|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2020-05-10 00:48 UTC] mberchtold at gmail dot com
Description: ------------ I was testing the JIT with the master branch: https://windows.php.net/downloads/snaps/master/rb452d59/php-master-nts-windows-vs16-x64-avx-rb452d59.zip and I have encountered the following crash on Windows 10 64-bit, when accessing several pages which are part of a bigger Zend Framework / Laminas project. Crash ===== > php8.dll!execute_ex(_zend_execute_data * ex) Line 51853 C if (UNEXPECTED((ret = ((opcode_handler_t)OPLINE->handler)(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU)) != 0)) { Stack Trace ============ ntdll.dll!LdrpICallHandler () Unknown ntdll.dll!RtlpExecuteHandlerForException () Unknown ntdll.dll!RtlDispatchException() Unknown ntdll.dll!KiUserExceptionDispatch () Unknown ntdll.dll!LdrpDispatchUserCallTarget () Unknown > php8.dll!execute_ex(_zend_execute_data * ex) Line 51853 C php8.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 803 C php8.dll!zif_spl_autoload_call(_zend_execute_data * execute_data, _zval_struct * return_value) Line 459 C php8.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 821 C php8.dll!zend_lookup_class_ex(_zend_string * name, _zend_string * key, unsigned int flags) Line 956 C php8.dll!zend_fetch_class_by_name(_zend_string * class_name, _zend_string * key, int fetch_type) Line 1387 C php8.dll!ZEND_NEW_SPEC_CONST_UNUSED_HANDLER(_zend_execute_data * execute_data) Line 8842 C php8.dll!execute_ex(_zend_execute_data * ex) Line 51853 C php8.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 56148 C php8.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1654 C php8.dll!php_execute_script(_zend_file_handle * primary_file) Line 2585 C php-cgi.exe!main(int argc, char * * argv) Line 2592 C [Inline Frame] php-cgi.exe!invoke_main() Line 78 C++ php-cgi.exe!__scrt_common_main_seh() Line 288 C++ kernel32.dll!BaseThreadInitThunk () Unknown ntdll.dll!RtlUserThreadStart () Unknown Stack Trace Data ================ php8.dll!zend_lookup_class_ex(_zend_string * name, _zend_string * key, unsigned int flags) Line 956 C - class_name 0x0000100000279be8 {gc={refcount=1 u={type_info=326 } } h=14462732933763410593 len=26 ...} _zend_string * + gc {refcount=1 u={type_info=326 } } _zend_refcounted_h h 14462732933763410593 unsigned __int64 len 26 unsigned __int64 + val 0x0000100000279c00 "Laminas\\Http\\Header\\Cookie" char[1] --- > php8.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 821 C _gc Variable is optimized away and not available. _gc Variable is optimized away and not available. _ref Variable is optimized away and not available. _t Variable is optimized away and not available. _t Variable is optimized away and not available. + arg 0x0000007991dfba10 {value={lval=17592188640232 dval=8.691696042297e-311#DEN counted=0x0000100000279be8 {...} ...} ...} _zval_struct * arg_name Variable is optimized away and not available. call_info Variable is optimized away and not available. callable_name Variable is optimized away and not available. current_opline_before_exception Variable is optimized away and not available. + dummy_execute_data {opline=0x0000000000000000 <NULL> call=0x0000000000000000 <NULL> return_value=0x0000000000000000 <NULL> ...} _zend_execute_data + error 0x00001000002e4910 "\x1" char * - fci 0x0000007991dfba30 {size=56 function_name={value={lval=17592188163552 dval=8.691695806786e-311#DEN counted=...