-
Notifications
You must be signed in to change notification settings - Fork 8k
Closed
Description
Description
The following code:
<?php
$element = new DOMElement ( "b" , null , "a" );
$element -> getAttributeNames ( );
Resulted in this output:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==73605==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8920f9d7fd bp 0x7ffdea887150 sp 0x7ffdea886908 T0)
==73605==The signal is caused by a READ memory access.
==73605==Hint: address points to the zero page.
#0 0x7f8920f9d7fd (/lib/x86_64-linux-gnu/libc.so.6+0x19d7fd) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#1 0x565035819a99 in strlen /opt/llvm-15-build/llvm-15.x/final/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc
#2 0x565035b9f889 in zim_DOMElement_getAttributeNames /tmp/php-afl/ext/dom/element.c:364:4
#3 0x565036b1ccb2 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /tmp/php-afl/Zend/zend_vm_execute.h
#4 0x565036a1e3a0 in execute_ex /tmp/php-afl/Zend/zend_vm_execute.h:58486:7
#5 0x565036a1f1b7 in zend_execute /tmp/php-afl/Zend/zend_vm_execute.h:64138:2
#6 0x565036f04384 in zend_execute_script /tmp/php-afl/Zend/zend.c:1928:3
#7 0x5650365d3b0e in php_execute_script_ex /tmp/php-afl/main/main.c:2574:13
#8 0x565036f0df4c in do_cli /tmp/php-afl/sapi/cli/php_cli.c:935:5
#9 0x565036f09c91 in main /tmp/php-afl/sapi/cli/php_cli.c:1310:18
#10 0x7f8920e29d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#11 0x7f8920e29e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#12 0x565035802a24 in _start (/workspaces/TriFuzz/targets/php-afl/bin/php+0x402a24)
But I expected this output instead:
no crash
PHP Version
PHP 8.4.0-dev
Operating System
No response