Open danog opened 11 months ago
I have had a closer look at this particular instance in php-src and apparently it is caused by repeated mmap
/munmap
calls with mmap
returning the same base-address. It seems ASAN doesn't correctly unpoison the memory region. Adding an explicit __asan_unpoison_memory_region
solves the issue for me.
```diff
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index caa2a6ad66..5a65ac6d41 100644
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -79,6 +79,9 @@
#include
Closing this, fixed upstream!
It seems to me like we shouldn't need explicit unpoisoning in this case.
Let's reopen this then :)
Ref https://github.com/php/php-src/issues/12670
Reproducers 10, 11, 12 cause stack-buffer-overflow and stack-buffer-underflow issues when running with
--repeat 2
andUSE_ZEND_ALLOC=1
: https://github.com/danog/jit_bugsAccording to maintainers @ php-src, these may or may not be false positives; opening this issue in case they are false positives that should be fixed here.
It's also strange that the issue only occurs when running with
--repeat 2
(just for reproducer 12). JIT is not necessary to reproduce (and is disabled in the reproducers).Results (reproducer 12):
Reproducer 11:
Reproducer 10:
PHP Version
f8c2d1ec2f2e2d844484b92d9a33f3cc2defbc31
Operating System
Ubuntu