php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78937 Preloading unlinkable anonymous class can segfault
Submitted: 2019-12-09 13:36 UTC Modified: 2019-12-09 16:37 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: cmb@php.net Assigned:
Status: Closed Package: opcache
PHP Version: 7.4Git-2019-12-09 (Git) OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2019-12-09 13:36 UTC] cmb@php.net
Description:
------------
When code is preloaded which uses unlinkable anonymous classes,
PHP can crash.  When running the test script in debug mode with
r42a2fb8, I hit an assertion failure:

php7_debug.dll!ZEND_DECLARE_ANON_CLASS_SPEC_HANDLER(_zend_execute_data * execute_data) Line 2449 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend_vm_execute.h:2449)
php7_debug.dll!execute_ex(_zend_execute_data * ex) Line 53379 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend_vm_execute.h:53379)
php7_debug.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 57665 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend_vm_execute.h:57665)
php7_debug.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1664 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend.c:1664)
php7_debug.dll!php_execute_script(_zend_file_handle * primary_file) Line 2619 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\main\main.c:2619)
php.exe!do_cli(int argc, char * * argv) Line 962 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\sapi\cli\php_cli.c:962)
php.exe!main(int argc, char * * argv) Line 1352 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\sapi\cli\php_cli.c:1352)


Test script:
---------------
preload.inc
<?php
function foo() {
    return new class extends Bar {};
}
?>

test.php
<?php
var_dump(foo()->test());
?>


Expected result:
----------------
object(class@anonymous)#1 (0) {
}


Actual result:
--------------
assertion failure/segfault


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-12-09 16:37 UTC] cmb@php.net
Additional info: the preloader uses opcache_compile_file() to
preload preload.inc, and the error log shows:

PHP Warning:  Can't preload already declared class class@anonymous in …
 [2019-12-10 21:47 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=20ef51db22c46fd45976eb6d0b780c14022c8873
Log: Fixed bug #78937 (Preloading unlinkable anonymous class can segfault)
 [2019-12-10 21:47 UTC] dmitry@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC