php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79258 Seg fault in zend_hash_next_index_insert
Submitted: 2020-02-11 17:11 UTC Modified: 2020-08-04 14:13 UTC
From: changochen1 at gmail dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: master-Git-2020-02-11 (Git) OS: ALL
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-02-11 17:11 UTC] changochen1 at gmail dot com 
Description:
------------
Segmentation fault in zend_hash_next_index_insert.

Php version:
`PHP 8.0.0-dev (cli) (built: Jan 31 2020 21:52:09) ( NTS )`


Run script:
`php -f poc.php`

Stack dump:
```
==289871==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000e8e458 bp 0x7ffd35627020 sp 0x7ffd35626f60 T0)
    #0 0xe8e457 in zend_hash_next_index_insert (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe8e457)
    #1 0x1206544 in ZEND_ASSIGN_DIM_SPEC_CV_UNUSED_OP_DATA_CV_HANDLER (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1206544)
    #2 0x127844f in execute_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x127844f)
    #3 0x127aab7 in zend_execute (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x127aab7)
    #4 0xe43dfb in zend_execute_scripts (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xe43dfb)
    #5 0xcab3b7 in php_execute_script (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xcab3b7)
    #6 0x1280971 in do_cli (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1280971)
    #7 0x1282acb in main (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1282acb)
    #8 0x7f09d3a3b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #9 0x428a78 in _start (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x428a78)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 zend_hash_next_index_insert
==289871==ABORTING
```

Test script:
---------------
<?php
function exception_error_handler ( $severity , $message , $file , $line ) {
        ( $file ) ;
        ( [ ] ) ;
        foreach ( $GLOBALS as & $v ) gettype ( [ $i = $a = ( ini_get ( 'internal_encoding' ) ) ] [ ++ $i ] > $a [ ++ $i ] [ ++ var_dump ( func_get_args ( empty ( $a [ array ( 'expected_array' => array ( '0' , 'empty' => array ( 'expected_array' => array ( '-' [ -2 ] , 1 , 'foo' ) , 40 ) ) ) ] ) ) ) [ $a [ $a ] = 1 ] ] ) ;
}
set_error_handler ( 'exception_error_handler' ) ;
function & obHandler ( ) { try { return ;
}
catch ( Exception $e ) { return (string) $severity ;
}
return $buffer ;
}
$a = array ( 0 , 1 ) ;
$b [ ] = 2 ;
foreach ( spl_autoload_register ( print_r ( 11 , 50 == ob_start ( ) ) , $a [ ] = $s ) [ $a = array ( ) ] as $b [ 0 ] ) var_dump ( func_get_args ( ) ) ;

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-12 06:41 UTC] laruence@php.net 
I this this is related to #79259
 [2020-08-04 14:13 UTC] changochen1 at gmail dot com
-Status: Open +Status: Closed
 [2020-08-04 14:13 UTC] changochen1 at gmail dot com 
Seems already fixed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 17:01:31 2024 UTC