php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79821 Segfault in zend_get_properties_for
Submitted: 2020-07-09 05:45 UTC Modified: 2020-07-10 20:21 UTC
From: changochen1 at gmail dot com Assigned: twosee (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-09 (Git) OS:
Private report: No CVE-ID: None
 [2020-07-09 05:45 UTC] changochen1 at gmail dot com
Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==90629==ERROR: MemorySanitizer: SEGV on unknown address 0x0001000000c1 (pc 0x0000016f0d06 bp 0x2fff3f021520 sp 0x7fff3f021510 T90629)
==90629==The signal is caused by a READ memory access.
    #0 0x16f0d05 in zend_get_properties_for /home/yongheng/php_clean/Zend/zend_object_handlers.c:1783:22
    #1 0xfbd6ec in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:153:11
    #2 0xfbe156 in php_array_element_dump /home/yongheng/php_clean/ext/standard/var.c:47:2
    #3 0xfbe156 in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:136
    #4 0xfbe156 in php_array_element_dump /home/yongheng/php_clean/ext/standard/var.c:47:2
    #5 0xfbe156 in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:136
    #6 0xfbe156 in php_array_element_dump /home/yongheng/php_clean/ext/standard/var.c:47:2
    #7 0xfbe156 in php_var_dump /home/yongheng/php_clean/ext/standard/var.c:136
    #8 0xfbf671 in zif_var_dump /home/yongheng/php_clean/ext/standard/var.c:217:3
    #9 0x15763b2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #10 0x13ed9df in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:51800:7
    #11 0x13ee1d4 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56094:2
    #12 0x1338298 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #13 0x10c2327 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #14 0x171f571 in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:955:5
    #15 0x171b94f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1353:18
    #16 0x7f42389fbb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #17 0x440419 in _start (/home/yongheng/php_clean/asan/sapi/cli/php+0x440419)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_object_handlers.c:1783:22 in zend_get_properties_for
==90629==ABORTING
---

Test script:
---------------
<?
for ( ;;$a ++ )
    switch ( $a ) {
    case $b  = array (  $b, array ( & $_FILES   )   ) :
    case 3 :
        break 2 ;
    }
ob_start ( function () {$_FILES [] []=$buffer ;}, 20 ) ;
foreach ( $b as $c ) var_dump ( $c ) ;


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-10 20:21 UTC] twosee@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: twosee
 [2020-07-10 20:59 UTC] twosee@php.net
The following pull request has been associated:

Patch Name: Fixed bug #79821
On GitHub:  https://github.com/php/php-src/pull/5837
Patch:      https://github.com/php/php-src/pull/5837.patch
 [2020-07-10 22:24 UTC] twosee@php.net
Automatic comment on behalf of twose@qq.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=150504e6b1ea2b2eac3177c8cff2657a243da22c
Log: Fixed bug #79821
 [2020-07-10 22:24 UTC] twosee@php.net
-Status: Assigned +Status: Closed
 [2020-07-11 06:48 UTC] twosee@php.net
Automatic comment on behalf of twose@qq.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=56dec3cc73829cefe9817d4c59ea3873dde1f443
Log: Fixed bug #79830 introduced by fixing bug #79821
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 12:01:23 2020 UTC