From: slangley at google dot com Operating system: PHP version: 5.4Git-2013-01-04 (Git) Package: Scripting Engine problem Bug Type: Bug Bug description:Use after scope error in zend_compile
Description: ------------ Address sanitizer detected a use after scope error in zend_compile.c - in the current GIT repository this problem starts at line 5044. if (CG(current_namespace)) { /* Prefix class name with name of current namespace */ znode tmp; tmp.u.constant = *CG(current_namespace); zval_copy_ctor(&tmp.u.constant); zend_do_build_namespace_name(&tmp, &tmp, class_name TSRMLS_CC); class_name = &tmp; efree(lcname); lcname = zend_str_tolower_dup(Z_STRVAL(class_name->u.constant), Z_STRLEN(class_name->u.constant)); } if (error) { char *tmp = zend_str_tolower_dup(Z_STRVAL_PP(ns_name), Z_STRLEN_PP(ns_name)); if (Z_STRLEN_PP(ns_name) != Z_STRLEN(class_name->u.constant) || memcmp(tmp, lcname, Z_STRLEN(class_name->u.constant))) { zend_error(E_COMPILE_ERROR, "Cannot declare class %s because the name is already in use", Z_STRVAL(class_name->u.constant)); } efree(tmp); } There is a scoped variable "znode tmp" on line 5046. It's address is assigned to the pointer class_name on line 5051 (class_name = &tmp). class_name is then used on line 5059 after the value it points to (tmp) has gone out of scope when the block finished on line 5054. -- Edit bug report at https://bugs.php.net/bug.php?id=63899&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=63899&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=63899&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=63899&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=63899&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=63899&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=63899&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=63899&r=needscript Try newer version: https://bugs.php.net/fix.php?id=63899&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=63899&r=support Expected behavior: https://bugs.php.net/fix.php?id=63899&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=63899&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=63899&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=63899&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63899&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=63899&r=dst IIS Stability: https://bugs.php.net/fix.php?id=63899&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=63899&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=63899&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=63899&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=63899&r=mysqlcfg