oss_fuzz_71382.phpt - OpenGrok history log for /php-src/Zend/tests/lazy_objects/oss_fuzz

Revision		Date	Author	Comments
# 17d46bb3		17-Sep-2024	Arnaud Le Blanc	Fix oss-fuzz #71382 (#15854) The return value of zho_build_properties_ex() is passed to ZVAL_ARR(), which sets the IS_TYPE_REFCOUNTED flag. Returning &zend_emtpy_array will crash later when Fix oss-fuzz #71382 (#15854) The return value of zho_build_properties_ex() is passed to ZVAL_ARR(), which sets the IS_TYPE_REFCOUNTED flag. Returning &zend_emtpy_array will crash later when trying to dtor the zval. I'm fixing this by returning zend_new_array(0) instead of &zend_empty_array. An alternative was to make ZVAL_ARR() aware of immutable arrays, like ZVAL_STR() is with interned strings, but I found no other problematic cases. show more ...

Revision

Date

Author

Comments

# 17d46bb3

17-Sep-2024

Arnaud Le Blanc

Fix oss-fuzz #71382 (#15854)

The return value of zho_build_properties_ex() is passed to ZVAL_ARR(), which sets the IS_TYPE_REFCOUNTED flag. Returning &zend_emtpy_array will crash later when

Fix oss-fuzz #71382 (#15854)

The return value of zho_build_properties_ex() is passed to ZVAL_ARR(), which sets the IS_TYPE_REFCOUNTED flag. Returning &zend_emtpy_array will crash later when trying to dtor the zval.

I'm fixing this by returning zend_new_array(0) instead of &zend_empty_array.

An alternative was to make ZVAL_ARR() aware of immutable arrays, like ZVAL_STR() is with interned strings, but I found no other problematic cases.