php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79815 Segfault in zend_string_release_ex
Submitted: 2020-07-09 05:24 UTC Modified: 2020-08-04 14:14 UTC
From: changochen1 at gmail dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-09 (Git) OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-09 05:24 UTC] changochen1 at gmail dot com
Description:
------------
Build config: '--enable-debug-assertions' '--enable-memory-sanitizer'

Stack dump:
---
==136341==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000084 (pc 0x00000133bb1f bp 0x0000ffffffff sp 0x7fff35759370 T136341)
==136341==The signal is caused by a READ memory access.
==136341==Hint: address points to the zero page.
    #0 0x133bb1e in zend_string_release_ex /home/yongheng/php_clean/Zend/zend_string.h:303:7
    #1 0x133bb1e in destroy_op_array /home/yongheng/php_clean/Zend/zend_opcode.c:480
    #2 0x1325ed0 in shutdown_executor /home/yongheng/php_clean/Zend/zend_execute_API.c:382:5
    #3 0x137f423 in zend_deactivate /home/yongheng/php_clean/Zend/zend.c:1206:2
    #4 0x10e72b3 in php_request_shutdown /home/yongheng/php_clean/main/main.c:1842:2
    #5 0x17895cd in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:1124:3
    #6 0x1788c0f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1353:18
    #7 0x7f21ba54db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #8 0x43f9d9 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43f9d9)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_string.h:303:7 in zend_string_release_ex
==136341==ABORTING
---

Test script:
---------------
<?
var_dump ( $m -> a ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $argv  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( empty ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( isset ( $m  ) ) ;
var_dump ( $m [ 0 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 2 ] ) ;
var_dump ( $validGtOrEqual [ isset ( array ( - $f > unlink ( 'x' ) ) [ 0 ] ) ? var_dump ( 4 , 0 , 0 , 8 , array ( $valid_false , ob_start ( function ( $class_name ) {                 $counter ;                 static $a , $b , $c , $d , $e ;                  n . strtolower ( array ( o , $valid_true , p , false , array_merge , NULL , $$$$g , $valid_int2 , $invalid_int2 , $h , $valid_float1 , $invalid_float1 , $i , $valid_float2 , $invalid_float2 ) ) . 'x'  ;                 'x' . class_name . 'x' ;                 }
) , $j , $$$$invalid_int2 , 'x' => glob  ( [ include __FILE__ ] )  [ array_key_exists  ] [ k ] , $$invalid_float1 , i , valid_float2 , invalid_float2 )   ) : NULL ] ) ( m [  ] )                   ()                    ( m [] ) ;
var_dump ( $m [ 'x' ] ) ;
var_dump ( $m [ 'x' ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $m [ 1 ] ) ;
var_dump ( $l ) ;
$wrongClassname :: $methodname () . 'x' ;


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-04 14:14 UTC] changochen1 at gmail dot com
-Status: Open +Status: Closed
 [2020-08-04 14:14 UTC] changochen1 at gmail dot com
Seems already fixed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Tue Jul 01 00:01:36 2025 UTC