} ...} ...} _zend_fcall_info * size 56 unsigned __int64 - function_name {value={lval=17592188163552 dval=8.691695806786e-311#DEN counted=0x00001000002055e0 {gc={refcount=1 ...} } ...} ...} _zval_struct - value {lval=17592188163552 dval=8.691695806786e-311#DEN counted=0x00001000002055e0 {gc={refcount=1 u={type_info=...} } } ...} _zend_value lval 17592188163552 __int64 dval 8.691695806786e-311#DEN double + counted 0x00001000002055e0 {gc={refcount=1 u={type_info=326 } } } _zend_refcounted * + str 0x00001000002055e0 {gc={refcount=1 u={type_info=326 } } h=17083003923120679175 len=17 ...} _zend_string * + arr 0x00001000002055e0 {gc={refcount=1 u={type_info=326 } } u={v={flags=7 '\a' _unused=105 'i' nIteratorsCount=...} ...} ...} _zend_array * + obj 0x00001000002055e0 {gc={refcount=1 u={type_info=326 } } handle=4130760967 ce=0x0000000000000011 {type=...} ...} _zend_object * + res 0x00001000002055e0 {gc={refcount=1 u={type_info=326 } } handle=-164206329 type=-317520498 ...} _zend_resource * + ref 0x00001000002055e0 {gc={refcount=1 u={type_info=326 } } val={value={lval=-1363740150588872441 dval=-2.6229288138858408e+217 ...} ...} ...} _zend_reference * + ast 0x00001000002055e0 {gc={refcount=1 u={type_info=326 } } } _zend_ast_ref * + zv 0x00001000002055e0 {value={lval=1400159338497 dval=6.917706278552e-312#DEN counted=0x0000014600000001 {...} ...} ...} _zval_struct * ptr 0x00001000002055e0 void * + ce 0x00001000002055e0 {type=1 '\x1' name=0xed13058ef6366907 {gc={refcount=??? u={type_info=??? } } h=??? ...} ...} _zend_class_entry * + func 0x00001000002055e0 {type=1 '\x1' quick_arg_flags=1 common={type=1 '\x1' arg_flags=0x00001000002055e1 "" ...} ...} _zend_function * + ww {w1=2119136 w2=4096 } <unnamed-tag> + u1 {type_info=6 v={type=6 '\x6' type_flags=0 '\0' u={extra=0 } } } <unnamed-tag> + u2 {next=0 cache_slot=0 opline_num=0 ...} <unnamed-tag> + retval 0x0000007991dfba20 {value={lval=1749258559168 dval=8.642485597787e-312#DEN counted=0x0000019747ef5ec0 {...} ...} ...} _zval_struct * + params 0x0000007991dfba10 {value={lval=17592188640232 dval=8.691696042297e-311#DEN counted=0x0000100000279be8 {...} ...} ...} _zval_struct * + object 0x0000000000000000 <NULL> _zend_object * no_separation 1 '\x1' unsigned char param_count 1 unsigned int + fci_cache 0x0000007991dfba78 {function_handler=0x000001974776cca0 {type=1 '\x1' quick_arg_flags=1 common={type=...} ...} ...} _zend_fcall_info_cache * + fci_cache_local {function_handler=0x0000000000000000 <NULL> calling_scope=0x0000000000000000 <NULL> called_scope=0x0000000000000000 <NULL> ...} _zend_fcall_info_cache + func 0x000001974776cca0 {type=1 '\x1' quick_arg_flags=1 common={type=1 '\x1' arg_flags=0x000001974776cca1 "" ...} ...} _zend_function * i Variable is optimized away and not available. object_or_called_scope 0x0000007991dfba10 void * param Variable is optimized away and not available. --- > php8.dll!zif_spl_autoload_call(_zend_execute_data * execute_data, _zval_struct * return_value) Line 459 C + alfi 0x0000019747e55090 {func_ptr=0x0000019747e602b8 {type=2 '\x2' quick_arg_flags=2 common={type=2 '\x2' ...} ...} ...} autoload_func_info * - called_scope 0x0000019747ef5ec0 {type=2 '\x2' name=0x000010000027bff8 {gc={refcount=1 u={type_info=326 } } h=15244783603747682148 ...} ...} _zend_class_entry * type 2 '\x2' char - name 0x000010000027bff8 {gc={refcount=1 u={type_info=326 } } h=15244783603747682148 len=35 ...