Edit report at https://bugs.php.net/bug.php?id=63899&edit=1
ID: 63899 Updated by: larue...@php.net Reported by: slangley at google dot com Summary: Use after scope error in zend_compile -Status: Open +Status: Closed Type: Bug Package: Scripting Engine problem PHP Version: 5.4Git-2013-01-04 (Git) Block user comment: N Private report: N New Comment: Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489 Log: Fixed bug #63899 (Use after scope error in zend_compile) Previous Comments: ------------------------------------------------------------------------ [2013-01-04 01:16:35] slangley at google dot com Description: ------------ Address sanitizer detected a use after scope error in zend_compile.c - in the current GIT repository this problem starts at line 5044. if (CG(current_namespace)) { /* Prefix class name with name of current namespace */ znode tmp; tmp.u.constant = *CG(current_namespace); zval_copy_ctor(&tmp.u.constant); zend_do_build_namespace_name(&tmp, &tmp, class_name TSRMLS_CC); class_name = &tmp; efree(lcname); lcname = zend_str_tolower_dup(Z_STRVAL(class_name->u.constant), Z_STRLEN(class_name->u.constant)); } if (error) { char *tmp = zend_str_tolower_dup(Z_STRVAL_PP(ns_name), Z_STRLEN_PP(ns_name)); if (Z_STRLEN_PP(ns_name) != Z_STRLEN(class_name->u.constant) || memcmp(tmp, lcname, Z_STRLEN(class_name->u.constant))) { zend_error(E_COMPILE_ERROR, "Cannot declare class %s because the name is already in use", Z_STRVAL(class_name->u.constant)); } efree(tmp); } There is a scoped variable "znode tmp" on line 5046. It's address is assigned to the pointer class_name on line 5051 (class_name = &tmp). class_name is then used on line 5059 after the value it points to (tmp) has gone out of scope when the block finished on line 5054. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63899&edit=1