php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79836 Segfault in concat_function
Submitted: 2020-07-11 20:14 UTC Modified: 2023-05-16 21:09 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: changochen1 at gmail dot com Assigned: nielsdos (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-11 (Git) OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-11 20:14 UTC] changochen1 at gmail dot com
Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==167862==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000010 (pc 0x000001367a21 bp 0x000000000000 sp 0x7fffd3643eb0 T167862)
==167862==The signal is caused by a READ memory access.
==167862==Hint: address points to the zero page.
    #0 0x1367a20 in concat_function /home/yongheng/php_clean/Zend/zend_operators.c:1847:6
    #1 0x14c91a9 in zend_binary_op /home/yongheng/php_clean/Zend/zend_execute.c:1290:9
    #2 0x14c91a9 in ZEND_ASSIGN_OP_SPEC_CV_TMPVAR_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:41337
    #3 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #4 0x1334451 in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:785:3
    #5 0xe760d2 in zif_array_map /home/yongheng/php_clean/ext/standard/array.c:6061:10
    #6 0x15dbed2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #7 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #8 0x1431214 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56362:2
    #9 0x138d418 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #10 0x10f0cf9 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #11 0x179c8af in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:951:5
    #12 0x1798c9f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1349:18
    #13 0x7f9d81a3bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #14 0x43fa49 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43fa49)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_operators.c:1847:6 in concat_function
==167862==ABORTING
---

Test script:
---------------
<?
for ( ; $b < 8 ; ob_start ( function () use ( & $c ) { $c = $d ;}, 1 ) )
    str_replace ( $e , 0 , 'x' , $a  [ ++ $b ] ) ;
array_map ( function () use ( & $c ) {
    $c .= debug_backtrace () ;
}, $a );


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2023-05-16 21:09 UTC] nielsdos@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nielsdos
 [2023-05-16 21:09 UTC] nielsdos@php.net
The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

Fixed in https://github.com/php/php-src/commit/727e26f9f27ed0737fdbf6d2626d37a916e08c22
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 20:01:27 2024 UTC