PHP :: Bug #71435 :: Reproducible crash using opcache.file_cache

Bug #71435	Reproducible crash using opcache.file_cache_only=1 and class constant
Submitted:	2016-01-23 13:46 UTC	Modified:	2016-01-24 07:15 UTC
From:	wegvonhier+phpbugs at gmail dot com	Assigned:	laruence (profile)
Status:	Closed	Package:	opcache
PHP Version:	master-Git-2016-01-23 (snap)	OS:	Linux/Windows (x64)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	wegvonhier+phpbugs at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2016-01-23 13:46 UTC] wegvonhier+phpbugs at gmail dot com

Description:
------------
PHP crashes reproducibly (using the script listed below) on the **second** time the script is executed using the cli with the latest snapshotbuild(php-master-ts-windows-vc14-x64-r1091cec.zip) from windows.php.net using opcache.file_cache_only=1 (file cache path is set and a corresponding file is generated).

Version Info:
<snip>\php7-m>php --version
PHP 7.1.0-dev (cli) (built: Jan 23 2016 12:23:18) ( ZTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.1.0-dev, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

Test script:
---------------
<?php

class Foo {
	const BAR = '13';
}
echo Foo::BAR;

Expected result:
----------------
13

Actual result:
--------------
Access violation reading location 0x74B60403019

>	php_opcache.dll!zend_file_cache_unserialize_class_constant(_zval_struct * zv=0x0000074b60403019, _zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018) Zeile 1084	C
 	php_opcache.dll!zend_file_cache_unserialize_class_constant(_zval_struct * zv, _zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018) Zeile 1091	C
 	php_opcache.dll!zend_file_cache_unserialize_class_constant(_zval_struct * zv, _zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018) Zeile 1091	C
 	php_opcache.dll!zend_file_cache_unserialize_class_constant(_zval_struct * zv, _zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018) Zeile 1091	C
 	php_opcache.dll!zend_file_cache_unserialize_hash(_zend_array * ht, _zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018, void(*)(_zval_struct *, _zend_persistent_script *, void *) func=0x00007ffdd8b5eb70, void(*)(_zval_struct *) dtor=0x0000000000000000) Zeile 850	C
 	php_opcache.dll!zend_file_cache_unserialize_class(_zval_struct * zv, _zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018) Zeile 1136	C
 	php_opcache.dll!zend_file_cache_unserialize_hash(_zend_array * ht, _zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018, void(*)(_zval_struct *, _zend_persistent_script *, void *) func=0x00007ffdd8b5ece0, void(*)(_zval_struct *) dtor=0x00007ffdc6034760) Zeile 850	C
 	php_opcache.dll!zend_file_cache_unserialize(_zend_persistent_script * script=0x0000014560403018, void * buf=0x0000014560403018) Zeile 1241	C
 	php_opcache.dll!zend_file_cache_script_load(_zend_file_handle * file_handle) Zeile 1398	C
 	php_opcache.dll!file_cache_compile_file(_zend_file_handle * file_handle=0x00000035d2dff440, int type=8) Zeile 1565	C
 	php_opcache.dll!persistent_compile_file(_zend_file_handle * file_handle=0x00000035d2dff440, int type=8) Zeile 1625	C
 	php7ts.dll!zend_execute_scripts(int type=8, _zval_struct * retval=0x0000000000000000, int file_count=3, ...) Zeile 1422	C
 	php7ts.dll!php_execute_script(_zend_file_handle * primary_file=0x00000035d2dff440) Zeile 2484	C
 	php.exe!do_cli(int argc=2, char * * argv=0x000001455ea9f6c0) Zeile 975	C
 	php.exe!main(int argc=2, char * * argv=0x000001455ea9f6c0) Zeile 1345	C
 	[Externer Code]

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-01-23 14:53 UTC] wegvonhier+phpbugs at gmail dot com

-Operating System: Windows 10 x64 +Operating System: Linux/Windows (x64)

[2016-01-23 14:53 UTC] wegvonhier+phpbugs at gmail dot com

Compiled master(1091cec28) on a Mint 17.3 vm and reproduced the issue:

Program received signal SIGSEGV, Segmentation fault.
zend_file_cache_unserialize_class_constant (zv=0x8605f6803041, 
    script=0x7ffff6803040, buf=0x7ffff6803040)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:1084
1084		if (!IS_UNSERIALIZED(Z_PTR_P(zv))) {
(gdb) bt
#0  zend_file_cache_unserialize_class_constant (zv=0x8605f6803041, 
    script=0x7ffff6803040, buf=0x7ffff6803040)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:1084
#1  0x00007ffff617764d in zend_file_cache_unserialize_class_constant (
    zv=<optimized out>, script=0x7ffff6803040, buf=0x7ffff6803040)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:1090
#2  0x00007ffff617764d in zend_file_cache_unserialize_class_constant (
    zv=<optimized out>, script=0x7ffff6803040, buf=0x7ffff6803040)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:1090
#3  0x00007ffff617764d in zend_file_cache_unserialize_class_constant (
    zv=<optimized out>, script=0x7ffff6803040, buf=0x7ffff6803040)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:1090
#4  0x00007ffff617781c in zend_file_cache_unserialize_hash (ht=0x8605f6803041, 
    script=0x7ffff6803040, buf=0x7ffff6803040, 
    func=0x7ffff61775f0 <zend_file_cache_unserialize_class_constant>, dtor=0x0)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:850
#5  0x00007ffff6177ce3 in zend_file_cache_unserialize_class (
    zv=<optimized out>, script=0x7ffff6803040, buf=0x7ffff6803040)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:1134
#6  0x00007ffff617781c in zend_file_cache_unserialize_hash (ht=0x8605f6803041, 
    script=0x7ffff6803040, buf=0x7ffff6803040, 
    func=0x7ffff6177be0 <zend_file_cache_unserialize_class>, dtor=0x0)
    at /home/vm/php-src/ext/opcache/zend_file_cache.c:850

[2016-01-24 07:15 UTC] laruence@php.net

-Assigned To: +Assigned To: laruence

[2016-01-24 11:57 UTC] laruence@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d74cc3afcf4a3df3eb123546d471b2a58bbfc4d2
Log: Fixed Bug #71435 (Reproducible crash using opcache.file_cache_only=1 and class constant)

[2016-01-24 11:57 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2016-04-18 09:29 UTC] bwoebi@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d74cc3afcf4a3df3eb123546d471b2a58bbfc4d2
Log: Fixed Bug #71435 (Reproducible crash using opcache.file_cache_only=1 and class constant)

[2016-07-20 11:33 UTC] davey@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d74cc3afcf4a3df3eb123546d471b2a58bbfc4d2
Log: Fixed Bug #71435 (Reproducible crash using opcache.file_cache_only=1 and class constant)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC