PHP 7.2.6 SIGSEGV

[craigfrancis]

Not sure how to debug this, but when Taint is enabled, the following causes problems:

<?php
    echo substr('abc', 0, 2);
?>

I'm wondering if this might have something to do with the op-code cache... as it works when it's using something that's variable (e.g. rand())... and it often works the first time it's run (but not always).

My current setup includes:

• PHP 7.2.6, using php-fpm, on MacOS 10.13.5, using:

  brew install httpd24 --with-privileged-ports --with-http2
  brew install php72 --with-pear --with-fpm --with-homebrew-curl

• Taint 2.0.4, installed via pecl install taint

And when running it from the command line, it's fine:

/usr/local/bin/php -f index.php
ab

The logs include:

/usr/local/var/log/php-fpm.log

[06-Jun-2018 16:49:10] WARNING: [pool www] child 22475 exited on signal 11 (SIGSEGV) after 3.296677 seconds from start
[06-Jun-2018 16:49:10] NOTICE: [pool www] child 22478 started

/private/var/log/apache2/error_log

[Wed Jun 06 16:49:10.121028 2018] [proxy_fcgi:error] [pid 21745:tid 123145330524160] [client 10.211.55.2:55360] AH01067: Failed to read FastCGI header
[Wed Jun 06 16:49:10.121247 2018] [proxy_fcgi:error] [pid 21745:tid 123145330524160] (54)Connection reset by peer: [client 10.211.55.2:55360] AH01075: Error dispatching request to :

/private/var/log/apache2/access_log

10.211.55.2 - - [-] [-] [2018-06-06 16:49:10] "GET / HTTP/2.0" 503 299 "-" "curl/7.54.0"

And the php.log is empty.

---

I assume it's un-related, but the script:

<?php
    echo substr(rand(1, 2), 0, 2);
?>

Won't complain when rand() returns 2, but does when it returns 1:

<br />
<b>Warning</b>:  main() [echo]: Attempt to echo a string that might be tainted in <b>.../index.php</b> on line <b>2</b><br />
1

[laruence]

sorry for later (github's notices are not very visible...), it should be fixed now... please verify , thanks for reporting.

[staabm]

@laruence we also run into SIGSEV on php7.2. maybe its related to this issue.

was the fixed already released?

[laruence]

@staabm nope, will do soon... (I was waiting for 7.3 releasing) :>

[staabm]

@laruence is this issue fixed in the latest release?