-
Notifications
You must be signed in to change notification settings - Fork 7.9k
Closed
Description
Description
phpdbg memory leaks by misuse of the option "-h"
When the program input contains the option of "-h", the program will cause memory leaks and cause crash.
Test Environment
Ubuntu 20.04, 64 bit PHP (version: 8.0.23)
How to trigger
- Compile the program with AddressSanitizer
$ CC=/home/root/AFLplusplus/afl-clang-fast CXX=/home/root/AFLplusplus/afl-clang-fast++ CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=
pwd/install
- Run command
$ ./phpdbg -h
Details
ASAN report
$ ./phpdbg -h
�[1mphpdbg�[0m is a lightweight, powerful and easy to use debugging platform for
PHP5.4+
It supports the following commands:
�[1mInformation�[0m
�[1mlist�[0m list PHP source
�[1minfo�[0m displays information on the debug session
�[1mprint�[0m show opcodes
�[1mframe�[0m select a stack frame and print a stack frame summary
�[1mgenerator�[0m show active generators or select a generator frame
�[1mback�[0m shows the current backtrace
�[1mhelp�[0m provide help on a topic
�[1mStarting and Stopping Execution�[0m
�[1mexec�[0m set execution context
�[1mstdin�[0m set executing script from stdin
�[1mrun�[0m attempt execution
�[1mstep�[0m continue execution until other line is reached
�[1mcontinue�[0m continue execution
�[1muntil�[0m continue execution up to the given location
�[1mnext�[0m continue execution up to the given location and halt on the first
line after it
�[1mfinish�[0m continue up to end of the current execution frame
�[1mleave�[0m continue up to end of the current execution frame and halt after
the calling instruction
�[1mbreak�[0m set a breakpoint at the specified target
�[1mwatch�[0m set a watchpoint on $variable
�[1mclear�[0m clear one or all breakpoints
�[1mclean�[0m clean the execution environment
�[1mMiscellaneous�[0m
�[1mset�[0m set the phpdbg configuration
�[1msource�[0m execute a phpdbginit script
�[1mregister�[0m register a phpdbginit function as a command alias
�[1msh�[0m shell a command
�[1mev�[0m evaluate some code
�[1mquit�[0m exit phpdbg
Type �[1mhelp <command>�[0m or (�[1mhelp alias�[0m) to get detailed help on any of the above
---Type <return> to continue or q <return> to quit---
commands, for example �[1mhelp list�[0m or �[1mh l�[0m. Note that help will also match
partial commands if unique (and list out options if not unique), so �[1mhelp exp�[0m
will give help on the �[1mexport�[0m command, but �[1mhelp ex�[0m will list the summary for
�[1mexec�[0m and �[1mexport�[0m.
Type �[1mhelp aliases�[0m to show a full alias list, including any registered phpdginit
functions
Type �[1mhelp syntax�[0m for a general introduction to the command syntax.
Type �[1mhelp options�[0m for a list of phpdbg command line options.
Type �[1mhelp phpdbginit�[0m to show how to customise the debugger environment.
requested help page could not be found
=================================================================
==865119==ERROR: LeakSanitizer: detected memory leaks
SUMMARY: AddressSanitizer: 6528 byte(s) leaked in 204 allocation(s).
The complete asan report can be seen from ASANReport
PHP Version
PHP 8.0.23
Operating System
No response