
	PHP_5_4
	downloads \| QA \| documentation \| faq \| getting help \| mailing lists \| reporting bugs \| php.net sites \| links \| my php.net

Valgrind Report for ext/date/tests/bug53437.phpt ('Bug #53437 (Crash when using unserialized DatePeriod instance)')

Script


<?php
2: $dp = new DatePeriod(new DateTime('2010-01-01 UTC'), new DateInterval('P1D'), 2);
3: 
4: echo "Original:\r\n";
5: foreach($dp as $dt) {
6:         echo $dt->format('Y-m-d H:i:s')."\r\n";
7: }
8: echo "\r\n";
9: var_dump($dp);
10: 
11: $ser = serialize($dp); // $ser is: O:10:"DatePeriod":0:{}
12: 
13: // Create dangerous instance
14: $dpu = unserialize($ser); // $dpu has invalid values???
15: var_dump($dpu);
16: 
17: echo "Unserialized:\r\n";
18: // ???which leads to CRASH:
19: foreach($dpu as $dt) {
20:         echo $dt->format('Y-m-d H:i:s')."\r\n";
21: }
22: ?>
23:

Report

==28128== Invalid read of size 8
==28128==    at 0x4C29C6C: memcpy (mc_replace_strmem.c:878)
==28128==    by 0x4AFD9E: timelib_time_clone (timelib.c:52)
==28128==    by 0x445BCA: date_period_it_rewind (php_date.c:1875)
==28128==    by 0xEF05E9: ZEND_FE_RESET_SPEC_CV_HANDLER (zend_vm_execute.h:27531)
==28128==    by 0xDD33CC: execute (zend_vm_execute.h:410)
==28128==    by 0xD77F06: zend_execute_scripts (zend.c:1315)
==28128==    by 0xCAA557: php_execute_script (main.c:2494)
==28128==    by 0xF45C87: do_cli (php_cli.c:988)
==28128==    by 0xF472C4: main (php_cli.c:1364)
==28128==  Address 0xe0 is not stack'd, malloc'd or (recently) free'd
==28128== 
==28128== 
==28128== Process terminating with default action of signal 11 (SIGSEGV)
==28128==  Access not within mapped region at address 0xE0
==28128==    at 0x4C29C6C: memcpy (mc_replace_strmem.c:878)
==28128==    by 0x4AFD9E: timelib_time_clone (timelib.c:52)
==28128==    by 0x445BCA: date_period_it_rewind (php_date.c:1875)
==28128==    by 0xEF05E9: ZEND_FE_RESET_SPEC_CV_HANDLER (zend_vm_execute.h:27531)
==28128==    by 0xDD33CC: execute (zend_vm_execute.h:410)
==28128==    by 0xD77F06: zend_execute_scripts (zend.c:1315)
==28128==    by 0xCAA557: php_execute_script (main.c:2494)
==28128==    by 0xF45C87: do_cli (php_cli.c:988)
==28128==    by 0xF472C4: main (php_cli.c:1364)
==28128==  If you believe this happened as a result of a stack
==28128==  overflow in your program's main thread (unlikely but
==28128==  possible), you can try to increase the size of the
==28128==  main thread stack using the --main-stacksize= flag.
==28128==  The main thread stack size used in this run was 33554432.

Generated at Tue, 21 May 2013 17:04:51 +0000 (2 days ago)