|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2021-08-19 09:11 UTC] m dot volkov at npo-echelon dot ru
Description:
------------
Good afternoon. Fuzzing version 8.1 using AFL. At the moment I have found 9 crashes, all of them cause Segmentation Fault. I did not find any reports about them in the bug reports, so I decided to write, maybe this will help make the PCP safer. In the example below, I indicated one of the cases.
Test script:
---------------
--TEST--
ZE2 __toString() in __destruct
--FILE--
<?php
class Test
{
function __toString()
{
return "Hel echo $this;
}
lo\n";
}
function __destruct()
{
echo $this;
}
}
$o = new Test;
$o = NULL;
$o = new Test;
?>
====DONE====
--E=
Hello
Expected result:
----------------
exception
Actual result:
--------------
segmentation fault
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 12:01:29 2024 UTC |
Simplified reproducer: <?php class Test { function __toString() { return "$this"; } } $o = new Test; echo $o; ?> This causes a stack overflow due to infinite recursion, and is basically a duplicate of bug #64196. Note that we do not classify this as security issue, because such code is not supposed to ever run in production. See also our security classification[1]. [1] <https://wiki.php.net/security>