PHP  
 PHP_HEAD
downloads | QA | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | my php.net 
 

Valgrind Report for sapi/phpdbg/tests/bug73794.phpt ('Bug #73794 (Crash (out of memory) when using run and # command separator)')

Script

1: <?php
2:
echo $argv[1];
3:
?>
4:

Report

==17617== Invalid write of size 1
==17617==    at 0x1331B02: phpdbg_do_run (phpdbg_prompt.c:904)
==17617==    by 0x135A5B6: phpdbg_internal_stack_execute (phpdbg_cmd.c:680)
==17617==    by 0x135A9C1: phpdbg_stack_execute (phpdbg_cmd.c:733)
==17617==    by 0x13362CF: phpdbg_interactive (phpdbg_prompt.c:1631)
==17617==    by 0x132228A: main (phpdbg.c:1996)
==17617==  Address 0x14f2b661 is 0 bytes after a block of size 1 alloc'd
==17617==    at 0x4C291FA: malloc (vg_replace_malloc.c:298)
==17617==    by 0x10542AB: __zend_malloc (zend_alloc.c:2811)
==17617==    by 0x10529C1: _emalloc (zend_alloc.c:2413)
==17617==    by 0x133148E: phpdbg_do_run (phpdbg_prompt.c:841)
==17617==    by 0x135A5B6: phpdbg_internal_stack_execute (phpdbg_cmd.c:680)
==17617==    by 0x135A9C1: phpdbg_stack_execute (phpdbg_cmd.c:733)
==17617==    by 0x13362CF: phpdbg_interactive (phpdbg_prompt.c:1631)
==17617==    by 0x132228A: main (phpdbg.c:1996)
==17617== 
==17617== Conditional jump or move depends on uninitialised value(s)
==17617==    at 0x4C2A868: __strlen_sse42 (vg_replace_strmem.c:462)
==17617==    by 0xFCC9A9: php_build_argv (php_variables.c:571)
==17617==    by 0x1331CD6: phpdbg_do_run (phpdbg_prompt.c:921)
==17617==    by 0x135A5B6: phpdbg_internal_stack_execute (phpdbg_cmd.c:680)
==17617==    by 0x135A9C1: phpdbg_stack_execute (phpdbg_cmd.c:733)
==17617==    by 0x13362CF: phpdbg_interactive (phpdbg_prompt.c:1631)
==17617==    by 0x132228A: main (phpdbg.c:1996)
==17617== 
==17617== Invalid read of size 1
==17617==    at 0x10948B1: zend_string_release (zend_string.h:289)
==17617==    by 0x10948B1: destroy_op_array (zend_opcode.c:399)
==17617==    by 0x1319C57: php_phpdbg_destroy_file_source (phpdbg.c:131)
==17617==    by 0x10EFD27: zend_hash_destroy (zend_hash.c:1254)
==17617==    by 0x1322E4D: main (phpdbg.c:2154)
==17617==  Address 0x14f29cc5 is 5 bytes inside a block of size 32 free'd
==17617==    at 0x4C28BD4: free (vg_replace_malloc.c:529)
==17617==    by 0x1366921: phpdbg_watch_efree (phpdbg_watch.c:1169)
==17617==    by 0x1052CE4: _efree (zend_alloc.c:2428)
==17617==    by 0x1138777: _str_dtor (zend_string.c:50)
==17617==    by 0x10EFC3E: zend_hash_destroy (zend_hash.c:1243)
==17617==    by 0x113991B: zend_interned_strings_deactivate (zend_string.c:199)
==17617==    by 0xFAB28A: php_request_shutdown (main.c:1928)
==17617==    by 0x13227FC: main (phpdbg.c:2093)
==17617==  Block was alloc'd at
==17617==    at 0x4C291FA: malloc (vg_replace_malloc.c:298)
==17617==    by 0x10542AB: __zend_malloc (zend_alloc.c:2811)
==17617==    by 0x10529C1: _emalloc (zend_alloc.c:2413)
==17617==    by 0x101A64A: zend_string_alloc (zend_string.h:134)
==17617==    by 0x101A64A: zend_string_init (zend_string.h:170)
==17617==    by 0x101A64A: lex_scan (zend_language_scanner.l:1869)
==17617==    by 0x105C4A2: zendlex (zend_compile.c:1721)
==17617==    by 0x1000A67: zendparse (zend_language_parser.c:4914)
==17617==    by 0x100C868: zend_compile (zend_language_scanner.l:585)
==17617==    by 0x100CC44: compile_file (zend_language_scanner.l:635)
==17617==    by 0xB7CA0A: phar_compile_file (phar.c:3320)
==17617==    by 0x134BC51: phpdbg_compile_file (phpdbg_list.c:274)
==17617==    by 0x134C166: phpdbg_init_compile_file (phpdbg_list.c:317)
==17617==    by 0x132FA04: phpdbg_compile (phpdbg_prompt.c:600)
==17617== 

 

Generated at Sun, 24 Sep 2017 15:32:56 +0000 (39 hours ago)

Copyright © 2005-2017 The PHP Group
All rights reserved.