Comments (1)
When disabling ZendMM with env USE_ZEND_ALLOC=0 sapi/cli/php -d zend_extension=$(pwd)/modules/opcache.so -d opcache.enable_cli=1 -d opcache.protect_memory=1 test.php
the Success message is printed and then a heap-use-after-free is reported:
Success=================================================================
==762731==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000032d24 at pc 0x55f490b42281 bp 0x7ffdde836800 sp 0x7ffdde8367f8
READ of size 4 at 0x606000032d24 thread T0
#0 0x55f490b42280 in zend_hash_release php-src/Zend/zend_hash.h:374:8
#1 0x55f490b4db7c in destroy_zend_class php-src/Zend/zend_opcode.c:500:8
#2 0x55f490cd5be5 in _zend_hash_del_el_ex php-src/Zend/zend_hash.c:1482:3
#3 0x55f490cd353d in _zend_hash_del_el php-src/Zend/zend_hash.c:1509:2
#4 0x55f490ce7ab1 in zend_hash_graceful_reverse_destroy php-src/Zend/zend_hash.c:2034:4
#5 0x55f490bdc7cf in compiler_globals_dtor php-src/Zend/zend.c:764:3
#6 0x55f4905a0d4c in ts_free_id php-src/TSRM/TSRM.c:560:8
#7 0x55f490bdffa6 in zend_shutdown php-src/Zend/zend.c:1173:2
#8 0x55f4905c2505 in php_module_shutdown php-src/main/main.c:2379:2
#9 0x55f491c01671 in main php-src/sapi/cli/php_cli.c:1353:3
#10 0x7f57a382814f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#11 0x7f57a3828208 in __libc_start_main csu/../csu/libc-start.c:360:3
#12 0x55f48e6033a4 in _start (php-src/sapi/cli/php+0x1c033a4) (BuildId: 95921ded0c1e297942d1485268c05dddd0a9385e)
0x606000032d24 is located 4 bytes inside of 56-byte region [0x606000032d20,0x606000032d58)
freed by thread T0 here:
#0 0x55f48e69dd4a in free (php-src/sapi/cli/php+0x1c9dd4a) (BuildId: 95921ded0c1e297942d1485268c05dddd0a9385e)
#1 0x55f4909823f3 in __zend_free php-src/Zend/zend_alloc.c:3115:2
#2 0x55f49098c3b6 in _efree php-src/Zend/zend_alloc.c:2596:3
#3 0x7f579d16b521 in _zend_shared_memdup php-src/ext/opcache/zend_shared_alloc.c:435:3
#4 0x7f579d16b567 in zend_shared_memdup_put_free php-src/ext/opcache/zend_shared_alloc.c:447:9
#5 0x7f579cfff5eb in zend_persist_attributes php-src/ext/opcache/zend_persist.c:308:19
#6 0x7f579cff74b0 in zend_persist_class_constant php-src/ext/opcache/zend_persist.c:843:19
#7 0x7f579cfc599c in zend_persist_class_entry php-src/ext/opcache/zend_persist.c:926:4
#8 0x7f579cf400a5 in zend_accel_inheritance_cache_add php-src/ext/opcache/ZendAccelerator.c:2420:23
#9 0x55f4916e8347 in zend_try_early_bind php-src/Zend/zend_inheritance.c:3430:13
#10 0x7f579d1782a4 in zend_accel_do_delayed_early_binding php-src/ext/opcache/zend_accelerator_util_funcs.c:362:11
#11 0x7f579d176743 in zend_accel_load_script php-src/ext/opcache/zend_accelerator_util_funcs.c:417:3
#12 0x7f579cf078e1 in persistent_compile_file php-src/ext/opcache/ZendAccelerator.c:2229:9
#13 0x55f490bf334c in zend_execute_script php-src/Zend/zend.c:1892:28
#14 0x55f4905c4668 in php_execute_script_ex php-src/main/main.c:2507:13
#15 0x55f4905c5718 in php_execute_script php-src/main/main.c:2547:9
#16 0x55f491c06053 in do_cli php-src/sapi/cli/php_cli.c:966:5
#17 0x55f491c01454 in main php-src/sapi/cli/php_cli.c:1340:18
#18 0x7f57a382814f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
previously allocated by thread T0 here:
#0 0x55f48e69dff2 in malloc (php-src/sapi/cli/php+0x1c9dff2) (BuildId: 95921ded0c1e297942d1485268c05dddd0a9385e)
#1 0x55f49098d583 in __zend_malloc php-src/Zend/zend_alloc.c:3087:14
#2 0x55f490d7c082 in zend_add_attribute php-src/Zend/zend_attributes.c:280:17
#3 0x55f4905438d1 in zend_add_class_constant_attribute php-src/Zend/zend_attributes.h:118:9
#4 0x55f49052d4b6 in register_class_ZendAttributeTest php-src/ext/zend_test/test_arginfo.h:704:2
#5 0x55f490525981 in zm_startup_zend_test php-src/ext/zend_test/test.c:1132:30
#6 0x55f490c32c4d in zend_startup_module_ex php-src/Zend/zend_API.c:2362:7
#7 0x55f490c37e61 in zend_startup_module_zval php-src/Zend/zend_API.c:2377:10
#8 0x55f490ce8ee4 in zend_hash_apply php-src/Zend/zend_hash.c:2080:13
#9 0x55f490c370bf in zend_startup_modules php-src/Zend/zend_API.c:2500:2
#10 0x55f4905b61bf in php_module_startup php-src/main/main.c:2222:2
#11 0x55f491c09bc8 in php_cli_startup php-src/sapi/cli/php_cli.c:410:9
#12 0x55f491c00cc7 in main php-src/sapi/cli/php_cli.c:1307:6
#13 0x7f57a382814f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: heap-use-after-free php-src/Zend/zend_hash.h:374:8 in zend_hash_release
Shadow bytes around the buggy address:
0x606000032a80: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
0x606000032b00: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 fa
0x606000032b80: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
0x606000032c00: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
0x606000032c80: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 fa
=>0x606000032d00: fa fa fa fa[fd]fd fd fd fd fd fd fa fa fa fa fa
0x606000032d80: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x606000032e00: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x606000032e80: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x606000032f00: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
0x606000032f80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==762731==ABORTING
from php-src.
Related Issues (20)
- ZEND_MOD_CONFLICTS doesn't work
- Scalar Type Casting Magic Methods HOT 2
- openssl_dh_compute_key() silently fails for ECDH HOT 2
- Signed Integer Overflow in ext/date/lib/parse_posix.c
- Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c HOT 2
- Heap hardening HOT 7
- mail() breaks quoted_printable_encode()d subject
- Extend Reflection to expose import statements HOT 3
- For iterate over letters strange behavior HOT 6
- Regression - php.ini spelling mistake HOT 2
- curl segfault HOT 9
- Add SO_LINGER option for streams HOT 1
- pcntl_fork children are utilizing just a single core on FreeBSD 13.3+ HOT 5
- Set declare(strict_types=1) as Default Behavior
- Segmentation fault on unknown address 0x0001ffff8041 with XML extension under certain memory limit HOT 2
- Unpacking via list() produces NULLs in foreach HOT 1
- Floating point bug in range operation on Apple Silicon hardware HOT 12
- Phar timestamp is 32-bit
- DateTime with Timezone have different timestamps for End of Year. Only on certain years and time zones HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-src.