php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79838 Segfault in zend_mm_alloc_small
Submitted: 2020-07-11 20:19 UTC Modified: -
From: changochen1 at gmail dot com Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 8.0Git-2020-07-11 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-11 20:19 UTC] changochen1 at gmail dot com
Description:
------------
Stack dump:
---
MemorySanitizer:DEADLYSIGNAL
==105525==ERROR: MemorySanitizer: SEGV on unknown address 0x000000000000 (pc 0x000001215105 bp 0x000000000000 sp 0x7ffc65fe52f0 T105525)
==105525==The signal is caused by a READ memory access.
==105525==Hint: address points to the zero page.
    #0 0x1215104 in zend_mm_alloc_small /home/yongheng/php_clean/Zend/zend_alloc.c:1255:33
    #1 0x1215104 in zend_mm_alloc_heap /home/yongheng/php_clean/Zend/zend_alloc.c:1326
    #2 0x112dd51 in zend_string_alloc /home/yongheng/php_clean/Zend/zend_string.h:141:36
    #3 0x112dd51 in zend_string_init /home/yongheng/php_clean/Zend/zend_string.h:163
    #4 0x112dd51 in zend_string_init_fast /home/yongheng/php_clean/Zend/zend_string.h:173
    #5 0x112dd51 in import_environment_variable /home/yongheng/php_clean/main/php_variables.c:549
    #6 0x112dd51 in _php_import_environment_variables /home/yongheng/php_clean/main/php_variables.c:563
    #7 0x15dbed2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:1226:2
    #8 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #9 0x1334451 in zend_call_function /home/yongheng/php_clean/Zend/zend_execute_API.c:785:3
    #10 0x13bc6b6 in zend_fcall_info_call /home/yongheng/php_clean/Zend/zend_API.c:3495:11
    #11 0x1146ef8 in php_output_handler_op /home/yongheng/php_clean/main/output.c:960:19
    #12 0x1151eaa in php_output_stack_apply_op /home/yongheng/php_clean/main/output.c:1098:12
    #13 0x137ee3f in zend_stack_apply_with_argument /home/yongheng/php_clean/Zend/zend_stack.c:133:9
    #14 0x11458cd in php_output_op /home/yongheng/php_clean/main/output.c:1055:4
    #15 0x1145588 in php_output_write /home/yongheng/php_clean/main/output.c:252:3
    #16 0x10e4f74 in php_printf /home/yongheng/php_clean/main/main.c:882:8
    #17 0x10ee3fc in php_error_cb /home/yongheng/php_clean/main/main.c:1328:7
    #18 0x138a644 in zend_error_impl /home/yongheng/php_clean/Zend/zend.c
    #19 0x138965c in zend_error_va_list /home/yongheng/php_clean/Zend/zend.c:1413:2
    #20 0x1389aef in zend_error /home/yongheng/php_clean/Zend/zend.c:1485:2
    #21 0x1537a6f in zval_undefined_cv /home/yongheng/php_clean/Zend/zend_execute.c:266:3
    #22 0x1537a6f in _zval_undefined_op2 /home/yongheng/php_clean/Zend/zend_execute.c:278
    #23 0x1537a6f in ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_CV_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:28766
    #24 0x152dd1d in ZEND_INIT_ARRAY_SPEC_VAR_CV_HANDLER /home/yongheng/php_clean/Zend/zend_vm_execute.h:28797:3
    #25 0x14307ff in execute_ex /home/yongheng/php_clean/Zend/zend_vm_execute.h:52020:7
    #26 0x1431214 in zend_execute /home/yongheng/php_clean/Zend/zend_vm_execute.h:56362:2
    #27 0x138d418 in zend_execute_scripts /home/yongheng/php_clean/Zend/zend.c:1667:4
    #28 0x10f0cf9 in php_execute_script /home/yongheng/php_clean/main/main.c:2537:14
    #29 0x179c8af in do_cli /home/yongheng/php_clean/sapi/cli/php_cli.c:951:5
    #30 0x1798c9f in main /home/yongheng/php_clean/sapi/cli/php_cli.c:1349:18
    #31 0x7fe2f4173b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #32 0x43fa49 in _start (/home/yongheng/php_clean/bld/sapi/cli/php+0x43fa49)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/yongheng/php_clean/Zend/zend_alloc.c:1255:33 in zend_mm_alloc_small
==105525==ABORTING
---

Test script:
---------------
<?
a  ( ob_start ( function () {
    a ( array_pop ( $GLOBALS  )   )   ;
}
, 20 ) )  ;

function a () {
    array (   $b => & $_REQUEST   ) ;
}
ob_start ( function () {
    getenv ()     ;
}, 20 ) -> c  = a () ;


Patches

Pull Requests

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 12:01:27 2024 UTC