Skip to content

Segmentation fault in snmpget #16959

New issue
New issue
Closed
Closed
Segmentation fault in snmpget#16959
Assignees
devnexen
Labels
BugExtension: snmpStatus: Verified
@YuanchengJiang

Description

@YuanchengJiang
YuanchengJiang
opened on Nov 27, 2024

Description

The following code:

<?php
$unsorted_oct_array = array (
077 => 077, -066 => -066, -0345 => -0345, 0 => 0
);
$fusion = $unsorted_oct_array;
var_dump((snmpget($hostname, $communityWrite, $fusion, $timeout, $retries) === $newvalue1));

Resulted in this output:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==2528537==ERROR: AddressSanitizer: SEGV on unknown address 0x0000413a56f8 (pc 0x000004c2ec79 bp 0x7ffd64b211e0 sp 0x7ffd64b20d20 T0)
==2528537==The signal is caused by a WRITE memory access.
    #0 0x4c2ec79 in _convert_to_string /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_operators.c:750:4
    #1 0x26a0123 in php_snmp_parse_oid /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/snmp/snmp.c:682:4
    #2 0x2681e93 in php_snmp /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/snmp/snmp.c:1247:7
    #3 0x26774a4 in zif_snmpget /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/snmp/snmp.c:1310:2
    #4 0x44ba9ea in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:1363:2
    #5 0x3fb01c7 in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:58595:7
    #6 0x3fb244c in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:64247:2
    #7 0x4d48a09 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1934:3
    #8 0x355e25a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2577:13
    #9 0x355f398 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2617:9
    #10 0x4d5cd1a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:938:5
    #11 0x4d571ff in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1313:18
    #12 0x7fb1c420ed8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #13 0x7fb1c420ee3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #14 0x605a64 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x605a64)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_operators.c:750:4 in _convert_to_string

To reproduce:

-d "opcache.protect_memory=1" -d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "opcache.enable_cli=1"

PHP Version

nightly

Operating System

ubuntu 22.04

Metadata

Metadata

Assignees

Labels

BugExtension: snmpStatus: Verified

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions