Closed
Description
Description
The following code:
<?php
$cls = new SplTempFileObject();
$num = -1;
$cls->ftruncate($num);
Resulted in this output:
=================================================================
==2613696==ERROR: AddressSanitizer: negative-size-param: (size=-1)
#0 0x67fe49 in __asan_memset (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x67fe49)
#1 0x3630f10 in php_stream_memory_set_option /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/memory.c:244:7
#2 0x365e9ea in _php_stream_set_option /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/streams.c:1434:9
#3 0x3634a5e in php_stream_temp_set_option /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/memory.c:528:12
#4 0x365e9ea in _php_stream_set_option /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/streams.c:1434:9
#5 0x3668d5b in _php_stream_truncate_set_size /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/streams.c:1474:9
#6 0x2aad626 in zim_SplFileObject_ftruncate /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/spl/spl_directory.c:2694:2
#7 0x427b93e in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:1919:4
#8 0x3f9d527 in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:58595:7
#9 0x3f9f7ac in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:64247:2
#10 0x4d3bcd9 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1934:3
#11 0x353f27a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2577:13
#12 0x35403b8 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2617:9
#13 0x4d4ffea in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:938:5
#14 0x4d4a4cf in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1313:18
#15 0x7fcad9dd3d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#16 0x7fcad9dd3e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#17 0x605934 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x605934)
Address 0x7fcad36501d8 is a wild pointer.
SUMMARY: AddressSanitizer: negative-size-param (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x67fe49) in __asan_memset
==2613696==ABORTING
PHP Version
nightly
Operating System
No response