Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Conditional jump or move depends on uninitialised value(s) #1284

Closed
ghost opened this issue Sep 24, 2013 · 2 comments
Closed

[BUG] Conditional jump or move depends on uninitialised value(s) #1284

ghost opened this issue Sep 24, 2013 · 2 comments

Comments

@ghost
Copy link

ghost commented Sep 24, 2013 

==4590== Conditional jump or move depends on uninitialised value(s)
==4590==    at 0xB2ACA58: phalcon_get_uri (url.c:40)
==4590==    by 0xB34D612: zim_Phalcon_Mvc_Url_getBaseUri (url.c:182)
==4590==    by 0xB2A933A: phalcon_alt_call_method (fcall.c:824)
==4590==    by 0xB2A9D74: phalcon_alt_call_user_method (fcall.c:947)
==4590==    by 0xB284FC8: phalcon_call_method_params_w (fcall.c:288)
==4590==    by 0xB28510E: phalcon_call_method_params (fcall.c:312)
==4590==    by 0xB34DDD3: zim_Phalcon_Mvc_Url_get (url.c:284)
==4590==    by 0xB2A933A: phalcon_alt_call_method (fcall.c:824)
==4590==    by 0xB2A9D74: phalcon_alt_call_user_method (fcall.c:947)
==4590==    by 0xB284FC8: phalcon_call_method_params_w (fcall.c:288)
==4590==    by 0xB28510E: phalcon_call_method_params (fcall.c:312)
==4590==    by 0xB285235: phalcon_call_method_one_param (fcall.c:335)
==4590== 
==4590== Conditional jump or move depends on uninitialised value(s)
==4590==    at 0xB2ACA5E: phalcon_get_uri (url.c:40)
==4590==    by 0xB34D612: zim_Phalcon_Mvc_Url_getBaseUri (url.c:182)
==4590==    by 0xB2A933A: phalcon_alt_call_method (fcall.c:824)
==4590==    by 0xB2A9D74: phalcon_alt_call_user_method (fcall.c:947)
==4590==    by 0xB284FC8: phalcon_call_method_params_w (fcall.c:288)
==4590==    by 0xB28510E: phalcon_call_method_params (fcall.c:312)
==4590==    by 0xB34DDD3: zim_Phalcon_Mvc_Url_get (url.c:284)
==4590==    by 0xB2A933A: phalcon_alt_call_method (fcall.c:824)
==4590==    by 0xB2A9D74: phalcon_alt_call_user_method (fcall.c:947)
==4590==    by 0xB284FC8: phalcon_call_method_params_w (fcall.c:288)
==4590==    by 0xB28510E: phalcon_call_method_params (fcall.c:312)
==4590==    by 0xB285235: phalcon_call_method_one_param (fcall.c:335)
==4590==

Happens both in 1.2.4 and 1.3.0
@ghost
Copy link
Author

ghost commented Sep 24, 2013 

void phalcon_get_uri(zval *return_value, zval *path) {

    int i, found = 0, mark = 0;
    char *cursor, *str, ch;

    if (Z_TYPE_P(path) != IS_STRING) {
        RETURN_EMPTY_STRING();
    }

    if (Z_STRLEN_P(path) > 0) {
        cursor = Z_STRVAL_P(path) + Z_STRLEN_P(path) - 1;
        for (i = Z_STRLEN_P(path); i >= 0; i--) {
            ch = *cursor;
            if (ch == '/' || ch == '\\') {
                found++;
                if (found == 1) {
                    mark = i - 1;
                } else {
                    str = emalloc(mark - i + 1);
                    memcpy(str, Z_STRVAL_P(path) + i, mark - i);
                    str[mark - i] = '\0';
                    ZVAL_STRINGL(return_value, str, mark - i, 0);
                    return;
                }
            }
            cursor--;
        }
    }

    RETURN_EMPTY_STRING();
}

When path does not contain / or \ (say, PHP is run in CLI mode and file name is test.php) and i becomes 0, cursor points one byte before path.

