9ba47c8 (<zend_call_function+72>:	mov    DWORD PTR [ebp-0x18c],eax)
EFLAGS: 0x210282 (carry parity adjust zero SIGN trap INTERRUPT direction overflow)
   0x9ba47b6 <zend_call_function+54>:	lea    eax,[ebp-0x158]
   0x9ba47bc <zend_call_function+60>:	sub    esp,0x19c
   0x9ba47c2 <zend_call_function+66>:	mov    edi,DWORD PTR ds:0xac55ca0
=> 0x9ba47c8 <zend_call_function+72>:	mov    DWORD PTR [ebp-0x18c],eax
   0x9ba47ce <zend_call_function+78>:	test   edi,edi
   0x9ba47d0 <zend_call_function+80>:	
    jne    0x9bae338 <zend_call_function+39864>
   0x9ba47d6 <zend_call_function+86>:	xchg   ax,ax
   0x9ba47d8 <zend_call_function+88>:	lea    esp,[esp-0x10]
Invalid $SP address: 0xbf7fffb0
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x09ba47c8 in zend_call_function (fci=0xbf800270, fci_cache=0xbf8001f0)
    at /home/hjy/Desktop/php-7.1.8/Zend/zend_execute_API.c:677
677	{


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-08-04 04:37 UTC] zhihua dot yao at dbappsecurity dot com dot cn
Please closed,duplicate report.
 [2017-08-04 05:49 UTC]
-Status: Open +Status: Duplicate
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat May 21 03:05:45 2022 UTC