} _zend_string * + gc {refcount=1 u={type_info=326 } } _zend_refcounted_h h 15244783603747682148 unsigned __int64 len 35 unsigned __int64 + val 0x000010000027c010 "Laminas\\Http\\PhpEnvironment\\Request" char[1] + parent 0x0000019747ef7240 {type=2 '\x2' name=0x000010000027c190 {gc={refcount=1 u={type_info=326 } } h=11020879139278794347 ...} ...} _zend_class_entry * + parent_name 0x0000019747ef7240 {gc={refcount=2 u={type_info=1 } } h=17592188649872 len=1749258572480 ...} _zend_string * refcount 2 int ce_flags 1708552 unsigned int default_properties_count 15 int default_static_members_count 0 int + default_properties_table 0x0000019747e71a00 {value={lval=17592196681456 dval=8.691700015190e-311#DEN counted=0x0000100000a24ef0 {...} ...} ...} _zval_struct * + default_static_members_table 0x0000000000000000 <NULL> _zval_struct * + static_members_table__ptr 0x0000019747ef5ef0 {0x0000000000000000 <NULL>} _zval_struct * * + function_table {gc={refcount=1 u={type_info=23 } } u={v={flags=16 '\x10' _unused=0 '\0' nIteratorsCount=0 '\0' ...} ...} ...} _zend_array + properties_info {gc={refcount=1 u={type_info=23 } } u={v={flags=16 '\x10' _unused=0 '\0' nIteratorsCount=0 '\0' ...} ...} ...} _zend_array + constants_table {gc={refcount=1 u={type_info=23 } } u={v={flags=16 '\x10' _unused=0 '\0' nIteratorsCount=0 '\0' ...} ...} ...} _zend_array + properties_info_table 0x0000019747efa3e0 {0x0000019747efa090 {offset=40 flags=2 name=0x00001000002e8368 {gc={refcount=1 u=...} ...} ...}} _zend_property_info * * + constructor 0x0000019747ef6088 {type=2 '\x2' quick_arg_flags=2 common={type=2 '\x2' arg_flags=0x0000019747ef6089 "" ...} ...} _zend_function * + destructor 0x0000000000000000 <NULL> _zend_function * + clone 0x0000000000000000 <NULL> _zend_function * + __get 0x0000000000000000 <NULL> _zend_function * + __set 0x0000000000000000 <NULL> _zend_function * + __unset 0x0000000000000000 <NULL> _zend_function * + __isset 0x0000000000000000 <NULL> _zend_function * + __call 0x0000000000000000 <NULL> _zend_function * + __callstatic 0x0000000000000000 <NULL> _zend_function * + __tostring 0x0000019747ef9828 {type=2 '\x2' quick_arg_flags=2 common={type=2 '\x2' arg_flags=0x0000019747ef9829 "" ...} ...} _zend_function * + __debugInfo 0x0000000000000000 <NULL> _zend_function * + serialize_func 0x0000000000000000 <NULL> _zend_function * + unserialize_func 0x0000000000000000 <NULL> _zend_function * + iterator_funcs_ptr 0x0000000000000000 <NULL> _zend_class_iterator_funcs * create_object 0x0000000000000000 _zend_object *(*)(_zend_class_entry *) interface_gets_implemented 0x0000000000000000 int(*)(_zend_class_entry *, _zend_class_entry *) get_iterator 0x0000000000000000 _zend_object_iterator *(*)(_zend_class_entry *, _zval_struct *, int) get_static_method 0x0000000000000000 _zend_function *(*)(_zend_class_entry *, _zend_string *) serialize 0x0000000000000000 int(*)(_zval_struct *, unsigned char * *, unsigned __int64 *, _zend_serialize_data *) unserialize 0x0000000000000000 int(*)(_zval_struct *, _zend_class_entry *, const unsigned char *, unsigned __int64, _zend_unserialize_data *) num_interfaces 3 unsigned int num_traits 0 unsigned int + interfaces 0x0000019747e680c0 {0x0000019747efa180 {type=2 '\x2' name=0x000010000029a0c8 {gc={refcount=1 u={type_info=...} } ...} ...}} _zend_class_entry * * + interface_names 0x0000019747e680c0 {name=0x0000019747efa180 {gc={refcount=2 u={type_info=0 } } h=17592188772552 len=...