@ghost
Copy link
Author

ghost commented Sep 24, 2013 

==28344== Invalid read of size 4
==28344==    at 0x9EAE8E: _zval_ptr_dtor (zend.h:391)
==28344==    by 0xA005D4: _zval_ptr_dtor_wrapper (zend_variables.c:182)
==28344==    by 0xA18F1C: zend_hash_destroy (zend_hash.c:560)
==28344==    by 0xA0010E: _zval_dtor_func (zend_variables.c:45)
==28344==    by 0xA514FA: zend_do_fcall_common_helper_SPEC (zend_variables.h:35)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344==    by 0xB8EBF1: do_cli (php_cli.c:988)
==28344==    by 0xB901F5: main (php_cli.c:1364)
==28344==  Address 0x1182c580 is 16 bytes inside a block of size 32 free'd
==28344==    at 0x4A08A6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28344==    by 0x9BDB5C: _efree (zend_alloc.c:2433)
==28344==    by 0x9EAF82: _zval_ptr_dtor (zend_execute_API.c:439)
==28344==    by 0xB714FCD: phalcon_memory_restore_stack_common (memory.c:162)
==28344==    by 0xB715296: phalcon_memory_restore_stack (memory.c:217)
==28344==    by 0xB7AF2BC: zim_Phalcon_Tag_linkTo (tag.c:552)
==28344==    by 0xB6EEF16: phalcon_execute_internal (phalcon.c:385)
==28344==    by 0xA50379: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:644)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344== 
==28344== Invalid write of size 4
==28344==    at 0x9EAE98: _zval_ptr_dtor (zend.h:391)
==28344==    by 0xA005D4: _zval_ptr_dtor_wrapper (zend_variables.c:182)
==28344==    by 0xA18F1C: zend_hash_destroy (zend_hash.c:560)
==28344==    by 0xA0010E: _zval_dtor_func (zend_variables.c:45)
==28344==    by 0xA514FA: zend_do_fcall_common_helper_SPEC (zend_variables.h:35)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344==    by 0xB8EBF1: do_cli (php_cli.c:988)
==28344==    by 0xB901F5: main (php_cli.c:1364)
==28344==  Address 0x1182c580 is 16 bytes inside a block of size 32 free'd
==28344==    at 0x4A08A6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28344==    by 0x9BDB5C: _efree (zend_alloc.c:2433)
==28344==    by 0x9EAF82: _zval_ptr_dtor (zend_execute_API.c:439)
==28344==    by 0xB714FCD: phalcon_memory_restore_stack_common (memory.c:162)
==28344==    by 0xB715296: phalcon_memory_restore_stack (memory.c:217)
==28344==    by 0xB7AF2BC: zim_Phalcon_Tag_linkTo (tag.c:552)
==28344==    by 0xB6EEF16: phalcon_execute_internal (phalcon.c:385)
==28344==    by 0xA50379: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:644)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344== 
==28344== Invalid read of size 4
==28344==    at 0x9EAEAA: _zval_ptr_dtor (zend.h:379)
==28344==    by 0xA005D4: _zval_ptr_dtor_wrapper (zend_variables.c:182)
==28344==    by 0xA18F1C: zend_hash_destroy (zend_hash.c:560)
==28344==    by 0xA0010E: _zval_dtor_func (zend_variables.c:45)
==28344==    by 0xA514FA: zend_do_fcall_common_helper_SPEC (zend_variables.h:35)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344==    by 0xB8EBF1: do_cli (php_cli.c:988)
==28344==    by 0xB901F5: main (php_cli.c:1364)
==28344==  Address 0x1182c580 is 16 bytes inside a block of size 32 free'd
==28344==    at 0x4A08A6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28344==    by 0x9BDB5C: _efree (zend_alloc.c:2433)
==28344==    by 0x9EAF82: _zval_ptr_dtor (zend_execute_API.c:439)
==28344==    by 0xB714FCD: phalcon_memory_restore_stack_common (memory.c:162)
==28344==    by 0xB715296: phalcon_memory_restore_stack (memory.c:217)
==28344==    by 0xB7AF2BC: zim_Phalcon_Tag_linkTo (tag.c:552)
==28344==    by 0xB6EEF16: phalcon_execute_internal (phalcon.c:385)
==28344==    by 0xA50379: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:644)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344== 
==28344== Invalid read of size 4
==28344==    at 0x9EAFA7: _zval_ptr_dtor (zend.h:379)
==28344==    by 0xA005D4: _zval_ptr_dtor_wrapper (zend_variables.c:182)
==28344==    by 0xA18F1C: zend_hash_destroy (zend_hash.c:560)
==28344==    by 0xA0010E: _zval_dtor_func (zend_variables.c:45)
