Closed
Description
Description
The following code:
<?php
class Foo {
public function __toString() {
}
}
function test(string $foo = new Foo() > '') {
var_dump($foo);
}
test();
?>Resulted in this output by the fuzzing driver php-fuzz-execute:
php-fuzz-execute: Zend/zend_vm_execute.h:4135: const zend_op *ZEND_INIT_FCALL_SPEC_CONST_HANDLER(zend_execute_data *, const zend_op *): Assertion `!(executor_globals.exception)' failed.
==732252== ERROR: libFuzzer: deadly signal
...
#9 0x7f9e9117b7f2 in abort stdlib/abort.c:79:7
#10 0x7f9e9117b71a in __assert_fail_base assert/assert.c:94:3
#11 0x7f9e9118ce95 in __assert_fail assert/assert.c:103:3
#12 0xfdefc2 in ZEND_INIT_FCALL_SPEC_CONST_HANDLER /src/php-src/Zend/zend_vm_execute.h:4135:2
#13 0x12609fd in fuzzer_execute_ex /src/php-src/sapi/fuzzer/fuzzer-execute-common.h:59:12
#14 0xfdc7a9 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /src/php-src/Zend/zend_vm_execute.h:1972:4
#15 0x12609fd in fuzzer_execute_ex /src/php-src/sapi/fuzzer/fuzzer-execute-common.h:59:12
#16 0xf39af4 in zend_execute /src/php-src/Zend/zend_vm_execute.h:64220:2
#17 0x12615cc in fuzzer_do_request_from_buffer /src/php-src/sapi/fuzzer/fuzzer-sapi.c:274:5
#18 0x126083f in LLVMFuzzerTestOneInput /src/php-src/sapi/fuzzer/fuzzer-execute.c:27:2
PHP Version
c7db07eae85587c3ebacdf841ec30597899516aa (2025-05-25 14:24:53+0200)
Operating System
No response