} ...} _zend_class_name * + trait_names 0x0000000000000000 <NULL> _zend_class_name * + trait_aliases 0x0000000000000000 {???} _zend_trait_alias * * + trait_precedences 0x0000000000000000 {???} _zend_trait_precedence * * + info {user={filename=0x0000100000a0b430 {gc={refcount=4 u={type_info=326 } } h=14748078813210313553 len=93 ...} ...} ...} <unnamed-tag> + class_name 0x0000100000279be8 {gc={refcount=1 u={type_info=326 } } h=14462732933763410593 len=26 ...} _zend_string * execute_data Variable is optimized away and not available. fcall_cache Variable is optimized away and not available. fcall_info Variable is optimized away and not available. + fci {size=56 function_name={value={lval=1748051689473 dval=8.636522869234e-312#DEN counted=0x0000019700000001 {...} ...} ...} ...} _zend_fcall_info + fcic {function_handler=0x0000019747e602b8 {type=2 '\x2' quick_arg_flags=2 common={type=2 '\x2' arg_flags=...} ...} ...} _zend_fcall_info_cache + func 0x000001974776cca0 {type=1 '\x1' quick_arg_flags=1 common={type=1 '\x1' arg_flags=0x000001974776cca1 "" ...} ...} _zend_function * + func_name 0x0000019747e550c0 {gc={refcount=1 u={type_info=6 } } h=16799306114172298978 len=21 ...} _zend_string * l_autoload_running 0 int + lc_name 0x0000019747ea2070 {gc={refcount=1 u={type_info=6 } } h=0 len=26 ...} _zend_string * num_idx 1749257631808 unsigned __int64 + params 0x0000007991dfb840 {{value={lval=17592188640232 dval=8.691696042297e-311#DEN counted=0x0000100000279be8 {...} ...} ...}} _zval_struct[1] pos 0 unsigned int return_value Variable is optimized away and not available. + retval {value={lval=0 dval=0.0000000000000000 counted=0x0000000000000000 <NULL> ...} u1={type_info=0 v={type=...} } ...} _zval_struct --- > php8.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 803 C _gc Variable is optimized away and not available. _gc Variable is optimized away and not available. _ref Variable is optimized away and not available. _t Variable is optimized away and not available. _t Variable is optimized away and not available. arg Variable is optimized away and not available. arg_name Variable is optimized away and not available. call_info Variable is optimized away and not available. callable_name Variable is optimized away and not available. + current_opline_before_exception 0x0000000000000000 <NULL> const _zend_op * + dummy_execute_data {opline=0x0000000000000000 <NULL> call=0x00007fff6f73db23 {php8.dll!zend_hash_find(const _zend_array * ht, _zend_string * key), Line 2242} {...} ...} _zend_execute_data + error 0x0000019747ef5ec0 "\x2" char * - fci 0x0000007991dfb870 {size=56 function_name={value={lval=1748051689473 dval=8.636522869234e-312#DEN counted=...} ...} ...} _zend_fcall_info * size 56 unsigned __int64 - function_name {value={lval=1748051689473 dval=8.636522869234e-312#DEN counted=0x0000019700000001 {gc={refcount=??? ...} } ...} ...} _zval_struct + value {lval=1748051689473 dval=8.636522869234e-312#DEN counted=0x0000019700000001 {gc={refcount=??? u={type_info=...} } } ...} _zend_value + u1 {type_info=0 v={type=0 '\0' type_flags=0 '\0' u={extra=0 } } } <unnamed-tag> + u2 {next=4096 cache_slot=4096 opline_num=4096 ...} <unnamed-tag> + retval 0x0000007991dfb830 {value={lval=0 dval=0.0000000000000000 counted=0x0000000000000000 <NULL> ...} u1=...} _zval_struct * + params 0x0000007991dfb840 {value={lval=17592188640232 dval=8.691696042297e-311#DEN counted=0x0000100000279be8 {...