Skip to content

SEGV Zend/zend_execute.c #18037

New issue
New issue
Closed
Closed
SEGV Zend/zend_execute.c#18037
Assignees
nielsdos
Labels
BugCategory: EngineCategory: JITExtension: opcacheStatus: Verified
@YuanchengJiang

Description

@YuanchengJiang
YuanchengJiang
opened on Mar 13, 2025

Description

The following code:

<?php
require __DIR__ . '/test_utils.inc';
$dom = DOM\XMLDocument::createFromString(<<<XML
<container>
</container>
XML);
test_helper($dom, '.only-of-type3 p:only-of-type');

Resulted in this output:

/home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute.c:2459:3: runtime error: member access within misaligned address 0x000042119bc9 for type 'zval' (aka 'struct _zval_struct'), which requires 8 byte alignment
0x000042119bc9: note: pointer points here
 00 00 00  d0 6c d0 04 00 00 00 00  60 00 00 00 01 00 00 00  50 00 00 00 00 00 00 00  1d 00 00 00 42
              ^ 
    #0 0x51965f6 in zend_invalid_method_call /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute.c:2459:3
    #1 0x4e4f2f4 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:44884:5
LLVMSymbolizer: error reading file: No such file or directory
    #2 0x48e6fd6b  (/dev/zero (deleted)+0x8000d6b)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute.c:2459:3 in

To reproduce:

./php-src/sapi/cli/php  -d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "opcache.jit=1201" -d "opcache.enable_cli=1" ./test.php

Commit:

cd586623b65c86b423883eda20411634e49084ba

Configurations:

CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv

Operating System:

Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest

This report is automatically generated by FlowFusion

PHP Version

cd58662

Operating System

No response

Metadata

Metadata

Assignees

Labels

BugCategory: EngineCategory: JITExtension: opcacheStatus: Verified

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions