Closed as not planned
Description
Description
The following code:
<?php
$cls = new SplQueue();
$data_file = __DIR__ . '/vfprintf_basic9.txt';
if (!($fp = fopen($data_file, 'wt')))
vfprintf($fp, $format2, $arg2);
try {zend_delref($fp);} catch (Exception $e) { echo($e); }
try {$cls->unshift($fp);} catch (Exception $e) { echo($e); }Resulted in this output:
/home/phpfuzz/WorkSpace/flowfusion/php-src/ext/spl/spl_dllist.c:210:15: runtime error: member access within misaligned address 0x75ffbc44a781 for type 'struct _spl_ptr_llist_element', which requires 8 byte alignment
0x75ffbc44a781: note: pointer points here
00 00 00 c0 a7 44 bc ff 75 00 00 00 a8 44 bc ff 75 00 00 90 0f c1 40 00 00 00 00 06 00 00 00 01
^
#0 0x2ecf298 in spl_ptr_llist_pop /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/spl/spl_dllist.c:210:15
#1 0x2eec787 in spl_dllist_object_free_storage /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/spl/spl_dllist.c:300:4
#2 0x575f651 in zend_objects_store_del /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_objects_API.c:194:4
#3 0x5871b37 in rc_dtor_func /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.c:57:2
#4 0x5871dbe in i_zval_ptr_dtor /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.h:45:4
#5 0x5871b74 in zval_ptr_dtor /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_variables.c:84:2
#6 0x539d551 in _zend_hash_del_el_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:1486:3
#7 0x539accd in _zend_hash_del_el /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:1513:2
#8 0x53b4614 in zend_hash_reverse_apply /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_hash.c:2229:5
#9 0x4ac195c in shutdown_destructors /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_execute_API.c:260:4
#10 0x58ba83b in zend_call_destructors /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1335:3
#11 0x40abc33 in php_request_shutdown /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:1929:3
#12 0x58e6841 in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1159:3
#13 0x58db81f in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1363:18
#14 0x75ffc2d48d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#15 0x75ffc2d48e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#16 0x606194 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x606194)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/spl/spl_dllist.c:210:15 in
To reproduce:
./php-src/sapi/cli/php ./test.php
Commit:
7361a1206d28810800d9ecf191d11b08dce7d03f
Configurations:
CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv
Operating System:
Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest
This report is automatically generated by FlowFusion
Shall I exclude all bugs having zend_delref?
PHP Version
7361a1206d28810800d9ecf191d11b08dce7d03f
Operating System
No response