Description
The following code:
<?php
try {
function &cb() {}
$file = __DIR__ . '/gh18907.zip';
$zip = new ZipArchive;
$zip->open($file, ZIPARCHIVE::CREATE);
$zip->registerCancelCallback(cb(...));
$zip->addFromString('test', 'test');
set_error_handler(function (int $errno, string $fusion, ?string $errfile = null, ?int $errline = null) {
throw new \ErrorException($errstr, 0, $errno, $errfile, $errline);
});
} catch (\Throwable $_ffl_e) {}Resulted in this output:
=================================================================
==822037==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x68077d in malloc (/home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/sapi/cli/php+0x68077d)
#1 0x7f8a776926f9 in zip_close (/lib/x86_64-linux-gnu/libzip.so.4+0xd6f9)
#2 0x64e07e5 in zend_objects_store_call_destructors /home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/Zend/zend_objects_API.c:55:7
#3 0x58c5119 in shutdown_destructors /home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/Zend/zend_execute_API.c:261:3
#4 0x66414eb in zend_call_destructors /home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/Zend/zend.c:1340:3
#5 0x4eb1f13 in php_request_shutdown /home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/main/main.c:1983:3
#6 0x666da26 in do_cli /home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/sapi/cli/php_cli.c:1166:3
#7 0x6662aef in main /home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/sapi/cli/php_cli.c:1370:18
#8 0x7f8a77465d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: 8 byte(s) leaked in 1 allocation(s).
To reproduce:
/home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/sapi/cli/php ./test.php
Commit:
3447c58de1002a2c0f831c6df0407cc835f5e96f
Configurations:
CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv
Operating System:
Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest
This bug was found by fusion-fuzz
PHP Version
Operating System
No response
Description
The following code:
Resulted in this output:
To reproduce:
Commit:
Configurations:
Operating System:
This bug was found by fusion-fuzz
PHP Version
Operating System
No response