php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79250 EG(current_module) NULL during property declaration
Submitted: 2020-02-10 11:21 UTC Modified: 2020-02-10 16:54 UTC
From: KseniMailWOW at gmail dot com Assigned:
Status: Open Package: Class/Object related
PHP Version: 7.4.3RC1 OS: All (Windows7+)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2020-02-10 11:21 UTC] KseniMailWOW at gmail dot com
Description:
------------
Semple PHP initialization https://pastebin.com/64XuRa4k

Calling zend_declare_property_* results in an empty memory access error (AV MEMORY READ).

The culprit became empty EG(current_module) In the new procedure is_persistent_class (https://github.com/php/php-src/blob/cb7b21009b951d6a08fa948c775c141f6666204c/Zend/zend_API.c#L3474)

Test script:
---------------
zend_class_entry tmp;
INIT_CLASS_ENTRY(tmp, "Hgyjy", NULL);
return zend_register_internal_class(&tmp);	

Replacing with, works great!!!!!!!!!!!!!!!!!!!!!!!!
static zend_always_inline zend_bool is_persistent_class(zend_class_entry *ce) {
	return (ce->type & ZEND_INTERNAL_CLASS)
		&& (!ce->info.internal.module || ce->info.internal.module->type == MODULE_PERSISTENT);
}


OR :

static zend_always_inline zend_bool is_persistent_class(zend_class_entry *ce) {
	return (ce->type & ZEND_INTERNAL_CLASS) && (ce->info.internal.module && (ce->info.internal.module->type == MODULE_PERSISTENT));
}




Patches

ErrorCorrectingFunction (last revision 2020-02-10 11:23 UTC by KseniMailWOW at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-10 11:23 UTC] KseniMailWOW at gmail dot com
The following patch has been added/updated:

Patch Name: ErrorCorrectingFunction
Revision:   1581333832
URL:        https://bugs.php.net/patch-display.php?bug=79250&patch=ErrorCorrectingFunction&revision=1581333832
 [2020-02-10 11:33 UTC] nikic@php.net
-Summary: PHP7.4+ +Summary: EG(current_module) NULL during property declaration
 [2020-02-10 11:33 UTC] nikic@php.net
Your link does not show a use of zend_declare_property_*. Can you please show at which point you execute this call?
 [2020-02-10 16:50 UTC] KseniMailWOW at gmail dot com
Sorry for not immediately providing the full code that shows errors

https://pastebin.com/1K4iiEH3

Code execution works well, but standard functions fail a function call is_persistent_class
 [2020-02-10 16:54 UTC] KseniMailWOW at gmail dot com
Working code happens in function void Test()

This function starts after : php_request_startup

	if (sapi_module.startup(&sapi_module) != FAILURE) {
        SessionInit2 = php_request_startup()!=FAILURE;
	
		if(SessionInit2) Test();
	}


	
	// zend_declare_property_null(register_class_entry, "line", sizeof("line")-1, ZEND_ACC_PROTECTED);
	// ERROR!!! 
	// Project Project1.exe raised exception class $C0000005 with message 'access violation at 0x682d7e47: read of address 0x0000004c'.
	// php7ts.zend_declare_property:
	// 682D7E30 53               push ebx
	// 682D7E31 8B5C2408         mov ebx,[esp+$08]
	// 682D7E35 55               push ebp
	// 682D7E36 8B6C2414         mov ebp,[esp+$14]
	// 682D7E3A 56               push esi
	// 682D7E3B F60301           test byte ptr [ebx],$01
	// 682D7E3E 57               push edi
	// 682D7E3F 7413             jz $682d7e54
	// 682D7E41 8B8318010000     mov eax,[ebx+$00000118]
	// 682D7E47 80784C01         cmp byte ptr [eax+$4c],$01 !!!!!!!!!!!!!!!!
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Oct 24 04:01:23 2020 UTC