PHP :: Bug #79836 :: Segfault in concat

Bug #79836

Segfault in concat_function

Submitted:

2020-07-11 20:14 UTC

Modified:

2023-05-16 21:09 UTC

Votes:	1
Avg. Score:	2.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

changochen1 at gmail dot com

Assigned:

nielsdos (profile)

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

8.0Git-2020-07-11 (Git)

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2020-07-11 20:14 UTC] changochen1 at gmail dot com

Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==167862==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000010 (pc 0x000001367a21 bp 0x000000000000 sp 0x7fffd3643eb0 T167862)
==167862==The signal is caused by a READ memory access.
==167862==Hint: address points to the zero page.
    #0 0x1367a20 in concat_function /home/yongheng/php_clean/Zend/zend_operators.c:1847:6
    #1 0x14c91a9 in zend_binary_op /home/yongheng/php_clean/Zend/zend_execute.c:1290:9
    #2 0x14c91a9 in ZEND_ASSIGN_OP_SPEC_CV_TMPVAR_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:41337
    #3 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #4 0x1334451 in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:785:3
    #5 0xe760d2 in zif_array_map /home/yongheng/php_clean/ext/standard/array.c:6061:10
    #6 0x15dbed2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #7 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #8 0x1431214 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56362:2
    #9 0x138d418 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #10 0x10f0cf9 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #11 0x179c8af in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:951:5
    #12 0x1798c9f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1349:18
    #13 0x7f9d81a3bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #14 0x43fa49 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43fa49)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_operators.c:1847:6 in concat_function
==167862==ABORTING
---

Test script:
---------------
<?
for ( ; $b < 8 ; ob_start ( function () use ( & $c ) { $c = $d ;}, 1 ) )
    str_replace ( $e , 0 , 'x' , $a  [ ++ $b ] ) ;
array_map ( function () use ( & $c ) {
    $c .= debug_backtrace () ;
}, $a );

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2023-05-16 21:09 UTC] nielsdos@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nielsdos

[2023-05-16 21:09 UTC] nielsdos@php.net

The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

Fixed in https://github.com/php/php-src/commit/727e26f9f27ed0737fdbf6d2626d37a916e08c22

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Sat Sep 30 11:01:24 2023 UTC