php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79819 Segfault in zend_std_write_property
Submitted: 2020-07-09 05:42 UTC Modified: -
From: changochen1 at gmail dot com Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-09 (Git) OS:
Private report: No CVE-ID: None
 [2020-07-09 05:42 UTC] changochen1 at gmail dot com
Description:
------------
Stack dump:
---
==127709==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000004 (pc 0x0000016e0168 bp 0x000000000000 sp 0x7ffd9079ffa0 T127709)
==127709==The signal is caused by a READ memory access.
==127709==Hint: address points to the zero page.
    #0 0x16e0167 in zend_std_write_property /home/yongheng/php_clean/Zend/zend_object_handlers.c:715:89
    #1 0x1374b47 in zend_update_property_ex /home/yongheng/php_clean/Zend/zend_API.c:3951:2
    #2 0x16485fb in zend_default_exception_new_ex /home/yongheng/php_clean/Zend/zend_exceptions.c:242:3
    #3 0x134ec06 in _object_and_properties_init /home/yongheng/php_clean/Zend/zend_API.c:1358:3
    #4 0x134ec06 in object_init_ex /home/yongheng/php_clean/Zend/zend_API.c:1372
    #5 0x1646f6f in zend_throw_exception_zstr /home/yongheng/php_clean/Zend/zend_exceptions.c:832:2
    #6 0x1638688 in zend_throw_exception /home/yongheng/php_clean/Zend/zend_exceptions.c:852:20
    #7 0x1336c83 in zend_throw_error /home/yongheng/php_clean/Zend/zend.c:1546:3
    #8 0x13020b7 in _convert_to_string /home/yongheng/php_clean/Zend/zend_operators.c:655:5
    #9 0x11139c5 in php_output_handler_op /home/yongheng/php_clean/main/output.c:964:6
    #10 0x11123a7 in php_output_op /home/yongheng/php_clean/main/output.c:1057:4
    #11 0x1111cd8 in php_output_write /home/yongheng/php_clean/main/output.c:252:3
    #12 0x10b6e67 in php_printf /home/yongheng/php_clean/main/main.c:882:8
    #13 0x10c01d4 in php_error_cb /home/yongheng/php_clean/main/main.c
    #14 0x13356c4 in zend_error_impl /home/yongheng/php_clean/Zend/zend.c
    #15 0x1334a02 in zend_error_va_list /home/yongheng/php_clean/Zend/zend.c:1413:2
    #16 0x1334a02 in zend_error /home/yongheng/php_clean/Zend/zend.c:1485
    #17 0x13e1c8f in zend_param_must_be_ref /home/yongheng/php_clean/Zend/zend_execute.c:1971:2
    #18 0x12e3564 in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:742:6
    #19 0x12e267c in _call_user_function_ex /home/yongheng/php_clean/Zend/zend_execute_API.c:633:9
    #20 0x1337a7f in zend_user_exception_handler /home/yongheng/php_clean/Zend/zend.c:1634:6
    #21 0x1338466 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1671:6
    #22 0x10c2327 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #23 0x171f571 in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:955:5
    #24 0x171b94f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1353:18
    #25 0x7fcbf120ab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #26 0x440419 in _start (/home/yongheng/php_clean/asan/sapi/cli/php+0x440419)
---

Expected result:
----------------
<?
try {
    set_exception_handler ( function ( & $a ) {     })  ;
}
catch ( b ) {       }
list (  $c [ ob_start ( function (){
    return new stdClass ;}, 20 ) ] , $c  ) = new ArrayIterator;


Patches

Pull Requests

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 07 00:01:28 2024 UTC