php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79780 Stack overflow in zend_string_init
Submitted: 2020-07-04 00:34 UTC Modified: 2020-07-04 00:42 UTC
From: changochen1 at gmail dot com Assigned:
Status: Duplicate Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-04 (Git) OS:
Private report: No CVE-ID: None
 [2020-07-04 00:34 UTC] changochen1 at gmail dot com
Description:
------------
Cmdline: php -f poc

Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==216578==ERROR: MemorySanitizer: stack-overflow on address 0x7ffc286a4cf8 (pc 0x00000044c652 bp 0x7ffc286a5540 sp 0x7ffc286a4ce0 T216578)
    #0 0x44c651 in __msan_memcpy.part.330 (/home/yongheng/php_clean/bld/sapi/cli/php+0x44c651)
    #1 0x134c0b4 in zend_string_init /home/yongheng/php_clean/Zend/zend_string.h:165:2
    #2 0x134c0b4 in zend_long_to_str /home/yongheng/php_clean/Zend/zend_operators.c:2890
    #3 0x134c0b4 in _convert_to_string /home/yongheng/php_clean/Zend/zend_operators.c:630
    #4 0x138b210 in zend_parse_arg_str_weak /home/yongheng/php_clean/Zend/zend_API.c:493:3
    #5 0x138b73c in zend_parse_arg_str_slow /home/yongheng/php_clean/Zend/zend_API.c:517:9
    #6 0x1402966 in zend_parse_arg_str /home/yongheng/php_clean/Zend/zend_API.h:1784:10
    #7 0x1402966 in class_exists_impl /home/yongheng/php_clean/Zend/zend_builtin_functions.c:1053
    #8 0x15c5942 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1236:2
    #9 0x142669f in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:51852:7
    #10 0x132a6fa in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:803:3
    #11 0x132cb58 in zend_call_known_function /home/yongheng/php_clean/Zend/zend_execute_API.c:890:15
    #12 0xd3cd88 in spl_perform_autoload /home/yongheng/php_clean/ext/spl/php_spl.c:447:3
    #13 0x132e090 in zend_lookup_class_ex /home/yongheng/php_clean/Zend/zend_execute_API.c:1015:7
...
---

Test script:
---------------
<?
spl_autoload_register (
    function () {
        static $a ;
        $a ++  ;
        class_exists ( $a ) ;
    }
) ;
class_exists ( 'x' )  ;


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-04 00:42 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2020-07-04 00:42 UTC] requinix@php.net
Duplicate of #64196.
 [2020-07-04 00:42 UTC] requinix@php.net
And by the I mean bug #64196
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Sep 18 06:01:25 2020 UTC