Giter Site home page Giter Site logo

Comments (1)

TimWolla avatar TimWolla commented on May 28, 2024

When disabling ZendMM with env USE_ZEND_ALLOC=0 sapi/cli/php -d zend_extension=$(pwd)/modules/opcache.so -d opcache.enable_cli=1 -d opcache.protect_memory=1 test.php the Success message is printed and then a heap-use-after-free is reported:

Success=================================================================
==762731==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000032d24 at pc 0x55f490b42281 bp 0x7ffdde836800 sp 0x7ffdde8367f8
READ of size 4 at 0x606000032d24 thread T0
    #0 0x55f490b42280 in zend_hash_release php-src/Zend/zend_hash.h:374:8
    #1 0x55f490b4db7c in destroy_zend_class php-src/Zend/zend_opcode.c:500:8
    #2 0x55f490cd5be5 in _zend_hash_del_el_ex php-src/Zend/zend_hash.c:1482:3
    #3 0x55f490cd353d in _zend_hash_del_el php-src/Zend/zend_hash.c:1509:2
    #4 0x55f490ce7ab1 in zend_hash_graceful_reverse_destroy php-src/Zend/zend_hash.c:2034:4
    #5 0x55f490bdc7cf in compiler_globals_dtor php-src/Zend/zend.c:764:3
    #6 0x55f4905a0d4c in ts_free_id php-src/TSRM/TSRM.c:560:8
    #7 0x55f490bdffa6 in zend_shutdown php-src/Zend/zend.c:1173:2
    #8 0x55f4905c2505 in php_module_shutdown php-src/main/main.c:2379:2
    #9 0x55f491c01671 in main php-src/sapi/cli/php_cli.c:1353:3
    #10 0x7f57a382814f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #11 0x7f57a3828208 in __libc_start_main csu/../csu/libc-start.c:360:3
    #12 0x55f48e6033a4 in _start (php-src/sapi/cli/php+0x1c033a4) (BuildId: 95921ded0c1e297942d1485268c05dddd0a9385e)

0x606000032d24 is located 4 bytes inside of 56-byte region [0x606000032d20,0x606000032d58)
freed by thread T0 here:
    #0 0x55f48e69dd4a in free (php-src/sapi/cli/php+0x1c9dd4a) (BuildId: 95921ded0c1e297942d1485268c05dddd0a9385e)
    #1 0x55f4909823f3 in __zend_free php-src/Zend/zend_alloc.c:3115:2
    #2 0x55f49098c3b6 in _efree php-src/Zend/zend_alloc.c:2596:3
    #3 0x7f579d16b521 in _zend_shared_memdup php-src/ext/opcache/zend_shared_alloc.c:435:3
    #4 0x7f579d16b567 in zend_shared_memdup_put_free php-src/ext/opcache/zend_shared_alloc.c:447:9
    #5 0x7f579cfff5eb in zend_persist_attributes php-src/ext/opcache/zend_persist.c:308:19
    #6 0x7f579cff74b0 in zend_persist_class_constant php-src/ext/opcache/zend_persist.c:843:19
    #7 0x7f579cfc599c in zend_persist_class_entry php-src/ext/opcache/zend_persist.c:926:4
    #8 0x7f579cf400a5 in zend_accel_inheritance_cache_add php-src/ext/opcache/ZendAccelerator.c:2420:23
    #9 0x55f4916e8347 in zend_try_early_bind php-src/Zend/zend_inheritance.c:3430:13
    #10 0x7f579d1782a4 in zend_accel_do_delayed_early_binding php-src/ext/opcache/zend_accelerator_util_funcs.c:362:11
    #11 0x7f579d176743 in zend_accel_load_script php-src/ext/opcache/zend_accelerator_util_funcs.c:417:3
    #12 0x7f579cf078e1 in persistent_compile_file php-src/ext/opcache/ZendAccelerator.c:2229:9
    #13 0x55f490bf334c in zend_execute_script php-src/Zend/zend.c:1892:28
    #14 0x55f4905c4668 in php_execute_script_ex php-src/main/main.c:2507:13
    #15 0x55f4905c5718 in php_execute_script php-src/main/main.c:2547:9
    #16 0x55f491c06053 in do_cli php-src/sapi/cli/php_cli.c:966:5
    #17 0x55f491c01454 in main php-src/sapi/cli/php_cli.c:1340:18
    #18 0x7f57a382814f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

previously allocated by thread T0 here:
    #0 0x55f48e69dff2 in malloc (php-src/sapi/cli/php+0x1c9dff2) (BuildId: 95921ded0c1e297942d1485268c05dddd0a9385e)
    #1 0x55f49098d583 in __zend_malloc php-src/Zend/zend_alloc.c:3087:14
    #2 0x55f490d7c082 in zend_add_attribute php-src/Zend/zend_attributes.c:280:17
    #3 0x55f4905438d1 in zend_add_class_constant_attribute php-src/Zend/zend_attributes.h:118:9
    #4 0x55f49052d4b6 in register_class_ZendAttributeTest php-src/ext/zend_test/test_arginfo.h:704:2
    #5 0x55f490525981 in zm_startup_zend_test php-src/ext/zend_test/test.c:1132:30
    #6 0x55f490c32c4d in zend_startup_module_ex php-src/Zend/zend_API.c:2362:7
    #7 0x55f490c37e61 in zend_startup_module_zval php-src/Zend/zend_API.c:2377:10
    #8 0x55f490ce8ee4 in zend_hash_apply php-src/Zend/zend_hash.c:2080:13
    #9 0x55f490c370bf in zend_startup_modules php-src/Zend/zend_API.c:2500:2
    #10 0x55f4905b61bf in php_module_startup php-src/main/main.c:2222:2
    #11 0x55f491c09bc8 in php_cli_startup php-src/sapi/cli/php_cli.c:410:9
    #12 0x55f491c00cc7 in main php-src/sapi/cli/php_cli.c:1307:6
    #13 0x7f57a382814f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-use-after-free php-src/Zend/zend_hash.h:374:8 in zend_hash_release
Shadow bytes around the buggy address:
  0x606000032a80: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x606000032b00: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 fa
  0x606000032b80: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
  0x606000032c00: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
  0x606000032c80: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 fa
=>0x606000032d00: fa fa fa fa[fd]fd fd fd fd fd fd fa fa fa fa fa
  0x606000032d80: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x606000032e00: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
  0x606000032e80: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
  0x606000032f00: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
  0x606000032f80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==762731==ABORTING

from php-src.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.