go to bug id or search bugs for
When a lower cased string is passed as $additional_headers
argument to mail(), it may be zend_string_released() twice. I
have noticed this when looking at PR #4995, where
bug72463_2.phpt often results in a segfault; I couldn't reproduce
the segfault with other versions, but still this double release
looks very wrong.
mail('email@example.com', 'test', 'test message', 'from: firstname.lastname@example.org');
Add a Patch
Add a Pull Request
Issue has been introduced with commit a5bc5ae, so PHP 7.2 is
This affects Windows only.
Stas, can you handle this please?
Sure. Not clear how this got into PCRE2 patch?
Not sure it's even exploitable, but since mail could deal with external data, I'll add a CVE just in case.
The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.
Automatic comment on behalf of email@example.com
Log: Fix #78943: mail() may release string with refcount==1 twice