|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78711 Refreshable PHP crash
Submitted: 2019-10-21 11:55 UTC Modified: 2019-10-21 12:17 UTC
From: songmingxuan at cert dot org dot cn Assigned: cmb (profile)
Status: Duplicate Package: Reproducible crash
PHP Version: 7.4.0RC4 OS: #31~18.04.1-Ubuntu
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
20 + 36 = ?
Subscribe to this entry?

 [2019-10-21 11:55 UTC] songmingxuan at cert dot org dot cn
#php test.php

Test script:
spl_autoload_register(function ($name) {
  echo "IN:  autoload($name)\n";

  static $i = 0;
  if ($i++ > 10) {
      echo "-> Recursion detected - as expected.\n";

  class_exists('UndefinedClass' . $i);

  echo "OUT: autoload($name)\n";


Expected result:
I submitted it very seriously. haha~

Actual result:
Program received signal SIGSEGV, Segmentation fault.

RAX: 0x0 
RBX: 0x0 
RCX: 0x106 
RDX: 0x7fffff7ff0b8 --> 0x0 
RSI: 0x555556bc74fa --> 0x696c61766e49007a ('z')
RDI: 0x1 
RBP: 0x7ffff20be810 --> 0x0 
RSP: 0x7fffff7feff0 
RIP: 0x5555566e5768 (<zend_parse_parameters+8>:	mov    QWORD PTR [rsp],rdx)
R8 : 0x555557176680 --> 0x0 
R9 : 0x7fffff7ff270 --> 0x55555731af60 --> 0x55555718b620 --> 0x0 
R10: 0x55555718e9f0 --> 0x0 
R11: 0x7fffff7ff2e0 --> 0x7ffff20dedb0 --> 0x600000003 
R12: 0x7fffff7ff280 --> 0x555557199560 --> 0x100000001 
R13: 0x555557176708 --> 0x33f0 
R14: 0x7ffff20be810 --> 0x0 
R15: 0x555557199560 --> 0x100000001
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
   0x5555566e5758 <zend_parse_parameters_ex+408>:	
    call   0x55555566c000 <__stack_chk_fail@plt>
   0x5555566e575d:	nop    DWORD PTR [rax]
   0x5555566e5760 <zend_parse_parameters>:	lea    rsp,[rsp-0x98]
=> 0x5555566e5768 <zend_parse_parameters+8>:	mov    QWORD PTR [rsp],rdx
   0x5555566e576c <zend_parse_parameters+12>:	mov    QWORD PTR [rsp+0x8],rcx
   0x5555566e5771 <zend_parse_parameters+17>:	mov    QWORD PTR [rsp+0x10],rax
   0x5555566e5776 <zend_parse_parameters+22>:	mov    rcx,0x90bb
   0x5555566e577d <zend_parse_parameters+29>:	
    call   0x5555566f0ff8 <__afl_maybe_log>
Invalid $SP address: 0x7fffff7feff0
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00005555566e5768 in zend_parse_parameters (num_args=0x1, 
    type_spec=0x555556bc74fa "z")
    at /home/fuzz/Desktop/fuzz_php/php-7.4.0beta4/Zend/zend_API.c:1053
1053	{


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-21 12:17 UTC]
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2019-10-21 12:17 UTC]
Duplicate of bug #78703 again.  I don't think that fuzzing this script will reveal any new information.  Thanks.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Sep 23 07:01:25 2023 UTC