SEGV on unknown address zif_xml_parse
| Bug #72085 | SEGV on unknown address zif_xml_parse | ||||
|---|---|---|---|---|---|
| Submitted: | 2016-04-23 04:07 UTC | Modified: | 2016-08-16 23:26 UTC | ||
| From: | fernando at null-life dot com | Assigned: | cmb (profile) | ||
| Status: | Closed | Package: | *XML functions | ||
| PHP Version: | 5.6.20 | OS: | Linux | ||
| Private report: | No | CVE-ID: | None | ||
[2016-04-23 04:07 UTC] fernando at null-life dot com
Description:
------------
Run attached script test with ASAN
Test script:
---------------
<?php
$var1=xml_parser_create_ns();
xml_set_element_handler($var1, new Exception(""), 4096);
xml_parse($var1, str_repeat("<a>", 10));
Expected result:
----------------
No complains from asan
Actual result:
--------------
Warning: Invalid callback exception 'Exception' in /ramdisk/22/xmlparse.php:5
Stack trace:
#0 {main}, no array or string given in /ramdisk/22/xmlparse.php on line 6
ASAN:SIGSEGV
=================================================================
==24991==ERROR: AddressSanitizer: SEGV on unknown address 0x00000005 (pc 0x094dd093 bp 0xb3f4a3e4 sp 0xbff2e810 T0)
#0 0x94dd092 in zend_hash_index_find /home/fmunozs/phpgit/php56/Zend/zend_hash.c:942
#1 0x90e7c39 in xml_call_handler /home/fmunozs/phpgit/php56/ext/xml/xml.c:538
#2 0x90e7c39 in _xml_startElementHandler /home/fmunozs/phpgit/php56/ext/xml/xml.c:802
#3 0x90ffd67 in _start_element_handler_ns /home/fmunozs/phpgit/php56/ext/xml/compat.c:190
#4 0xb6f6e1a7 (/usr/lib/i386-linux-gnu/libxml2.so.2+0x3a1a7)
#5 0xb6f785f0 (/usr/lib/i386-linux-gnu/libxml2.so.2+0x445f0)
#6 0xb6f79f62 in xmlParseChunk (/usr/lib/i386-linux-gnu/libxml2.so.2+0x45f62)
#7 0x9102a2b in php_XML_Parse /home/fmunozs/phpgit/php56/ext/xml/compat.c:605
#8 0x90dee1e in zif_xml_parse /home/fmunozs/phpgit/php56/ext/xml/xml.c:1454
#9 0x9a7c718 in zend_do_fcall_common_helper_SPEC /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:558
#10 0x9640316 in execute_ex /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:363
#11 0x9a6c9c8 in zend_execute /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:388
#12 0x9470b59 in zend_execute_scripts /home/fmunozs/phpgit/php56/Zend/zend.c:1341
#13 0x91acc6b in php_execute_script /home/fmunozs/phpgit/php56/main/main.c:2613
#14 0x9a8648a in do_cli /home/fmunozs/phpgit/php56/sapi/cli/php_cli.c:994
#15 0x808a502 in main /home/fmunozs/phpgit/php56/sapi/cli/php_cli.c:1378
#16 0xb6d97645 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18645)
#17 0x808aaba (/home/fmunozs/phpgit/php56/sapi/cli/php+0x808aaba)
AddressSanitizer can not provide additional info.
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2016-08-16 22:22 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
[2016-08-16 22:22 UTC] cmb@php.net
-Summary: AddressSanitizer: SEGV on unknown address zif_xml_parse +Summary: SEGV on unknown address zif_xml_parse
[2016-08-16 23:26 UTC] cmb@php.net
-Status: Verified +Status: Closed