Closed
Description
Description
The following code:
<?php
$file = __DIR__ . DIRECTORY_SEPARATOR . 'bug66960.phar';
$phar = new Phar($file);
$phar->decompress();
try {ldap_get_values_len($fname,$fname,$phar);} catch (Exception $e) { echo($e); }Resulted in this output:
=================================================================
==2919611==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x000003b7a9f3 bp 0x7ffcd7e1b600 sp 0x7ffcd7e1b540 T0)
==2919611==The signal is caused by a READ memory access.
==2919611==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x3b7a9f3 in zend_mm_free_heap /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_alloc.c:1528:28
#1 0x3b80758 in _efree /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_alloc.c:2751:2
#2 0x21bc898 in phar_destroy_phar_data /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/phar/phar.c:198:3
#3 0x21bf3b6 in phar_archive_delref /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/phar/phar.c:255:4
#4 0x21a338c in phar_spl_foreign_dtor /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/phar/phar_object.c:1082:3
#5 0x2aa994a in spl_filesystem_object_free_storage /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/spl/spl_directory.c:144:3
#6 0x4baa881 in zend_objects_store_del /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_objects_API.c:194:4
#7 0x4cbb487 in rc_dtor_func /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.c:57:2
#8 0x4cbb70e in i_zval_ptr_dtor /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.h:45:4
#9 0x4cbb4c4 in zval_ptr_dtor /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.c:84:2
#10 0x47f1e21 in _zend_hash_del_el_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:1487:3
#11 0x47ef59d in _zend_hash_del_el /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:1514:2
#12 0x4808ee4 in zend_hash_reverse_apply /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:2230:5
#13 0x3eeae7c in shutdown_destructors /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute_API.c:262:4
#14 0x4d03c1b in zend_call_destructors /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1332:3
#15 0x35151e8 in php_request_shutdown /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:1914:3
#16 0x4d2c957 in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1109:3
#17 0x4d2380f in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1313:18
#18 0x7fe732450d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#19 0x7fe732450e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#20 0x605934 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x605934)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_alloc.c:1528:28 in zend_mm_free_heap
==2919611==ABORTING
To reproduce:
-d "phar.readonly=0"
Dependency: bug66960.phar
PHP Version
nightly
Operating System
ubuntu 22.04