Closed
Description
Description
The following code:
<?php
function varToString($var) {
$allInternalFunctions = array_filter($allInternalFunctions, function($func) {
});
}
class Test {
public string $prop {
set => strtoupper($value);
}
}
$test = new Test();
var_dump($test);
$script1_dataflow = $test;
define("MAX_64Bit", 9223372036854775807);
define("MAX_32Bit", 2147483647);
$otherVals = array(0, 1, -1, 7, 9, 65, -44, MAX_32Bit, MAX_64Bit);
foreach ($script1_dataflow as $longVal) {
}
$GLOBALS[array_rand($GLOBALS)];Resulted in this output:
object(Test)#1 (0) {
["prop"]=>
uninitialized(string)
}
zend_mm_heap corrupted
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2748747==ERROR: AddressSanitizer: SEGV on unknown address 0x03e80029f14b (pc 0x7f5e53e3275b bp 0x7ffd80e67b40 sp 0x7ffd80e67b28 T0)
==2748747==The signal is caused by a READ memory access.
#0 0x7f5e53e3275b in kill signal/../sysdeps/unix/syscall-template.S:120
#1 0x55601e5f997c in zend_mm_panic /php-src/Zend/zend_alloc.c:396:2
#2 0x55601e5f9cc4 in zend_mm_get_next_free_slot /php-src/Zend/zend_alloc.c:1326:4
#3 0x55601e6143fe in zend_mm_alloc_small /php-src/Zend/zend_alloc.c:1410:30
#4 0x55601e60446c in zend_mm_alloc_heap /php-src/Zend/zend_alloc.c:1488:9
#5 0x55601e60942d in _emalloc /php-src/Zend/zend_alloc.c:2740:9
#6 0x55601f0aa586 in zend_array_dup /php-src/Zend/zend_hash.c:2442:2
#7 0x55601f0f3274 in zend_proptable_to_symtable /php-src/Zend/zend_hash.c:3378:10
#8 0x55601ef22b03 in ZEND_FETCH_GLOBALS_SPEC_UNUSED_UNUSED_HANDLER /php-src/Zend/zend_vm_execute.h:37990:2
#9 0x55601e95c367 in execute_ex /php-src/Zend/zend_vm_execute.h:58354:7
#10 0x55601e95d842 in zend_execute /php-src/Zend/zend_vm_execute.h:64011:2
#11 0x55601f4568c8 in zend_execute_script /php-src/Zend/zend.c:1913:3
#12 0x55601e02fa66 in php_execute_script_ex /php-src/main/main.c:2535:13
#13 0x55601e030308 in php_execute_script /php-src/main/main.c:2575:9
#14 0x55601f464751 in do_cli /php-src/sapi/cli/php_cli.c:956:5
#15 0x55601f460132 in main /php-src/sapi/cli/php_cli.c:1330:18
#16 0x7f5e53e19d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#17 0x7f5e53e19e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#18 0x55601c203244 in _start (/php-src/sapi/cli/php+0x1c03244) (BuildId: a3f352b0e3ffe50fe5e98f224f5aa945ea1a2fc4)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV signal/../sysdeps/unix/syscall-template.S:120 in kill
==2748747==ABORTING
/php-src/Zend/zend_ini.c:55:17: runtime error: member access within misaligned address 0x000000000001 for type 'zend_ini_entry' (aka 'struct _zend_ini_entry'), which requires 8 byte alignment
0x000000000001: note: pointer points here
<memory cannot be printed>
PHP Version
PHP 8.4.0-dev
Operating System
ubuntu 22.04