[PHP-BUG] Bug #63899 [NEW]: Use after scope error in zend_compile

Thu, 03 Jan 2013 17:17:54 -0800 

From:             slangley at google dot com
Operating system: 
PHP version:      5.4Git-2013-01-04 (Git)
Package:          Scripting Engine problem
Bug Type:         Bug
Bug description:Use after scope error in zend_compile

Description:
------------
Address sanitizer detected a use after scope error in zend_compile.c - in
the 
current GIT repository this problem starts at line 5044.

        if (CG(current_namespace)) {
                /* Prefix class name with name of current namespace */
                znode tmp;

                tmp.u.constant = *CG(current_namespace);
                zval_copy_ctor(&tmp.u.constant);
                zend_do_build_namespace_name(&tmp, &tmp, class_name TSRMLS_CC);
                class_name = &tmp;
                efree(lcname);
                lcname = zend_str_tolower_dup(Z_STRVAL(class_name->u.constant), 
Z_STRLEN(class_name->u.constant));
        }

        if (error) {
                char *tmp = zend_str_tolower_dup(Z_STRVAL_PP(ns_name), 
Z_STRLEN_PP(ns_name));

                if (Z_STRLEN_PP(ns_name) != Z_STRLEN(class_name->u.constant) ||
                        memcmp(tmp, lcname, Z_STRLEN(class_name->u.constant))) {
                        zend_error(E_COMPILE_ERROR, "Cannot declare class %s 
because the name is already in use", Z_STRVAL(class_name->u.constant));
                }
                efree(tmp);
        }


There is a scoped variable "znode tmp" on line 5046. It's address is
assigned to 
the 
pointer class_name on line 5051 (class_name = &tmp). class_name is then
used on 
line 5059 after the 
value it points to (tmp) has gone out of scope when the block finished on
line 
5054.


-- 
Edit bug report at https://bugs.php.net/bug.php?id=63899&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63899&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63899&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63899&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63899&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63899&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63899&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63899&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63899&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63899&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63899&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63899&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63899&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63899&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63899&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63899&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63899&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63899&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63899&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63899&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63899&r=mysqlcfg

Reply via email to