Test: /ext/wddx/tests/bug73631.phpt - Version 5.6.30-dev        

Security #73631 Invalid read when wddx decodes empty boolean element
Submitted: 2016-12-01 03:52:09 Modified: 2016-12-13 11:51:35
From: bughunter Assigned: stas
Status: Closed Package: WDDX related
PHP Version: 5.6.28 OS: Linux

There are 3 different diffs reported by users for this test.

Count Diff
1 (33%)
002+ [Tue Dec 6 06:00:59 2016] Script: %s/bug73631.php'
003+ /home/travis/build/smalyshev/php-src/ext/wddx/wddx.c(772) : Freeing 0x7F3E05A48640 (32 bytes), %s/bug73631.php
004+ [Tue Dec 6 06:00:59 2016] Script: %s/bug73631.php'
005+ /home/travis/build/smalyshev/php-src/ext/standard/base64.c(156) : Freeing 0x7F3E05B17158 (1 bytes), %s/bug73631.php
006+ /home/travis/build/smalyshev/php-src/Zend/zend_alloc.c(2592) : Actual location (location was relayed)
007+ === Total 2 memory leaks detected ===
1 (33%)
002+ [Tue Dec 6 06:43:04 2016] Script: %s/bug73631.php'
003+ /home/travis/build/php/php-src/ext/wddx/wddx.c(772) : Freeing 0x7FBE3041DF00 (32 bytes), %s/bug73631.php
004+ [Tue Dec 6 06:43:04 2016] Script: %s/bug73631.php'
005+ /home/travis/build/php/php-src/ext/standard/base64.c(156) : Freeing 0x7FBE3041E070 (1 bytes), %s/bug73631.php
006+ /home/travis/build/php/php-src/Zend/zend_alloc.c(2592) : Actual location (location was relayed)
007+ === Total 2 memory leaks detected ===
1 (33%)
002+ [Tue Dec 6 14:24:53 2016] Script: %s/bug73631.php'
003+ /home/travis/build/php/php-src/ext/wddx/wddx.c(1060) : Freeing 0x7FF0E8E762C8 (1 bytes), %s/bug73631.php
004+ [Tue Dec 6 14:24:53 2016] Script: %s/bug73631.php'
005+ /home/travis/build/php/php-src/ext/wddx/wddx.c(772) : Freeing 0x7FF0E8F44F00 (32 bytes), %s/bug73631.php
006+ [Tue Dec 6 14:24:53 2016] Script: %s/bug73631.php'
007+ /home/travis/build/php/php-src/ext/standard/base64.c(156) : Freeing 0x7FF0E8F45070 (1 bytes), %s/bug73631.php
008+ /home/travis/build/php/php-src/Zend/zend_alloc.c(2592) : Actual location (location was relayed)
009+ === Total 3 memory leaks detected ===