php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79981 stream_socket_server cause crash with call_user_func_array
Submitted: 2020-08-16 08:19 UTC Modified: 2020-08-16 08:50 UTC
From: 1126774947 at qq dot com Assigned:
Status: Duplicate Package: Reproducible crash
PHP Version: 8.0.0beta1 OS: ubuntu 16.04
Private report: No CVE-ID: None
 [2020-08-16 08:19 UTC] 1126774947 at qq dot com
Description:
------------
stream_socket_server be called by call_user_func_array with wrong param and cause crash

Test script:
---------------
<?php
        call_user_func_array(stream_socket_server,["aa",false,true]);
?>

Actual result:
--------------
php > call_user_func_array(stream_socket_server,["aa",false,true]);

Warning: Use of undefined constant stream_socket_server - assumed 'stream_socket_server' (this will throw an Error in a future version of PHP) in php shell code on line 1

Warning: Parameter 2 to stream_socket_server() expected to be a reference, value given in php shell code on line 1

Warning: Parameter 3 to stream_socket_server() expected to be a reference, value given in php shell code on line 1
Segmentation fault (core dumped)


error info :php: /tmp/tmp/php-src/ext/standard/streamsfuncs.c:209: zif_stream_socket_server: Assertion(zval_get_type(&(*(zerrno))) == 10)' failed.`

backtrace

#0  zif_stream_socket_server (execute_data=0x7ffff3e15090, return_value=0x7fffffffa480) at /tmp/tmp/php-src/ext/standard/streamsfuncs.c:209

#1  0x00000000008af7f9 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at /tmp/tmp/php-src/Zend/zend_vm_execute.h:1618

#2  0x0000000000914c65 in execute_ex (ex=0x7ffff3e15020) at /tmp/tmp/php-src/Zend/zend_vm_execute.h:53824

#3  0x0000000000918d53 in zend_execute (op_array=0x7ffff3e03100, return_value=0x0) at /tmp/tmp/php-src/Zend/zend_vm_execute.h:57920

#4  0x000000000083be3c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/tmp/php-src/Zend/zend.c:1678

#5  0x000000000079cc72 in php_execute_script (primary_file=0x7fffffffca30) at /tmp/tmp/php-src/main/main.c:2621

#6  0x000000000092500a in php_cli_server_dispatch_script (server=0x141c320 <server>, client=0x156a5e0) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:2077

#7  0x0000000000925819 in php_cli_server_dispatch (server=0x141c320 <server>, client=0x156a5e0) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:2248

#8  0x00000000009261cc in php_cli_server_recv_event_read_request (server=0x141c320 <server>, client=0x156a5e0) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:2492

#9  0x00000000009265b1 in php_cli_server_do_event_for_each_fd_callback (_params=0x7fffffffcc90, fd=4, event=1) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:2578

#10 0x0000000000922138 in php_cli_server_poller_iter_on_active (poller=0x141c328 <server+8>, opaque=0x7fffffffcc90, callback=0x92635b <php_cli_server_do_event_for_each_fd_callback>) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:919

#11 0x0000000000926647 in php_cli_server_do_event_for_each_fd (server=0x141c320 <server>, rhandler=0x926064 <php_cli_server_recv_event_read_request>, whandler=0x926207 <php_cli_server_send_event>) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:2596

#12 0x00000000009266cf in php_cli_server_do_event_loop (server=0x141c320 <server>) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:2606

#13 0x0000000000926a7b in do_cli_server (argc=3, argv=0x1437cd0) at /tmp/tmp/php-src/sapi/cli/php_cli_server.c:2734

#14 0x000000000091ca7d in main (argc=3, argv=0x1437cd0) at /tmp/tmp/php-src/sapi/cli/php_cli.c:1362


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-16 08:50 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2020-08-16 08:50 UTC] requinix@php.net
Probably a duplicate of bug #79979.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 13:01:29 2024 UTC