PHP :: Bug #79088 :: Segmentation fault when instatiating a class

Bug #79088	Segmentation fault when instatiating a class
Submitted:	2020-01-09 12:43 UTC	Modified:	2020-01-09 12:46 UTC
From:	jakub at tuenti dot com	Assigned:
Status:	Duplicate	Package:	opcache
PHP Version:	7.4.1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jakub at tuenti dot com
New email:
PHP Version:		OS:

New Comment:

[2020-01-09 12:43 UTC] jakub at tuenti dot com

Description:
------------
When executing the attached script with opcache enabled, I get segmentation faults. It can be reproduced by running it with the php docker images:

$ docker run -v $PWD/test.php:/test.php -ti php:7.4.1 sh -c "php -dzend_extension=opcache -dopcache.enable_cli=1 /test.php; php -dzend_extension=opcache -dopcache.enable_cli=1 /test.php"
Segmentation fault (core dumped)
Segmentation fault (core dumped)

The script runs fine on 7.3.13, but segfaults on all the 7.4 tags I tested (7.4.0alpha1, 7.4.0 and 7.4.1).

The backtrace I attach is from a custom php image (based on debian buster and using the packages from deb.sury.org).

Test script:
---------------
<?php

class A {
    const B = 'c';
}

class D
{
    public function __construct()
    {
    }
}

class E extends D
{
    static $A = A::B;
}

new E();


Actual result:
--------------
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1  0x000055d097fe28f5 in xbuf_format_converter (xbuf=0x7ffc2a75f2a0, is_char=1 '\001', fmt=0x55d098128a4c "s::%s() from invalid context", ap=0x7ffc2a75f2f0) at ./main/spprintf.c:596
#2  0x000055d09803f005 in zend_vspprintf (pbuf=0x7ffc2a75f2e8, max_len=0, format=<optimized out>, ap=<optimized out>) at ./Zend/zend.c:190
#3  0x000055d097e8ec81 in zend_throw_error (exception_ce=0x55d0999a1d40, format=0x55d098128a40 "Call to %s %s::%s() from invalid context") at ./Zend/zend.c:1535
#4  0x000055d097e97a29 in zend_std_get_constructor (zobj=<optimized out>) at ./Zend/zend_object_handlers.c:1588
#5  0x000055d0980a40a6 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:9226
#6  0x000055d0980bed0a in execute_ex (ex=0x18) at ./Zend/zend_vm_execute.h:54334
#7  0x000055d0980c6271 in zend_execute (op_array=0x7f89566702a0, return_value=<optimized out>) at ./Zend/zend_vm_execute.h:57664
#8  0x000055d0980402c3 in zend_execute_scripts (type=type@entry=8, retval=0x7f8956614020, retval@entry=0x0, file_count=file_count@entry=3) at ./Zend/zend.c:1663
#9  0x000055d097fdfd50 in php_execute_script (primary_file=<optimized out>) at ./main/main.c:2619
#10 0x000055d0980c8316 in do_cli (argc=5, argv=0x55d099944360) at ./sapi/cli/php_cli.c:961
#11 0x000055d097ea77cf in main (argc=5, argv=0x55d099944360) at ./sapi/cli/php_cli.c:1352

(gdb) dump_bt executor_globals.current_execute_data
[0x7f8956614020] (main) /source/test.php:19

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-01-09 12:46 UTC] nikic@php.net

-Status: Open +Status: Duplicate

[2020-01-09 12:46 UTC] nikic@php.net

This is the same issue as bug #78986, which will be fixed in the upcoming PHP 7.4.2 version.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Nov 03 16:00:02 2025 UTC