Closed
Description
Description
The following code:
<?php
class C {
function __serialize() {
global $q;
msg_remove_queue($q);
}
}
$q = msg_get_queue(1);
msg_send($q, 1, new C, true);Resulted in this output:
=================================================================
==955667==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x5640039a5019 bp 0x7fff8bff8450 sp 0x7fff8bff8200 T0)
==955667==The signal is caused by a READ memory access.
==955667==Hint: address points to the zero page.
#0 0x5640039a5019 in zif_msg_send /tmp/php-asan/ext/sysvmsg/sysvmsg.c:375:19
#1 0x564003f4ebc2 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /tmp/php-asan/Zend/zend_vm_execute.h:1299:2
#2 0x564003db183d in execute_ex /tmp/php-asan/Zend/zend_vm_execute.h:58565:7
#3 0x564003db2067 in zend_execute /tmp/php-asan/Zend/zend_vm_execute.h:64217:2
#4 0x5640041e6860 in zend_execute_script /tmp/php-asan/Zend/zend.c:1932:3
#5 0x564003a04d2b in php_execute_script_ex /tmp/php-asan/main/main.c:2574:13
#6 0x564003a05228 in php_execute_script /tmp/php-asan/main/main.c:2614:9
#7 0x5640041ee309 in do_cli /tmp/php-asan/sapi/cli/php_cli.c:935:5
#8 0x5640041eb32c in main /tmp/php-asan/sapi/cli/php_cli.c:1310:18
#9 0x7f32c4a29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#10 0x7f32c4a29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#11 0x564002c02de4 in _start (/workspaces/TriFuzz/targets/php-asan/bin/php+0x402de4)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/php-asan/ext/sysvmsg/sysvmsg.c:375:19 in zif_msg_send
==955667==ABORTING
But I expected this output instead:
PHP Version
PHP 8.5.0-dev
Operating System
No response