Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Member access within misaligned address in zend_alloc.c #13998

Closed
YuanchengJiang opened this issue Apr 18, 2024 · 1 comment
Closed

Member access within misaligned address in zend_alloc.c #13998

YuanchengJiang opened this issue Apr 18, 2024 · 1 comment
Assignees
@SakiTakamachi
Labels
Bug Extension: pdo_sqlite Status: Needs Triage

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
$db = new PdoSqlite('sqlite::memory:');
$db->query('CREATE TABLE test_pdo_sqlite_createaggregate_trampoline (a INTEGER, b INTEGER)');
$stmt = $db->query('INSERT INTO test_pdo_sqlite_createaggregate_trampoline VALUES (1, -1), (2, -2), (3, -3), (4, -4), (4, -4)');
class TrampolineTest {
    public function __call(string $name, array $arguments) {
        echo 'Trampoline for ', $name, PHP_EOL;
        $context = $GLOBALS[array_rand($GLOBALS)]; // $arguments[0];
        if ($name === 'finalize') {
            return implode(',', $context['values']);
        }
        if (empty($context)) {
            $context = $GLOBALS[array_rand($GLOBALS)]; // ['total' => 0, 'values' => []];
        }
        $context['total'] += (int) $arguments[2];
        $context['values'][] = $context['total'];
        return $context;
    }
}
var_dump($db->createAggregate('S', [new TrampolineTest(), 'step'], [new TrampolineTest(), 'finalize'], 1));
foreach ($db->query('SELECT S(a), S(b) FROM test_pdo_sqlite_createaggregate_trampoline') as $row) {
}
?>

Resulted in this output:

/php-src/Zend/zend_alloc.c:1314:33: runtime error: member access within misaligned address 0x7fc3ad6015fc for type 'zend_mm_free_slot' (aka 'struct _zend_mm_free_slot'), which requires 8 byte alignment
0x7fc3ad6015fc: note: pointer points here
  b0 00 00 00 00 00 00 00  fb 14 60 ad c3 7f 00 00  00 00 00 00 00 00 00 00  01 00 00 00 00 00 00 00
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/Zend/zend_alloc.c:1314:33 in

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04
@SakiTakamachi SakiTakamachi self-assigned this Apr 19, 2024
@SakiTakamachi
Copy link
Member

I was able to determine the cause this morning.
I'll create a corrected PR for this tonight, but may consult other members to see if the approach is correct.

@SakiTakamachi SakiTakamachi mentioned this issue Apr 19, 2024
Closed
SakiTakamachi added a commit that referenced this issue Apr 20, 2024
@SakiTakamachi
Merge branch 'PHP-8.2' into PHP-8.3
4306416 
* PHP-8.2:
  Fix GH-13998: Manage refcount of agg_context->val correctly (#14004)
SakiTakamachi added a commit that referenced this issue Apr 20, 2024
@SakiTakamachi
Merge branch 'PHP-8.3'
3e3875c 
* PHP-8.3:
  Fix GH-13998: Manage refcount of agg_context->val correctly (#14004)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SakiTakamachi SakiTakamachi

Labels
Bug Extension: pdo_sqlite Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-13998: Manage refcount of agg_context->val correctly SakiTakamachi/php-src
2 participants
@SakiTakamachi @YuanchengJiang