SEGV ext bz2 #19810
Description
Description
The following code:
<?php
$functions = [
'bool' => function (bool $b) { return $b; }
];
$values = [
STDERR,
];
foreach ($functions as $type => $function) {
foreach ($values as $value) {
}
}
$fusion = $value;
$bz = bzopen($fusion, "r");
print bzread($bz);Resulted in this output:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2241124==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000013e8 (pc 0x7a5f896833d8 bp 0x7fffa03a60d0 sp 0x7fffa03a6020 T0)
==2241124==The signal is caused by a READ memory access.
#0 0x7a5f896833d8 in BZ2_bzread (/lib/x86_64-linux-gnu/libbz2.so.1.0+0xe3d8)
#1 0xeb34a0 in php_bz2iop_read /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/bz2/bz2.c:77:15
#2 0x51be7f5 in _php_stream_fill_read_buffer /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/streams.c:692:15
#3 0x51c07d0 in _php_stream_read /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/streams.c:755:8
#4 0x51c13b5 in php_stream_read_to_str /home/phpfuzz/WorkSpace/flowfusion/php-src/main/streams/streams.c:803:17
#5 0xeb5b9c in zif_bzread /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/bz2/bz2.c:321:9
#6 0x600de6f in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:1417:2
#7 0x5b29c03 in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:115598:12
#8 0x5b2c18c in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:121310:2
#9 0x68ac7e9 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1977:3
#10 0x508e2ba in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2638:13
#11 0x508f3f8 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2678:9
#12 0x68c16fa in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:951:5
#13 0x68bbadf in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1362:18
#14 0x7a5f889b2d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#15 0x7a5f889b2e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#16 0x6061f4 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6061f4)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libbz2.so.1.0+0xe3d8) in BZ2_bzread
==2241124==ABORTING
To reproduce:
./php-src/sapi/cli/php ./test.php
Commit:
3e9caf5338a41771d4f93f926db501366d9d7321
Configurations:
CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv
Operating System:
Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest
This report is automatically generated by FlowFusion
PHP Version
3e9caf5338a41771d4f93f926db501366d9d7321
Operating System
No response