Description
The following code:
<?php
class Logger {
public function __construct() {
register_shutdown_function(function () {
$this->flush();
register_shutdown_function([$this, 'flush'], true);
});
}
public function flush($final = false) {
}
}
for ($i = 0; $i < 200; $script1_dataflow++) {
$a = new Logger();
}
var_fusion($script1_connect, $script2_connect, $random_var);Resulted in this output:
/php-src/ext/standard/basic_functions.c:1586:55: runtime error: member access within null pointer of type 'php_shutdown_function_entry' (aka 'struct _php_shutdown_function_entry')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/standard/basic_functions.c:1586:55
Valgrind result:
==789315== Invalid read of size 8
==789315== at 0x82F69C: zend_fcall_info_args_clear (zend_API.c:4216)
==789315== by 0x680D12: user_shutdown_function_dtor (basic_functions.c:1586)
==789315== by 0x83A3AB: zend_hash_destroy (zend_hash.c:1736)
==789315== by 0x681112: php_free_shutdown_functions (basic_functions.c:1678)
==789315== by 0x76B949: php_request_shutdown (main.c:1873)
==789315== by 0x9AA0E3: do_cli (php_cli.c:1136)
==789315== by 0x9AA5F0: main (php_cli.c:1340)
==789315== Address 0x20 is not stack'd, malloc'd or (recently) free'd
PHP Version
PHP 8.4.0-dev
Operating System
ubuntu 22.04
Description
The following code:
Resulted in this output:
Valgrind result:
PHP Version
PHP 8.4.0-dev
Operating System
ubuntu 22.04