Closed
Description
Description
The following code:
<?php
$dom = DOM\XMLDocument::createFromString('<root class="A B C"/>');
$element = $dom->documentElement;
$list = $element->classList;
$list->replace('A', 'AA');
$fusion = $list;
require(__DIR__ . "/run_bcmath_tests_function.inc");
$exponents = ["252", "-112"];
$baseNumbers = array_merge($exponents, [
]);
run_bcmath_tests($baseNumbers, $fusion, "**", bcpow(...));you need: run_bcmath_tests_function.inc
Resulted in this output:
Number "252" (scale 0)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1257793==ERROR: AddressSanitizer: SEGV on unknown address 0x000040fc5f58 (pc 0x000003f51e0a bp 0x7fffc34e07f0 sp 0x7fffc34e07d0 T0)
==1257793==The signal is caused by a WRITE memory access.
#0 0x3f51e0a in zend_gc_addref /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_types.h:1330:9
#1 0x469be7f in zval_addref_p /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_types.h:1379:9
#2 0x46b88a0 in zend_copy_to_variable /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute.h:150:4
#3 0x46b8040 in zend_assign_to_variable /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute.h:184:2
#4 0x46f2621 in zend_fe_fetch_object_helper_SPEC /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:3006:3
#5 0x42f86ae in ZEND_FE_FETCH_R_SPEC_VAR_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:23013:3
#6 0x3f826f7 in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:58595:7
#7 0x3f8497c in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:64247:2
#8 0x4d1b689 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1934:3
#9 0x352fd9a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2577:13
#10 0x3530ed8 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2617:9
#11 0x4d2f99a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:938:5
#12 0x4d29e7f in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1313:18
#13 0x7f8b43fa1d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#14 0x7f8b43fa1e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#15 0x605934 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x605934)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_types.h:1330:9 in zend_gc_addref
==1257793==ABORTING
To reproduce:
-d "opcache.protect_memory=1" -d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "opcache.enable_cli=1"
PHP Version
nightly
Operating System
No response