Skip to content

Segmentation fault (jump to 0x0) in Zend/zend_vm_execute.h #14712

Closed
Closed
Segmentation fault (jump to 0x0) in Zend/zend_vm_execute.h#14712
Labels
BugCategory: EngineStatus: Needs TriageStatus: Verified

Description

@YuanchengJiang
YuanchengJiang
opened on Jun 29, 2024

Description

The following code:

<?php
$db = new PDO('sqlite::memory:');
$x = $db->query('select 1 as queryStringxx');
$y = $x->fetch(PDO::FETCH_LAZY);
$script1_dataflow = $y;
$script1_dataflow->documentElement->firstChild->nextElementSibling->textContent = "é";

Resulted in this output:

Segmentation fault (core dumped)

Valgrind:

==3394453== Jump to the invalid address stated on the next line
==3394453==    at 0x0: ???
==3394453==    by 0x9198EF: ZEND_FETCH_OBJ_W_SPEC_CV_CONST_HANDLER (zend_vm_execute.h:42165)
==3394453==    by 0x939D9D: execute_ex (zend_vm_execute.h:61971)
==3394453==    by 0x93AD56: zend_execute (zend_vm_execute.h:62962)
==3394453==    by 0x9D180A: zend_execute_script (zend.c:1906)
==3394453==    by 0x78AF30: php_execute_script_ex (main.c:2529)
==3394453==    by 0x78B0B6: php_execute_script (main.c:2569)
==3394453==    by 0x9D3C01: do_cli (php_cli.c:956)
==3394453==    by 0x9D494F: main (php_cli.c:1330)
==3394453==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

ASan:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==3387603==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000000000 bp 0x7ffe515cdc20 sp 0x7ffe515cd6b8 T0)
==3387603==Hint: pc points to the zero page.
==3387603==The signal is caused by a READ memory access.
==3387603==Hint: address points to the zero page.
    #0 0x0  (<unknown module>)
    #1 0x563474998418 in ZEND_FETCH_OBJ_W_SPEC_CV_CONST_HANDLER /php-src/Zend/zend_vm_execute.h:42165:2
    #2 0x56347464d2a7 in execute_ex /php-src/Zend/zend_vm_execute.h:57310:7
    #3 0x56347464e672 in zend_execute /php-src/Zend/zend_vm_execute.h:62962:2
    #4 0x5634750fe018 in zend_execute_script /php-src/Zend/zend.c:1906:3
    #5 0x563473d23956 in php_execute_script_ex /php-src/main/main.c:2529:13
    #6 0x563473d241f8 in php_execute_script /php-src/main/main.c:2569:9
    #7 0x56347510be91 in do_cli /php-src/sapi/cli/php_cli.c:956:5
    #8 0x563475107872 in main /php-src/sapi/cli/php_cli.c:1330:18
    #9 0x7f233fdbed8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>) 
==3387603==ABORTING

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugCategory: EngineStatus: Needs TriageStatus: Verified

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions