Fuzzer php-fuzz-execute crashing case in _zend_is_inconsistent #19844
Description
Description
Hi, we found a crashing test case when testing with the fuzzing driver php-fuzz-execute.
The following code:
<?php
class li0
{
static $f;
private $o;
function stream_open()
{
return true;
}
function stream_read()
{
}
function stream_eof()
{
include "li0://";
}
function stream_close()
{
[n];
}
function s()
{
}
}
str_repeat("", 0);
$s = "";
stream_wrapper_register("li0", li0::class);
include "li0://";Resulted in this output:
/src/php-src/Zend/zend_hash.c(2678) : ht=0x1b3fcb8 is already destroyed
php-fuzz-execute: /src/php-src/Zend/zend_hash.c:73: void _zend_is_inconsistent(const HashTable *, const char *, int): Assertion `0' failed.
PHP Version
Commid id: d6300a3
Operating System
Linux