php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79947 Memory leak on invalid offset type in compound assignment
Submitted: 2020-08-09 21:20 UTC Modified: 2020-08-10 08:07 UTC
From: changochen1 at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0Git-2020-08-09 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: changochen1 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-08-09 21:20 UTC] changochen1 at gmail dot com
Description:
------------
We found a bug that leads to memory leak in php interpreter. Here's the log:
---
~/php-src/bld/sapi/cli/php -f php_poc41.php

Warning: Undefined variable $b in /home/yongheng/php_commit/php_poc41.php on line 4

Fatal error: Uncaught TypeError: Illegal offset type in /home/yongheng/php_commit/php_poc41.php:4
Stack trace:
#0 {main}
  thrown in /home/yongheng/php_commit/php_poc41.php on line 4
[Sun Aug  9 17:17:48 2020]  Script:  '/home/yongheng/php_commit/php_poc41.php'
/home/yongheng/php-src/Zend/zend_hash.c(278) :  Freeing 0x00007fddefa58540 (56 bytes), script=/home/yongheng/php_commit/php_poc41.php
[Sun Aug  9 17:17:48 2020]  Script:  '/home/yongheng/php_commit/php_poc41.php'
/home/yongheng/php-src/Zend/zend_hash.c(153) :  Freeing 0x00007fddefa5c3c0 (264 bytes), script=/home/yongheng/php_commit/php_poc41.php
=== Total 2 memory leaks detected ===
---

Test script:
---------------
<?
$a = array () ;
try {
    $b [ $a ] -= array ( $a ) ;
}
catch ( c ) {  }


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-10 08:07 UTC] nikic@php.net
-Summary: Memory leak in zend_hash +Summary: Memory leak on invalid offset type in compound assignment -Assigned To: +Assigned To: nikic
 [2020-08-10 08:14 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2d087210ebb8adc06dcaca37b9d2dcb93ea2156c
Log: Fixed bug #79947
 [2020-08-10 08:14 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Dec 04 18:01:23 2020 UTC