==28344==    by 0xA514FA: zend_do_fcall_common_helper_SPEC (zend_variables.h:35)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344==    by 0xB8EBF1: do_cli (php_cli.c:988)
==28344==    by 0xB901F5: main (php_cli.c:1364)
==28344==  Address 0x1182c580 is 16 bytes inside a block of size 32 free'd
==28344==    at 0x4A08A6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28344==    by 0x9BDB5C: _efree (zend_alloc.c:2433)
==28344==    by 0x9EAF82: _zval_ptr_dtor (zend_execute_API.c:439)
==28344==    by 0xB714FCD: phalcon_memory_restore_stack_common (memory.c:162)
==28344==    by 0xB715296: phalcon_memory_restore_stack (memory.c:217)
==28344==    by 0xB7AF2BC: zim_Phalcon_Tag_linkTo (tag.c:552)
==28344==    by 0xB6EEF16: phalcon_execute_internal (phalcon.c:385)
==28344==    by 0xA50379: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:644)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344== 
==28344== Invalid read of size 1
==28344==    at 0x9EAFD9: _zval_ptr_dtor (zend_gc.h:182)
==28344==    by 0xA005D4: _zval_ptr_dtor_wrapper (zend_variables.c:182)
==28344==    by 0xA18F1C: zend_hash_destroy (zend_hash.c:560)
==28344==    by 0xA0010E: _zval_dtor_func (zend_variables.c:45)
==28344==    by 0xA514FA: zend_do_fcall_common_helper_SPEC (zend_variables.h:35)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344==    by 0xB8EBF1: do_cli (php_cli.c:988)
==28344==    by 0xB901F5: main (php_cli.c:1364)
==28344==  Address 0x1182c584 is 20 bytes inside a block of size 32 free'd
==28344==    at 0x4A08A6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28344==    by 0x9BDB5C: _efree (zend_alloc.c:2433)
==28344==    by 0x9EAF82: _zval_ptr_dtor (zend_execute_API.c:439)
==28344==    by 0xB714FCD: phalcon_memory_restore_stack_common (memory.c:162)
==28344==    by 0xB715296: phalcon_memory_restore_stack (memory.c:217)
==28344==    by 0xB7AF2BC: zim_Phalcon_Tag_linkTo (tag.c:552)
==28344==    by 0xB6EEF16: phalcon_execute_internal (phalcon.c:385)
==28344==    by 0xA50379: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:644)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344== 
==28344== Invalid read of size 1
==28344==    at 0x9EAFE5: _zval_ptr_dtor (zend_gc.h:182)
==28344==    by 0xA005D4: _zval_ptr_dtor_wrapper (zend_variables.c:182)
==28344==    by 0xA18F1C: zend_hash_destroy (zend_hash.c:560)
==28344==    by 0xA0010E: _zval_dtor_func (zend_variables.c:45)
==28344==    by 0xA514FA: zend_do_fcall_common_helper_SPEC (zend_variables.h:35)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344==    by 0xB8EBF1: do_cli (php_cli.c:988)
==28344==    by 0xB901F5: main (php_cli.c:1364)
==28344==  Address 0x1182c584 is 20 bytes inside a block of size 32 free'd
==28344==    at 0x4A08A6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28344==    by 0x9BDB5C: _efree (zend_alloc.c:2433)
==28344==    by 0x9EAF82: _zval_ptr_dtor (zend_execute_API.c:439)
==28344==    by 0xB714FCD: phalcon_memory_restore_stack_common (memory.c:162)
==28344==    by 0xB715296: phalcon_memory_restore_stack (memory.c:217)
==28344==    by 0xB7AF2BC: zim_Phalcon_Tag_linkTo (tag.c:552)
==28344==    by 0xB6EEF16: phalcon_execute_internal (phalcon.c:385)
==28344==    by 0xA50379: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:644)
==28344==    by 0xA5194F: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:752)
==28344==    by 0xA4DFDD: execute (zend_vm_execute.h:410)
==28344==    by 0xA05A4D: zend_execute_scripts (zend.c:1309)
==28344==    by 0x944BEF: php_execute_script (main.c:2482)
==28344==

This was referenced Sep 24, 2013
Merged
Merged
phalcon pushed a commit that referenced this issue Sep 24, 2013
Merge pull request #1287 from sjinks/1.2.4
f87c44a 
[1.2.4] Fix #1284
phalcon pushed a commit that referenced this issue Sep 24, 2013
Merge pull request #1286 from sjinks/issue-1284
4b81f53 
[1.3.0] Fix #1284
@ghost ghost closed this as completed Sep 24, 2013
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants