-
-
Save nikic/da147ac680c3f1fad9ee719885c5f536 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function gen() { | |
yield +$a; | |
+$a; | |
if ($a=1){ | |
@var_dump(yield from gen($a+1)); | |
} | |
} | |
function bar($gen) { | |
yield from $gen; | |
} | |
$gen=gen(); | |
$gens[]=bar($gen); | |
$gens[]=bar($gen); | |
do { | |
foreach ($gens as $g) { | |
var_dump($g->current()); | |
$g->next(); | |
} | |
} | |
while ($gens[0]->valid()); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
==1==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000018040 at pc 0x000000da05c2 bp 0x7ffd1beea420 sp 0x7ffd1beea418 | |
READ of size 4 at 0x612000018040 thread T0 | |
#0 0xda05c1 in zend_gc_addref php-src/Zend/zend_types.h:1160:9 | |
#1 0xd9efe5 in zend_generator_update_current php-src/Zend/zend_generators.c:701:5 | |
#2 0xda3620 in zend_generator_dtor_storage php-src/Zend/zend_generators.c:241:3 | |
#3 0xda3892 in zend_generator_dtor_storage php-src/Zend/zend_generators.c:236:4 | |
#4 0xdccad4 in zend_objects_store_call_destructors php-src/Zend/zend_objects_API.c:56:7 | |
#5 0xb8623a in shutdown_destructors php-src/Zend/zend_execute_API.c:248:3 | |
#6 0xbbdfdd in zend_call_destructors php-src/Zend/zend.c:1212:3 | |
#7 0xa718cb in php_request_shutdown php-src/main/main.c:1756:3 | |
#8 0xde5a92 in fuzzer_request_shutdown php-src/sapi/fuzzer/fuzzer-sapi.c:196:2 | |
#9 0xde6091 in fuzzer_do_request_from_buffer php-src/sapi/fuzzer/fuzzer-sapi.c:267:2 | |
#10 0xde542b in LLVMFuzzerTestOneInput php-src/sapi/fuzzer/fuzzer-execute.c:69:2 | |
#11 0x47ef01 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:595:15 | |
#12 0x469fd2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 | |
#13 0x47008e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:852:9 | |
#14 0x498072 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | |
#15 0x7f7b18a6682f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291 | |
#16 0x4452a8 in _start | |
0x612000018040 is located 0 bytes inside of 280-byte region [0x612000018040,0x612000018158) | |
freed by thread T0 here: | |
#0 0x547a32 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:127:3 | |
#1 0xb3ce24 in tracked_free php-src/Zend/zend_alloc.c:2748:2 | |
#2 0xb364c7 in _efree_custom php-src/Zend/zend_alloc.c:2427:3 | |
#3 0xb363d1 in _efree php-src/Zend/zend_alloc.c:2547:3 | |
#4 0xdcdbfc in zend_objects_store_del php-src/Zend/zend_objects_API.c:197:3 | |
#5 0xd9e1b4 in zend_object_release php-src/Zend/zend_objects_API.h:75:3 | |
#6 0xda3a01 in zend_generator_dtor_storage php-src/Zend/zend_generators.c:258:6 | |
#7 0xda3892 in zend_generator_dtor_storage php-src/Zend/zend_generators.c:236:4 | |
#8 0xdccad4 in zend_objects_store_call_destructors php-src/Zend/zend_objects_API.c:56:7 | |
#9 0xb8623a in shutdown_destructors php-src/Zend/zend_execute_API.c:248:3 | |
#10 0xbbdfdd in zend_call_destructors php-src/Zend/zend.c:1212:3 | |
#11 0xa718cb in php_request_shutdown php-src/main/main.c:1756:3 | |
#12 0xde5a92 in fuzzer_request_shutdown php-src/sapi/fuzzer/fuzzer-sapi.c:196:2 | |
#13 0xde6091 in fuzzer_do_request_from_buffer php-src/sapi/fuzzer/fuzzer-sapi.c:267:2 | |
#14 0xde542b in LLVMFuzzerTestOneInput php-src/sapi/fuzzer/fuzzer-execute.c:69:2 | |
#15 0x47ef01 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:595:15 | |
#16 0x469fd2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 | |
#17 0x47008e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:852:9 | |
#18 0x498072 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | |
#19 0x7f7b18a6682f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291 | |
previously allocated by thread T0 here: | |
#0 0x547c9d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 | |
#1 0xb36ac9 in __zend_malloc php-src/Zend/zend_alloc.c:3030:14 | |
#2 0xb33a4e in tracked_malloc php-src/Zend/zend_alloc.c:2733:14 | |
#3 0xb362f7 in _malloc_custom php-src/Zend/zend_alloc.c:2418:10 | |
#4 0xb361ff in _emalloc php-src/Zend/zend_alloc.c:2537:10 | |
#5 0xda327c in zend_generator_create php-src/Zend/zend_generators.c:442:14 | |
#6 0xbcb2f6 in _object_and_properties_init php-src/Zend/zend_API.c:1438:3 | |
#7 0xbcb592 in object_init_ex php-src/Zend/zend_API.c:1452:9 | |
#8 0xcfe8d5 in ZEND_GENERATOR_CREATE_SPEC_HANDLER php-src/Zend/zend_vm_execute.h:2215:3 | |
#9 0xde5599 in fuzzer_execute_ex php-src/sapi/fuzzer/fuzzer-execute.c:40:14 | |
#10 0xc94208 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER php-src/Zend/zend_vm_execute.h:1925:4 | |
#11 0xde5599 in fuzzer_execute_ex php-src/sapi/fuzzer/fuzzer-execute.c:40:14 | |
#12 0xd9fc7d in zend_generator_resume php-src/Zend/zend_generators.c:860:4 | |
#13 0xda1cf3 in zim_Generator_next php-src/Zend/zend_generators.c:1023:2 | |
#14 0xc93792 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER php-src/Zend/zend_vm_execute.h:1853:4 | |
#15 0xde5599 in fuzzer_execute_ex php-src/sapi/fuzzer/fuzzer-execute.c:40:14 | |
#16 0xc24e26 in zend_execute php-src/Zend/zend_vm_execute.h:59928:2 | |
#17 0xde5fe9 in fuzzer_do_request_from_buffer php-src/sapi/fuzzer/fuzzer-sapi.c:259:5 | |
#18 0xde542b in LLVMFuzzerTestOneInput php-src/sapi/fuzzer/fuzzer-execute.c:69:2 | |
#19 0x47ef01 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:595:15 | |
#20 0x469fd2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 | |
#21 0x47008e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:852:9 | |
#22 0x498072 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | |
#23 0x7f7b18a6682f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment