Skip to content

Null pointer dereference in php_mail_detect_multiple_crlf via error_log #20858

New issue
New issue
Closed
Closed
Null pointer dereference in php_mail_detect_multiple_crlf via error_log#20858
Labels
BugExtension: standardStatus: Verified
@vi3tL0u1s

Description

@vi3tL0u1s
vi3tL0u1s
opened on Jan 7, 2026

Description

The following code:

<?php
error_log(0, 1, null);

Resulted in this output:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==3594876==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x55c0f17d1f74 bp 0x7ffc42e8e910 sp 0x7ffc42e8e900 T0)
==3594876==The signal is caused by a READ memory access.
==3594876==Hint: address points to the zero page.
    #0 0x55c0f17d1f74 in php_mail_detect_multiple_crlf /path/to/php-src/ext/standard/mail.c:402
    #1 0x55c0f17d2bf7 in php_mail /path/to/php-src/ext/standard/mail.c:528
    #2 0x55c0f170aeca in _php_error_log /path/to/php-src/ext/standard/basic_functions.c:1356
    #3 0x55c0f170ad5d in zif_error_log /path/to/php-src/ext/standard/basic_functions.c:1344
    #4 0x55c0f1c89778 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /path/to/php-src/Zend/zend_vm_execute.h:1355
    #5 0x55c0f1df3fd8 in execute_ex /path/to/php-src/Zend/zend_vm_execute.h:116436
    #6 0x55c0f1e09204 in zend_execute /path/to/php-src/Zend/zend_vm_execute.h:121924
    #7 0x55c0f1f77d98 in zend_execute_script /path/to/php-src/Zend/zend.c:1981
    #8 0x55c0f1992f40 in php_execute_script_ex /path/to/php-src/main/main.c:2645
    #9 0x55c0f19933ab in php_execute_script /path/to/php-src/main/main.c:2685
    #10 0x55c0f1f7dd19 in do_cli /path/to/php-src/sapi/cli/php_cli.c:951
    #11 0x55c0f1f80489 in main /path/to/php-src/sapi/cli/php_cli.c:1362

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /path/to/php-src/ext/standard/mail.c:402 in php_mail_detect_multiple_crlf
==3594876==ABORTING

Commit

643cf6253e5

Configurations

CC="clang" CXX="clang++" CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" ./configure --enable-debug --enable-address-sanitizer --disable-shared --with-pic

PHP Version

PHP 8.6.0-dev (cli) (built: Jan  8 2026 01:22:30) (NTS DEBUG)
Copyright (c) The PHP Group
Zend Engine v4.6.0-dev, Copyright (c) Zend Technologies
    with Zend OPcache v8.6.0-dev, Copyright (c), by Zend Technologies

Operating System

Ubuntu 22.04

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugExtension: standardStatus: Verified

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions