Closed
Description
Description
The following code:
<?php
class Extended_Class {};
new Extended_Class( array() );Resulted in this output:
=================================================================
==3946231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55e48cbed9e8 at pc 0x55e489df6664 bp 0x7ffe0382d760 sp 0x7ffe0382d758
READ of size 8 at 0x55e48cbed9e8 thread T0
#0 0x55e489df6663 in zend_test_execute_internal /php-src/ext/zend_test/observer.c:292:89
#1 0x55e48ab409bf in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /php-src/Zend/zend_vm_execute.h:1921:4
#2 0x55e48a886303 in execute_ex /php-src/Zend/zend_vm_execute.h:58565:7
#3 0x55e48a888462 in zend_execute /php-src/Zend/zend_vm_execute.h:64217:2
#4 0x55e48b5886e1 in zend_execute_script /php-src/Zend/zend.c:1928:3
#5 0x55e489e9a9d8 in php_execute_script_ex /php-src/main/main.c:2574:13
#6 0x55e489e9ba98 in php_execute_script /php-src/main/main.c:2614:9
#7 0x55e48b59be56 in do_cli /php-src/sapi/cli/php_cli.c:935:5
#8 0x55e48b596524 in main /php-src/sapi/cli/php_cli.c:1310:18
#9 0x7f47b0b3cd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#10 0x7f47b0b3ce3f in __libc_start_main csu/../csu/libc-start.c:392:3
#11 0x55e487403904 in _start (/php-src/sapi/cli/php+0x2403904) (BuildId: d9851980940e1525eb2e61068d0828e86059842d)
0x55e48cbed9e8 is located 24 bytes to the left of global variable 'zend_vm_init.labels' defined in '/php-src/Zend/zend_vm_execute.h:64225' (0x55e48cbeda00) of size 27896
0x55e48cbed9e8 is located 8 bytes to the right of global variable 'zend_pass_function' defined in '/php-src/Zend/zend_execute.c:141' (0x55e48cbed940) of size 160
SUMMARY: AddressSanitizer: global-buffer-overflow /php-src/ext/zend_test/observer.c:292:89 in zend_test_execute_internal
Shadow bytes around the buggy address:
0x0abd11975ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abd11975af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abd11975b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abd11975b10: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9
0x0abd11975b20: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0abd11975b30: 00 00 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9
0x0abd11975b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abd11975b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abd11975b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abd11975b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abd11975b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3946231==ABORTING
To reproduce:
-d "zend_test.observer.execute_internal=1"
PHP Version
PHP 8.4.0-dev
Operating System
ubuntu 22.04