Segmentation fault (access null pointer) in ext/spl/spl_directory.c

YuanchengJiang commented 1 week ago

Description

The following code:

<?php
$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar.zip';
$phar = new Phar($fname);
$script1_dataflow = $phar;
class HasDestructor {
  public function __destruct() {
    var_dump($GLOBALS['s']);
  }
}
$s = new SplObjectStorage();
$s[$script1_dataflow] = new HasDestructor();
$script2_connect=$s;

Resulted in this output:

object(SplObjectStorage)#2 (1) {
  ["storage":"SplObjectStorage":private]=>
  array(1) {
    [0]=>
    array(2) {
      ["obj"]=>
      Segmentation fault (core dumped)

ASan

/php-src/ext/spl/spl_directory.c:637:7: runtime error: member access within null pointer of type 'php_stream' (aka 'struct _php_stream')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/spl/spl_directory.c:637:7

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

devnexen commented 1 week ago

seems to be a case on reading on an already destroyed instance. I do not know really what s the most appropriate value to display e.g. false maybe for the glob part. cc @girgias if you prefer to take of it yourself.

Girgias commented 5 days ago

I won't have time for a bit to look into those issues, will probably have more time when feature freeze is passed.

devnexen commented 5 days ago

Yes I noticed it, thus I did a PR :)

php / php-src