php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79815 Segfault in zend_string_release_ex
Submitted: 2020-07-09 05:24 UTC Modified: 2020-08-04 14:14 UTC
From: changochen1 at gmail dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-09 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-09 05:24 UTC] changochen1 at gmail dot com
Description:
------------
Build config: '--enable-debug-assertions' '--enable-memory-sanitizer'

Stack dump:
---
==136341==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000084 (pc 0x00000133bb1f bp 0x0000ffffffff sp 0x7fff35759370 T136341)
==136341==The signal is caused by a READ memory access.
==136341==Hint: address points to the zero page.
    #0 0x133bb1e in zend_string_release_ex /home/yongheng/php_clean/Zend/zend_string.h:303:7
    #1 0x133bb1e in destroy_op_array /home/yongheng/php_clean/Zend/zend_opcode.c:480
    #2 0x1325ed0 in shutdown_executor /home/yongheng/php_clean/Zend/zend_execute_API.c:382:5
    #3 0x137f423 in zend_deactivate /home/yongheng/php_clean/Zend/zend.c:1206:2
    #4 0x10e72b3 in php_request_shutdown /home/yongheng/php_clean/main/main.c:1842:2
    #5 0x17895cd in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:1124:3
    #6 0x1788c0f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1353:18
    #7 0x7f21ba54db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #8 0x43f9d9 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43f9d9)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_string.h:303:7 in zend_string_release_ex
==136341==ABORTING
---

Test script:
---------------
<?
var_dump ( $m -> a ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $argv  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( $m [ 0 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 2 ] ) ;
var_dump ( $validGtOrEqual [ isset ( array ( - $f > unlink ( 'x' ) ) [ 0 ] ) ? var_dump ( 4 , 0 , 0 , 8 , array ( $valid_false , ob_start ( function ( $class_name ) {                 $counter ;                 static $a , $b , $c , $d , $e ;                  n . strtolower ( array ( o , $valid_true , p , false , array_merge , NULL , $$$$g , $valid_int2 , $invalid_int2 , $h , $valid_float1 , $invalid_float1 , $i , $valid_float2 , $invalid_float2 ) ) . 'x'  ;                 'x' . class_name . 'x' ;                 }
) , $j , $$$$invalid_int2 , 'x' => glob  ( [ include __FILE__ ] )  [ array_key_exists  ] [ k ] , $$invalid_float1 , i , valid_float2 , invalid_float2 )   ) : NULL ] ) ( m [  ] )                   ()                    ( m [] ) ;
var_dump ( $m [ 'x' ] ) ;
var_dump ( $m [ 'x' ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $l ) ;
$wrongClassname :: $methodname () . 'x' ;


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-04 14:14 UTC] changochen1 at gmail dot com
-Status: Open +Status: Closed
 [2020-08-04 14:14 UTC] changochen1 at gmail dot com
Seems already fixed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Nov 26 16:01:23 2020 UTC