PHP :: Bug #77844 :: Crash due to null pointer in parse_ini_string with INI_SCANNER

Bug #77844	Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED
Submitted:	2019-04-04 10:39 UTC	Modified:	2019-04-08 08:55 UTC
From:	hanno at hboeck dot de	Assigned:	nikic (profile)
Status:	Closed	Package:	*General Issues
PHP Version:	7.2	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2019-04-04 10:39 UTC] hanno at hboeck dot de

Description:
------------
The example command will cause a segfault.

With ASAN I get this stack trace, indicating a null pointer access:

==1102==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7f0cdd59b756 bp 0x7ffed002f990 sp 0x7ffed002f7f0 T0)
==1102==The signal is caused by a READ memory access.
==1102==Hint: address points to the zero page.
    #0 0x7f0cdd59b755  (/lib64/libc.so.6+0x3e755)
    #1 0x4bd858 in __interceptor_strtol (/r/php/php+0x4bd858)
    #2 0x177eb4c in atoi /usr/include/stdlib.h:363:16
    #3 0x177eb4c in zend_ini_do_op /f/php-7.3.3/Zend/zend_ini_parser.c:132
    #4 0x177ae78 in ini_parse /f/php-7.3.3/Zend/zend_ini_parser.c:1859:7
    #5 0x177defd in zend_parse_ini_string /f/php-7.3.3/Zend/zend_ini_parser.c:336:11
    #6 0x14a8294 in zif_parse_ini_string /f/php-7.3.3/ext/standard/basic_functions.c:6129:6
    #7 0x1bbc5a8 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /f/php-7.3.3/Zend/zend_vm_execute.h:690:2
    #8 0x19ef40c in execute_ex /f/php-7.3.3/Zend/zend_vm_execute.h:55334:7
    #9 0x19efcdf in zend_execute /f/php-7.3.3/Zend/zend_vm_execute.h:60881:2
    #10 0x183f138 in zend_eval_stringl /f/php-7.3.3/Zend/zend_execute_API.c:1018:4
    #11 0x183f85f in zend_eval_stringl_ex /f/php-7.3.3/Zend/zend_execute_API.c:1059:11
    #12 0x183f85f in zend_eval_string_ex /f/php-7.3.3/Zend/zend_execute_API.c:1070
    #13 0x1cc51c8 in do_cli /f/php-7.3.3/sapi/cli/php_cli.c:1030:8
    #14 0x1cc23e2 in main /f/php-7.3.3/sapi/cli/php_cli.c:1392:18
    #15 0x7f0cdd5814fa in __libc_start_main (/lib64/libc.so.6+0x244fa)
    #16 0x424419 in _start (/r/php/php+0x424419)


Test script:
---------------
php -r 'parse_ini_string("0=.0&0", TRUE, INI_SCANNER_TYPED);'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-04-08 08:52 UTC] nikic@php.net

-Summary: Crass due to null pointer in parse_ini_string with INI_SCANNER_TYPED +Summary: Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED -Status: Open +Status: Verified -PHP Version: 7.3.3 +PHP Version: 7.2

[2019-04-08 08:52 UTC] nikic@php.net

Also segfaults on PHP 7.2.

[2019-04-08 08:55 UTC] nikic@php.net

-Status: Verified +Status: Assigned -Assigned To: +Assigned To: nikic

[2019-04-08 09:13 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eea61cda7df1466a1f40a17c21b65901c1c68ce0
Log: Fixed bug #77844

[2019-04-08 09:13 UTC] nikic@php.net

-Status: Assigned +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 07:00:01 2025 UTC