} ...} ...} _zval_struct * + object 0x0000000000000000 <NULL> _zend_object * no_separation 1 '\x1' unsigned char param_count 1 unsigned int - fci_cache 0x0000007991dfb850 {function_handler=0x0000019747e602b8 {type=2 '\x2' quick_arg_flags=2 common={type=...} ...} ...} _zend_fcall_info_cache * + function_handler 0x0000019747e602b8 {type=2 '\x2' quick_arg_flags=2 common={type=2 '\x2' arg_flags=0x0000019747e602b9 "" ...} ...} _zend_function * + calling_scope 0x0000019747efa540 {type=2 '\x2' name=0x0000100000299d18 {gc={refcount=1 u={type_info=326 } } h=15662680480698152664 ...} ...} _zend_class_entry * + called_scope 0x00001000008dd7e0 {type=2 '\x2' name=0x00001000002a5070 {gc={refcount=1 u={type_info=326 } } h=11114107239271776542 ...} ...} _zend_class_entry * + object 0x0000000000000000 <NULL> _zend_object * + fci_cache_local {function_handler=0x0000000000000000 <NULL> calling_scope=0x0000000000000000 <NULL> called_scope=0x0000007991dfb780 {...} ...} _zend_fcall_info_cache - func 0x0000019747e602b8 {type=2 '\x2' quick_arg_flags=2 common={type=2 '\x2' arg_flags=0x0000019747e602b9 "" ...} ...} _zend_function * type 2 '\x2' unsigned char quick_arg_flags 2 unsigned int - common {type=2 '\x2' arg_flags=0x0000019747e602b9 "" fn_flags=38797329 ...} <unnamed-tag> type 2 '\x2' unsigned char + arg_flags 0x0000019747e602b9 "" unsigned char[3] fn_flags 38797329 unsigned int + function_name 0x00001000002a8268 {gc={refcount=1 u={type_info=326 } } h=14311678039154087395 len=37 ...} _zend_string * + scope 0x00001000008dd7e0 {type=2 '\x2' name=0x00001000002a5070 {gc={refcount=1 u={type_info=326 } } h=11114107239271776542 ...} ...} _zend_class_entry * + prototype 0x0000000000000000 <NULL> _zend_function * num_args 1 unsigned int required_num_args 1 unsigned int + arg_info 0x00001000008df608 {name=0x0000100000202390 {gc={refcount=1 u={type_info=326 } } h=9223372247563722459 ...} ...} _zend_arg_info * - op_array {type=2 '\x2' arg_flags=0x0000019747e602b9 "" fn_flags=38797329 ...} _zend_op_array type 2 '\x2' unsigned char + arg_flags 0x0000019747e602b9 "" unsigned char[3] fn_flags 38797329 unsigned int + function_name 0x00001000002a8268 {gc={refcount=1 u={type_info=326 } } h=14311678039154087395 len=37 ...} _zend_string * + scope 0x00001000008dd7e0 {type=2 '\x2' name=0x00001000002a5070 {gc={refcount=1 u={type_info=326 } } h=11114107239271776542 ...} ...} _zend_class_entry * + prototype 0x0000000000000000 <NULL> _zend_function * num_args 1 unsigned int required_num_args 1 unsigned int + arg_info 0x00001000008df608 {name=0x0000100000202390 {gc={refcount=1 u={type_info=326 } } h=9223372247563722459 ...} ...} _zend_arg_info * cache_size 48 int last_var 8 int T 3 unsigned int last 50 unsigned int + opcodes 0x00001000008defc8 {handler=0x00007fff6f6e8cf0 {php8.dll!ZEND_RECV_NOTYPE_SPEC_HANDLER(_zend_execute_data *)} ...} _zend_op * + run_time_cache__ptr 0x0000019747e022d8 {0x0000019747e022e0 {0x000001974777e6b0}} void * * * + static_variables_ptr__ptr 0x0000019747e60310 {0x0000019747e022a0 {gc={refcount=1 u={type_info=23 } } u={v={flags=16 '\x10' _unused=...} ...} ...}} _zend_array * * + static_variables 0x0000019747e022a0 {gc={refcount=1 u={type_info=23 } } u={v={flags=16 '\x10' _unused=0 '\0' nIteratorsCount=...} ...} ...} _zend_array * + vars 0x00001000008df6b0 {0x0000100000202390 {gc={refcount=1 u={type_info=326 } } h=9223372247563722459 len=...