php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79819 Segfault in zend_std_write_property
Submitted: 2020-07-09 05:42 UTC Modified: -
From: changochen1 at gmail dot com Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-09 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-09 05:42 UTC] changochen1 at gmail dot com 
Description:
------------
Stack dump:
---
==127709==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000004 (pc 0x0000016e0168 bp 0x000000000000 sp 0x7ffd9079ffa0 T127709)
==127709==The signal is caused by a READ memory access.
==127709==Hint: address points to the zero page.
    #0 0x16e0167 in zend_std_write_property /home/yongheng/php_clean/Zend/zend_object_handlers.c:715:89
    #1 0x1374b47 in zend_update_property_ex /home/yongheng/php_clean/Zend/zend_API.c:3951:2
    #2 0x16485fb in zend_default_exception_new_ex /home/yongheng/php_clean/Zend/zend_exceptions.c:242:3
    #3 0x134ec06 in _object_and_properties_init /home/yongheng/php_clean/Zend/zend_API.c:1358:3
    #4 0x134ec06 in object_init_ex /home/yongheng/php_clean/Zend/zend_API.c:1372
    #5 0x1646f6f in zend_throw_exception_zstr /home/yongheng/php_clean/Zend/zend_exceptions.c:832:2
    #6 0x1638688 in zend_throw_exception /home/yongheng/php_clean/Zend/zend_exceptions.c:852:20
    #7 0x1336c83 in zend_throw_error /home/yongheng/php_clean/Zend/zend.c:1546:3
    #8 0x13020b7 in _convert_to_string /home/yongheng/php_clean/Zend/zend_operators.c:655:5
    #9 0x11139c5 in php_output_handler_op /home/yongheng/php_clean/main/output.c:964:6
    #10 0x11123a7 in php_output_op /home/yongheng/php_clean/main/output.c:1057:4
    #11 0x1111cd8 in php_output_write /home/yongheng/php_clean/main/output.c:252:3
    #12 0x10b6e67 in php_printf /home/yongheng/php_clean/main/main.c:882:8
    #13 0x10c01d4 in php_error_cb /home/yongheng/php_clean/main/main.c
    #14 0x13356c4 in zend_error_impl /home/yongheng/php_clean/Zend/zend.c
    #15 0x1334a02 in zend_error_va_list /home/yongheng/php_clean/Zend/zend.c:1413:2
    #16 0x1334a02 in zend_error /home/yongheng/php_clean/Zend/zend.c:1485
    #17 0x13e1c8f in zend_param_must_be_ref /home/yongheng/php_clean/Zend/zend_execute.c:1971:2
    #18 0x12e3564 in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:742:6
    #19 0x12e267c in _call_user_function_ex /home/yongheng/php_clean/Zend/zend_execute_API.c:633:9
    #20 0x1337a7f in zend_user_exception_handler /home/yongheng/php_clean/Zend/zend.c:1634:6
    #21 0x1338466 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1671:6
    #22 0x10c2327 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #23 0x171f571 in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:955:5
    #24 0x171b94f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1353:18
    #25 0x7fcbf120ab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #26 0x440419 in _start (/home/yongheng/php_clean/asan/sapi/cli/php+0x440419)
---

Expected result:
----------------
<?
try {
    set_exception_handler ( function ( & $a ) {     })  ;
}
catch ( b ) {       }
list (  $c [ ob_start ( function (){
    return new stdClass ;}, 20 ) ] , $c  ) = new ArrayIterator;

Patches

Add a Patch

Pull Requests

Add a Pull Request
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Tue Nov 28 20:01:27 2023 UTC