Freeing a phar alias may invalidate PharFileInfo objects #20302
Description
Description
The following code:
<?php
$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar';
$pname = 'phar://' . $fname;
$b = new PharFileInfo($pname . '/a/subdir/here');
require_once 'files/phar_oo_test.inc';
$phar = new Phar($fname);
{
var_dump($ent->getATime());
}Resulted in this output:
/home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_string.h:329:2: runtime error: member access within misaligned address 0x000000000106 for type 'zend_string' (aka 'struct _zend_string'), which requires 8 byte alignment
0x000000000106: note: pointer points here
<memory cannot be printed>
#0 0x34e7ea2 in zend_string_efree /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_string.h:329:2
#1 0x35075c8 in zim_PharFileInfo___destruct /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/phar/phar_object.c:4469:4
#2 0x5af4dbf in zend_call_function /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute_API.c:1028:4
#3 0x5afa84e in zend_call_known_function /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute_API.c:1109:23
#4 0x6789f84 in zend_call_known_instance_method /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_API.h:866:2
#5 0x678281b in zend_call_known_instance_method_with_0_params /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_API.h:872:2
#6 0x678139c in zend_objects_destroy_object /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_objects.c:170:3
#7 0x3e56af4 in spl_filesystem_object_destroy_object /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/spl/spl_directory.c:109:2
#8 0x677987a in zend_objects_store_del /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_objects_API.c:181:4
#9 0x6890767 in rc_dtor_func /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.c:57:2
#10 0x68909ee in i_zval_ptr_dtor /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.h:45:4
#11 0x68907a4 in zval_ptr_dtor /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.c:84:2
#12 0x63b10e1 in _zend_hash_del_el_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:1493:3
#13 0x63ae85d in _zend_hash_del_el /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:1520:2
#14 0x63c81a4 in zend_hash_reverse_apply /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:2236:5
#15 0x5ad035c in shutdown_destructors /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute_API.c:262:4
#16 0x68d94bb in zend_call_destructors /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1336:3
#17 0x50af9a3 in php_request_shutdown /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:1980:3
#18 0x6906b41 in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1158:3
#19 0x68fbb1f in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1362:18
#20 0x7962e22abd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#21 0x7962e22abe3f in __libc_start_main csu/../csu/libc-start.c:392:3
#22 0x606204 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x606204)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_string.h:329:2
To reproduce:
./php-src/sapi/cli/php -d "phar.require_hash=0" -d "phar.readonly=1" -d "opcache.enable=1" -d "opcache.enable_cli=1" -d "opcache.jit=1205" ./test.php
Commit:
f8656fae35d90f89f2cef6a32c7173aa0c6b27a8
Configurations:
CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv
Operating System:
Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest
This report is automatically generated by FlowFusion
PHP Version
nightly
Operating System
No response