}} _zend_string * * + refcount 0x0000000000000000 {???} unsigned int * last_live_range 1 int last_try_catch 0 int + live_range 0x00001000008df628 {var=224 start=35 end=44 } _zend_live_range * + try_catch_array 0x0000000000000000 <NULL> _zend_try_catch_element * + filename 0x00001000008dd6f0 {gc={refcount=4 u={type_info=326 } } h=10028877981978051896 len=97 ...} _zend_string * line_start 89 unsigned int line_end 117 unsigned int + doc_comment 0x00001000008df638 {gc={refcount=1 u={type_info=326 } } h=14463541201258958618 len=95 ...} _zend_string * last_literal 12 int + literals 0x00001000008dee30 {value={lval=3 dval=1.482196937524e-323#DEN counted=0x0000000000000003 {gc={refcount=...} } ...} ...} _zval_struct * + reserved 0x0000019747e60368 {0x00001000008e04c8, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, ...} void *[6] + internal_function {type=2 '\x2' arg_flags=0x0000019747e602b9 "" fn_flags=38797329 ...} _zend_internal_function i Variable is optimized away and not available. object_or_called_scope Variable is optimized away and not available. param Variable is optimized away and not available. --- > php8.dll!execute_ex(_zend_execute_data * ex) Line 51853 C ex Variable is optimized away and not available. - execute_data 0x0000019747e13a70 {opline=0x0000100000c68cb0 {handler=0x0000000000000000 op1={constant=4294967248 var=...} ...} ...} _zend_execute_data * + opline 0x0000100000c68cb0 {handler=0x0000000000000000 op1={constant=4294967248 var=4294967248 num=4294967248 ...} ...} const _zend_op * + call 0x0000000000000000 <NULL> _zend_execute_data * + return_value 0x0000000000000000 <NULL> _zval_struct * - func 0x0000019747e660e0 {type=2 '\x2' quick_arg_flags=2 common={type=2 '\x2' arg_flags=0x0000019747e660e1 "" ...} ...} _zend_function * type 2 '\x2' unsigned char quick_arg_flags 2 unsigned int + common {type=2 '\x2' arg_flags=0x0000019747e660e1 "" fn_flags=37748736 ...} <unnamed-tag> + op_array {type=2 '\x2' arg_flags=0x0000019747e660e1 "" fn_flags=37748736 ...} _zend_op_array - internal_function {type=2 '\x2' arg_flags=0x0000019747e660e1 "" fn_flags=37748736 ...} _zend_internal_function type 2 '\x2' unsigned char + arg_flags 0x0000019747e660e1 "" unsigned char[3] fn_flags 37748736 unsigned int + function_name 0x0000000000000000 <NULL> _zend_string * + scope 0x0000000000000000 <NULL> _zend_class_entry * + prototype 0x0000000000000000 <NULL> _zend_function * num_args 0 unsigned int required_num_args 0 unsigned int + arg_info 0x0000000000000000 <NULL> _zend_internal_arg_info * handler <Unable to read memory> + module 0x0000000200000000 {size=??? zend_api=??? zend_debug=??? ...} _zend_module_entry * + reserved 0x0000019747e66120 {0x0000100000c68cb0, 0x0000019747e010d8, 0x0000019747e66138, 0x0000000000000000, ...} void *[6] - This {value={lval=0 dval=0.0000000000000000 counted=0x0000000000000000 <NULL> ...} u1={type_info=1114112 ...} ...} _zval_struct + value {lval=0 dval=0.0000000000000000 counted=0x0000000000000000 <NULL> ...} _zend_value + u1 {type_info=1114112 v={type=0 '\0' type_flags=0 '\0' u={extra=17 } } } <unnamed-tag> + u2 {next=0 cache_slot=0 opline_num=0 ...} <unnamed-tag> + prev_execute_data 0x0000019747e13a10 {opline=0x00001000008c8780 {handler=0x000010000802bb78 op1={constant=80 var=80 num=...} ...} ...} _zend_execute_data * - symbol_table 0x0000019747e021f8 {gc={refcount=1 u={type_info=23 } } u={v={flags=16 '\x10' _unused=0 '\0' nIteratorsCount=...