php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79207 Stackoverflow with header callback
Submitted: 2020-02-01 17:51 UTC Modified: 2020-02-04 14:06 UTC
From: changochen1 at gmail dot com Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: master-Git-2020-02-01 (Git) OS: ALL
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-02-01 17:51 UTC] changochen1 at gmail dot com
Description:
------------
The following test script triggers stack overflow in the latest code of php(PHP 8.0.0-dev (cli) (built: Jan 28 2020 14:15:44) ( NTS )). The crash locations varies each time we run it.

Run the script with "php -f poc.php", and with asan we got:

===
==121897==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd2563ae68 (pc 0x00000123867a bp 0x7ffd2563de60 sp 0x7ffd2563ae60 T0)
    #0 0x1238679 in execute_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1238679)
    #1 0xdf5a2f in zend_call_function (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf5a2f)
    #2 0x91a287 in zif_spl_autoload_call (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x91a287)
    #3 0xdf5c7d in zend_call_function (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf5c7d)
    #4 0xdf7f71 in zend_lookup_class_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf7f71)
    #5 0xdfa8dd in zend_fetch_class_by_name (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdfa8dd)
...
===

Test script:
---------------
<?
spl_autoload_register ( function () {
		header_register_callback ( function () {
				new a    ;
				}
				)    ;
		}
		) ;
class a implements b {       }


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-01 19:42 UTC] stas@php.net
-Type: Security +Type: Bug -Package: CGI/CLI related +Package: Scripting Engine problem
 [2020-02-04 14:06 UTC] nikic@php.net
-Summary: Stackoverflow in cli/php +Summary: Stackoverflow with header callback
 [2020-02-04 14:06 UTC] nikic@php.net
The stack overflow is principally due to bug #64196. However, there might be a header_register_callback specific issue here, because we probably shouldn't be recursing into the header callback when trying to emit a header while inside the callback.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 07 11:01:28 2024 UTC