PHP 7.2.6 SIGSEGV #61
Description
Not sure how to debug this, but when Taint is enabled, the following causes problems:
<?php
echo substr('abc', 0, 2);
?>
I'm wondering if this might have something to do with the op-code cache... as it works when it's using something that's variable (e.g. rand())... and it often works the first time it's run (but not always).
My current setup includes:
-
PHP 7.2.6, using
php-fpm, on MacOS 10.13.5, using:brew install httpd24 --with-privileged-ports --with-http2 brew install php72 --with-pear --with-fpm --with-homebrew-curl -
Taint 2.0.4, installed via
pecl install taint
And when running it from the command line, it's fine:
/usr/local/bin/php -f index.php
ab
The logs include:
/usr/local/var/log/php-fpm.log
[06-Jun-2018 16:49:10] WARNING: [pool www] child 22475 exited on signal 11 (SIGSEGV) after 3.296677 seconds from start
[06-Jun-2018 16:49:10] NOTICE: [pool www] child 22478 started
/private/var/log/apache2/error_log
[Wed Jun 06 16:49:10.121028 2018] [proxy_fcgi:error] [pid 21745:tid 123145330524160] [client 10.211.55.2:55360] AH01067: Failed to read FastCGI header
[Wed Jun 06 16:49:10.121247 2018] [proxy_fcgi:error] [pid 21745:tid 123145330524160] (54)Connection reset by peer: [client 10.211.55.2:55360] AH01075: Error dispatching request to :
/private/var/log/apache2/access_log
10.211.55.2 - - [-] [-] [2018-06-06 16:49:10] "GET / HTTP/2.0" 503 299 "-" "curl/7.54.0"
And the php.log is empty.
I assume it's un-related, but the script:
<?php
echo substr(rand(1, 2), 0, 2);
?>
Won't complain when rand() returns 2, but does when it returns 1:
<br />
<b>Warning</b>: main() [echo]: Attempt to echo a string that might be tainted in <b>.../index.php</b> on line <b>2</b><br />
1