PHP  
 PHP_7_2
downloads | QA | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | my php.net 
 

Valgrind Report for sapi/phpdbg/tests/bug73794.phpt ('Bug #73794 (Crash (out of memory) when using run and # command separator)')

Script

1: <?php
2:
echo $argv[1];
3:
?>
4:

Report

==23974== Invalid write of size 1
==23974==    at 0x13B8FD8: phpdbg_do_run (phpdbg_prompt.c:904)
==23974==    by 0x13E2B01: phpdbg_internal_stack_execute (phpdbg_cmd.c:680)
==23974==    by 0x13E2F20: phpdbg_stack_execute (phpdbg_cmd.c:733)
==23974==    by 0x13BD747: phpdbg_interactive (phpdbg_prompt.c:1635)
==23974==    by 0x13A9574: main (phpdbg.c:2001)
==23974==  Address 0x15b43a71 is 0 bytes after a block of size 1 alloc'd
==23974==    at 0x4C291FA: malloc (vg_replace_malloc.c:298)
==23974==    by 0x10B5D87: __zend_malloc (zend_alloc.c:2835)
==23974==    by 0x10B4507: _emalloc (zend_alloc.c:2436)
==23974==    by 0x13B894A: phpdbg_do_run (phpdbg_prompt.c:841)
==23974==    by 0x13E2B01: phpdbg_internal_stack_execute (phpdbg_cmd.c:680)
==23974==    by 0x13E2F20: phpdbg_stack_execute (phpdbg_cmd.c:733)
==23974==    by 0x13BD747: phpdbg_interactive (phpdbg_prompt.c:1635)
==23974==    by 0x13A9574: main (phpdbg.c:2001)
==23974== 
==23974== Conditional jump or move depends on uninitialised value(s)
==23974==    at 0x4C2A868: __strlen_sse42 (vg_replace_strmem.c:462)
==23974==    by 0x103015B: php_build_argv (php_variables.c:573)
==23974==    by 0x13B91AC: phpdbg_do_run (phpdbg_prompt.c:921)
==23974==    by 0x13E2B01: phpdbg_internal_stack_execute (phpdbg_cmd.c:680)
==23974==    by 0x13E2F20: phpdbg_stack_execute (phpdbg_cmd.c:733)
==23974==    by 0x13BD747: phpdbg_interactive (phpdbg_prompt.c:1635)
==23974==    by 0x13A9574: main (phpdbg.c:2001)
==23974== 
==23974== Invalid read of size 1
==23974==    at 0x10F967B: zend_string_release (zend_string.h:289)
==23974==    by 0x10F967B: destroy_op_array (zend_opcode.c:399)
==23974==    by 0x13A1116: php_phpdbg_destroy_file_source (phpdbg.c:131)
==23974==    by 0x11552BC: zend_hash_destroy (zend_hash.c:1247)
==23974==    by 0x13AA1F1: main (phpdbg.c:2159)
==23974==  Address 0x15b41f35 is 5 bytes inside a block of size 32 free'd
==23974==    at 0x4C28BD4: free (vg_replace_malloc.c:529)
==23974==    by 0x13EEFAF: phpdbg_watch_efree (phpdbg_watch.c:1169)
==23974==    by 0x10B4821: _efree (zend_alloc.c:2451)
==23974==    by 0x119EB59: _str_dtor (zend_string.c:50)
==23974==    by 0x11551D3: zend_hash_destroy (zend_hash.c:1236)
==23974==    by 0x119FCCF: zend_interned_strings_deactivate (zend_string.c:205)
==23974==    by 0x100F3B4: php_request_shutdown (main.c:1925)
==23974==    by 0x13A9AE4: main (phpdbg.c:2098)
==23974==  Block was alloc'd at
==23974==    at 0x4C291FA: malloc (vg_replace_malloc.c:298)
==23974==    by 0x10B5D87: __zend_malloc (zend_alloc.c:2835)
==23974==    by 0x10B4507: _emalloc (zend_alloc.c:2436)
==23974==    by 0x107675A: zend_string_alloc (zend_string.h:134)
==23974==    by 0x107675A: zend_string_init (zend_string.h:170)
==23974==    by 0x107675A: lex_scan (zend_language_scanner.l:1870)
==23974==    by 0x10BE38B: zendlex (zend_compile.c:1728)
==23974==    by 0x10639F6: zendparse (zend_language_parser.c:4222)
==23974==    by 0x106F2C5: zend_compile (zend_language_scanner.l:586)
==23974==    by 0x106F6A9: compile_file (zend_language_scanner.l:636)
==23974==    by 0xBA64BB: phar_compile_file (phar.c:3333)
==23974==    by 0x13D3A3A: phpdbg_compile_file (phpdbg_list.c:257)
==23974==    by 0x13D4072: phpdbg_init_compile_file (phpdbg_list.c:305)
==23974==    by 0x13B6D75: phpdbg_compile (phpdbg_prompt.c:600)
==23974== 

 

Generated at Fri, 22 May 2020 15:51:44 +0000 (2 days ago)

Copyright © 2005-2020 The PHP Group
All rights reserved.