php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77279 addslashes problem
Submitted: 2018-12-10 16:57 UTC Modified: 2019-01-02 11:42 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: kabikov at sst dot su Assigned:
Status: Duplicate Package: Strings related
PHP Version: 7.3.0 OS: FreeBSD 11
Private report: No CVE-ID: None
 [2018-12-10 16:57 UTC] kabikov at sst dot su
Description:
------------
php /tmp/1.php

PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 1147720050061953400 bytes) in /tmp/1.php on line 2

Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 1147720050061953400 bytes) in /tmp/1.php on line 2

Test script:
---------------
<?php
$a=""; $b=addslashes(serialize($a)); echo '['.$b.']';

Expected result:
----------------
empty string serialized

Actual result:
--------------
Fatal error

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-10 17:00 UTC] kabikov at sst dot su
-Summary: empty string serialization +Summary: addslashes problem
 [2018-12-10 17:00 UTC] kabikov at sst dot su
seems more related to addslashes function
 [2018-12-14 13:05 UTC] cmb@php.net
-Status: Open +Status: Verified -Package: Unknown/Other Function +Package: Strings related
 [2018-12-14 13:05 UTC] cmb@php.net
Simpler reproducer:

<?php
var_dump(addslashes('"'));
 [2018-12-27 13:05 UTC] pascal dot christen at hostpoint dot ch
Same problem with PHP7.3 on FreeBSD 11.2. 

valgrind --leak-check=full /usr/local/php73/bin/php -n base64.php
....

==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BAF9A: zend_new_interned_string_permanent (in /usr/local/php73/bin/php)
==98733==    by 0x594EBC: zend_register_functions (in /usr/local/php73/bin/php)
==98733==    by 0x5965AC: do_register_internal_class (in /usr/local/php73/bin/php)
==98733==    by 0x46E859: spl_register_std_class (in /usr/local/php73/bin/php)
==98733==    by 0x47A644: zm_startup_spl_array (in /usr/local/php73/bin/php)
==98733==    by 0x46E624: zm_startup_spl (in /usr/local/php73/bin/php)
==98733==    by 0x59439A: zend_startup_module_ex (in /usr/local/php73/bin/php)
==98733==    by 0x5947EB: zend_startup_module_zval (in /usr/local/php73/bin/php)
==98733==    by 0x5A13A1: zend_hash_apply (in /usr/local/php73/bin/php)
==98733==    by 0x5946AE: zend_startup_modules (in /usr/local/php73/bin/php)
==98733==    by 0x529216: php_module_startup (in /usr/local/php73/bin/php)
==98733==    by 0x64F32C: php_cli_startup (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BB586: zend_string_equal_val (in /usr/local/php73/bin/php)
==98733==    by 0x5A26BD: zend_hash_find (in /usr/local/php73/bin/php)
==98733==    by 0x56EC1F: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733==    by 0x58EE46: zend_execute_scripts (in /usr/local/php73/bin/php)
==98733==    by 0x52A411: php_execute_script (in /usr/local/php73/bin/php)
==98733==    by 0x64F0F8: do_cli (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BAA06: zend_new_interned_string_request (in /usr/local/php73/bin/php)
==98733==    by 0x56606A: zend_emit_op (in /usr/local/php73/bin/php)
==98733==    by 0x56ECC9: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733==    by 0x58EE46: zend_execute_scripts (in /usr/local/php73/bin/php)
==98733==    by 0x52A411: php_execute_script (in /usr/local/php73/bin/php)
==98733==    by 0x64F0F8: do_cli (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BB586: zend_string_equal_val (in /usr/local/php73/bin/php)
==98733==    by 0x5A26BD: zend_hash_find (in /usr/local/php73/bin/php)
==98733==    by 0x56EC1F: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x56B9B9: zend_compile_args (in /usr/local/php73/bin/php)
==98733==    by 0x56BDD7: zend_compile_call_common (in /usr/local/php73/bin/php)
==98733==    by 0x56ECEE: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733== 
==98733== Conditional jump or move depends on uninitialised value(s)
==98733==    at 0x5BAA06: zend_new_interned_string_request (in /usr/local/php73/bin/php)
==98733==    by 0x56606A: zend_emit_op (in /usr/local/php73/bin/php)
==98733==    by 0x56ECC9: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x56B9B9: zend_compile_args (in /usr/local/php73/bin/php)
==98733==    by 0x56BDD7: zend_compile_call_common (in /usr/local/php73/bin/php)
==98733==    by 0x56ECEE: zend_compile_call (in /usr/local/php73/bin/php)
==98733==    by 0x569A16: zend_compile_assign (in /usr/local/php73/bin/php)
==98733==    by 0x571D01: zend_compile_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x5789A0: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x578989: zend_compile_top_stmt (in /usr/local/php73/bin/php)
==98733==    by 0x550B82: zend_compile (in /usr/local/php73/bin/php)
==98733==    by 0x550A3B: compile_file (in /usr/local/php73/bin/php)
==98733== 

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 1147720050061953400 bytes) in /root/pchristen/wordpress/base64.php on line 10
==98733== 
==98733== HEAP SUMMARY:
==98733==     in use at exit: 82,690 bytes in 28 blocks
==98733==   total heap usage: 6,708 allocs, 6,680 frees, 1,343,761 bytes allocated
==98733== 
==98733== LEAK SUMMARY:
==98733==    definitely lost: 0 bytes in 0 blocks
==98733==    indirectly lost: 0 bytes in 0 blocks
==98733==      possibly lost: 0 bytes in 0 blocks
==98733==    still reachable: 82,690 bytes in 28 blocks
==98733==         suppressed: 0 bytes in 0 blocks
==98733== Reachable blocks (those to which a pointer was found) are not shown.
==98733== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==98733== 
==98733== For counts of detected and suppressed errors, rerun with: -v
==98733== Use --track-origins=yes to see where uninitialised values come from
==98733== ERROR SUMMARY: 179 errors from 25 contexts (suppressed: 0 from 0)
 [2019-01-02 11:42 UTC] nikic@php.net
-Status: Verified +Status: Duplicate
 [2019-01-02 11:42 UTC] nikic@php.net
Closing as a duplicate of bug #77284, as the root cause is the same, just with a different function.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon May 27 03:01:26 2019 UTC