<?php$sx1 =newSimpleXMLElement("<root />");$sx1->node[0] ='node1';$node =$sx1->node[0];$node[0] ='ÂÂc';// contains repeated byte \xC2print$sx1->asXML();?>

===================================================================3614420==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000000 at pc 0x560456f4c11d bp 0x7ffff6e00130 sp 0x7ffff6e00120READ of size 8 at 0x603000000000 thread T0    #0 0x560456f4c11c in zend_mm_free_heap /home/benchmarks/php/program/Zend/zend_alloc.c:1540    #1 0x560456f4c11c in _efree /home/benchmarks/php/program/Zend/zend_alloc.c:2773    #2 0x5604570ce77c in zval_ptr_dtor_nogc /home/benchmarks/php/program/Zend/zend_variables.h:36    #3 0x5604570ce77c in ZEND_ECHO_SPEC_TMPVAR_HANDLER /home/benchmarks/php/program/Zend/zend_vm_execute.h:15166    #4 0x5604573585fa in execute_ex /home/benchmarks/php/program/Zend/zend_vm_execute.h:60745    #5 0x5604573bd364 in zend_execute /home/benchmarks/php/program/Zend/zend_vm_execute.h:64334    #6 0x56045757fd0f in zend_execute_script /home/benchmarks/php/program/Zend/zend.c:1943    #7 0x560456d2423f in php_execute_script_ex /home/benchmarks/php/program/main/main.c:2594    #8 0x560457585df8 in do_cli /home/benchmarks/php/program/sapi/cli/php_cli.c:952    #9 0x5604561264d0 in main /home/benchmarks/php/program/sapi/cli/php_cli.c:1363    #10 0x7f2eb21e2082 in __libc_start_main (/usr/lib/x86_64-linux-gnu/libc.so.6+0x24082)    #11 0x560456126e7d in _start (/home/benchmarks/php/program/sapi/cli/php+0x2123e7d)0x603000000000 is located 16 bytes to the left of 22-byte region [0x603000000010,0x603000000026)allocated by thread T0 here:    #0 0x7f2eb320e3ed in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cc:445    #1 0x5604575a6751 in save_ps_args /home/benchmarks/php/program/sapi/cli/ps_title.c:200    #2 0x560456125d60 in main /home/benchmarks/php/program/sapi/cli/php_cli.c:1217    #3 0x7f2eb21e2082 in __libc_start_main (/usr/lib/x86_64-linux-gnu/libc.so.6+0x24082)SUMMARY: AddressSanitizer: heap-buffer-overflow /home/benchmarks/php/program/Zend/zend_alloc.c:1540 in zend_mm_free_heapShadow bytes around the buggy address:  0x0c067fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00=>0x0c067fff8000:[fa]fa 00 00 06 fa fa fa 00 00 00 00 fa fa 00 00  0x0c067fff8010: 00 04 fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa  0x0c067fff8020: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00  0x0c067fff8030: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00  0x0c067fff8040: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa  0x0c067fff8050: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00Shadow byte legend (one shadow byte represents 8 application bytes):  Addressable:           00  Partially addressable: 01 02 03 04 05 06 07   Heap left redzone:       fa  Freed heap region:       fd  Stack left redzone:      f1  Stack mid redzone:       f2  Stack right redzone:     f3  Stack after return:      f5  Stack use after scope:   f8  Global redzone:          f9  Global init order:       f6  Poisoned by user:        f7  Container overflow:      fc  Array cookie:            ac  Intra object redzone:    bb  ASan internal:           fe  Left alloca redzone:     ca  Right alloca redzone:    cb  Shadow gap:              cc==3614420==ABORTING

<?xml version="1.0" encoding="ISO-8859-1"?><root><node>??c</node></root>

./php-src/sapi/cli/php input.php

2d6b869

PHP 8.5.0-dev (cli) (built: May 19 2025 07:57:48) (NTS)Copyright (c) The PHP GroupZend Engine v4.5.0-dev, Copyright (c) Zend Technologies