Bug #63899 [Csd]: Use after scope error in zend_compile

Thu, 03 Jan 2013 19:03:50 -0800 

Edit report at https://bugs.php.net/bug.php?id=63899&edit=1

 ID:                 63899
 Updated by:         larue...@php.net
 Reported by:        slangley at google dot com
 Summary:            Use after scope error in zend_compile
 Status:             Closed
 Type:               Bug
 Package:            Scripting Engine problem
 PHP Version:        5.4Git-2013-01-04 (Git)
-Assigned To:        
+Assigned To:        laruence
 Block user comment: N
 Private report:     N

 New Comment:

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

slangley thanks,  I think it should be a typo :)


Previous Comments:
------------------------------------------------------------------------
[2013-01-04 03:02:25] larue...@php.net

Automatic comment on behalf of laruence
Revision: 
http://git.php.net/?p=php-src.git;a=commit;h=c3e6de2227f0200b9db318e181603ffba7991489
Log: Fixed bug #63899 (Use after scope error in zend_compile)

------------------------------------------------------------------------
[2013-01-04 01:16:35] slangley at google dot com

Description:
------------
Address sanitizer detected a use after scope error in zend_compile.c - in the 
current GIT repository this problem starts at line 5044.

        if (CG(current_namespace)) {
                /* Prefix class name with name of current namespace */
                znode tmp;

                tmp.u.constant = *CG(current_namespace);
                zval_copy_ctor(&tmp.u.constant);
                zend_do_build_namespace_name(&tmp, &tmp, class_name TSRMLS_CC);
                class_name = &tmp;
                efree(lcname);
                lcname = zend_str_tolower_dup(Z_STRVAL(class_name->u.constant), 
Z_STRLEN(class_name->u.constant));
        }

        if (error) {
                char *tmp = zend_str_tolower_dup(Z_STRVAL_PP(ns_name), 
Z_STRLEN_PP(ns_name));

                if (Z_STRLEN_PP(ns_name) != Z_STRLEN(class_name->u.constant) ||
                        memcmp(tmp, lcname, Z_STRLEN(class_name->u.constant))) {
                        zend_error(E_COMPILE_ERROR, "Cannot declare class %s 
because the name is already in use", Z_STRVAL(class_name->u.constant));
                }
                efree(tmp);
        }


There is a scoped variable "znode tmp" on line 5046. It's address is assigned 
to 
the 
pointer class_name on line 5051 (class_name = &tmp). class_name is then used on 
line 5059 after the 
value it points to (tmp) has gone out of scope when the block finished on line 
5054.



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=63899&edit=1

Reply via email to