} ...} ...} _zend_array * + gc {refcount=1 u={type_info=23 } } _zend_refcounted_h + u {v={flags=16 '\x10' _unused=0 '\0' nIteratorsCount=0 '\0' ...} flags=16 } <unnamed-tag> nTableMask 4294967264 unsigned int + arData 0x0000019747e6de80 {val={value={lval=1749257632352 dval=8.642481018707e-312#DEN counted=0x0000019747e13a60 {...} ...} ...} ...} _Bucket * nNumUsed 1 unsigned int nNumOfElements 1 unsigned int nTableSize 16 unsigned int nInternalPointer 0 unsigned int nNextFreeElement -9223372036854775808 __int64 pDestructor 0x00007fff6f7783b0 {php8.dll!zval_ptr_dtor(_zval_struct *)} void(*)(_zval_struct *) - run_time_cache 0x0000019747e010e0 {0x00001000009dd320} void * * 0x00001000009dd320 void * ret Error reading register value. Test script: --------------- I don't have a minimal reproducible script for this crash. It is part of a big Laminas web application, but I hope the data from the stack trace helps in any way. Expected result: ---------------- No crash Actual result: -------------- Unhandled exception at 0x00007FFF8B0AFB5F (ntdll.dll) in php-cgi.exe.6248.dmp: RangeChecks instrumentation code detected an out of range array access. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 31 11:00:01 2025 UTC |
The crash happens in the call to spl_autoload_call, when one of the registered __autoload functions is called. The fci for this function looks invalid: - fci {size=56 function_name={value={lval=1748051689473 dval=8.636522869234e-312#DEN counted=0x0000019700000001 {...} ...} ...} ...} _zend_fcall_info size 56 unsigned __int64 - function_name {value={lval=1748051689473 dval=8.636522869234e-312#DEN counted=0x0000019700000001 {gc={refcount=??? ...} } ...} ...} _zval_struct - value {lval=1748051689473 dval=8.636522869234e-312#DEN counted=0x0000019700000001 {gc={refcount=??? u={type_info=...} } } ...} _zend_value lval 1748051689473 __int64 dval 8.636522869234e-312#DEN double - counted 0x0000019700000001 {gc={refcount=??? u={type_info=??? } } } _zend_refcounted * + gc {refcount=??? u={type_info=??? } } _zend_refcounted_h + str 0x0000019700000001 {gc={refcount=??? u={type_info=??? } } h=??? len=??? ...} _zend_string * + arr 0x0000019700000001 {gc={refcount=??? u={type_info=??? } } u={v={flags=??? _unused=??? nIteratorsCount=...} ...} ...} _zend_array * + obj 0x0000019700000001 {gc={refcount=??? u={type_info=??? } } handle=??? ce=??? ...} _zend_object * + res 0x0000019700000001 {gc={refcount=??? u={type_info=??? } } handle=??? type=??? ...} _zend_resource * + ref 0x0000019700000001 {gc={refcount=??? u={type_info=??? } } val={value={lval=??? dval=??? counted=??? ...} ...} ...} _zend_reference * + ast 0x0000019700000001 {gc={refcount=??? u={type_info=??? } } } _zend_ast_ref * + zv 0x0000019700000001 {value={lval=??? dval=??? counted=??? ...} u1={type_info=??? v={type=??? type_flags=...} } ...} _zval_struct * ptr 0x0000019700000001 void * + ce 0x0000019700000001 {type=??? name=??? parent=??? ...} _zend_class_entry * + func 0x0000019700000001 {type=??? quick_arg_flags=??? common={type=??? arg_flags=0x0000019700000002 <Error reading characters of string.> ...} ...} _zend_function * + ww {w1=1 w2=407 } <unnamed-tag> + u1 {type_info=0 v={type=0 '\0' type_flags=0 '\0' u={extra=0 } } } <unnamed-tag> + u2 {next=4096 cache_slot=4096 opline_num=4096 ...} <unnamed-tag> It looks like a data corruption of the SPL_G(autoload_functions) global.