PHP :: Bug #59242 :: ZEND_DO_FCALL/ZEND_DO_FCALL_BY

Bug #59242

ZEND_DO_FCALL/ZEND_DO_FCALL_BY_NAME

Submitted:

2010-05-30 00:45 UTC

Modified:

2017-10-24 23:38 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

mat999 at gmail dot com

Assigned:

Status:

Suspended

Package:

optimizer (PECL)

PHP Version:

5.3.2

OS:

Debian Lenny / Linux

Private report:

CVE-ID:

None

View Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 13 + 32 = ?
Subscribe to this entry?

[2010-05-30 00:45 UTC] mat999 at gmail dot com

Description:
------------
All function calls fail. Other scripts run fine.

Reproduce code:
---------------
<?
phpinfo();
?>

Expected result:
----------------
PHP INFO

Actual result:
--------------
Segmentation Fault.

==38934== Process terminating with default action of signal 11 (SIGSEGV)
==38934==  Access not within mapped region at address 0x4D705C9610
==38934==    at 0xB56E31C: optimize_op_array (optimize.c:3828)
==38934==    by 0xB56F915: optimizer_compile_file (optimize.c:4757)
==38934==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==38934==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==38934==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==38934==    by 0x7D991A: main (in /usr/bin/php5)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-05-30 01:30 UTC] mat999 at gmail dot com

And here is another one.

==50370== Invalid read of size 1
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==50370==  Address 0xa65b2444c is not stack'd, malloc'd or (recently) free'd
==50370==
==50370== Process terminating with default action of signal 11 (SIGSEGV)
==50370==  Access not within mapped region at address 0xA65B2444C
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)

[2010-05-30 02:37 UTC] mat999 at gmail dot com

another fault, 

<?=dirname(__FILE__);?>


==58293== Invalid read of size 8
==58293==    at 0xB568C14: optimize_to_string_ex (optimize.c:1981)
==58293==    by 0xB5714CE: optimize_fcall_fcr (optimize_fcr.c:1435)
==58293==    by 0xB574D71: optimize_fcall (optimize_fcr.c:1026)
==58293==    by 0xB569F12: optimize_code_block (optimize.c:2478)
==58293==    by 0xB56EBFD: optimize_op_array (optimize.c:4392)
==58293==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==58293==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==58293==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==58293==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==58293==    by 0x7D991A: main (in /usr/bin/php5)
==58293==  Address 0x40 is not stack'd, malloc'd or (recently) free'd
==58293==
==58293== Process terminating with default action of signal 11 (SIGSEGV)
==58293==  Access not within mapped region at address 0x40
==58293==    at 0xB568C14: optimize_to_string_ex (optimize.c:1981)
==58293==    by 0xB5714CE: optimize_fcall_fcr (optimize_fcr.c:1435)
==58293==    by 0xB574D71: optimize_fcall (optimize_fcr.c:1026)
==58293==    by 0xB569F12: optimize_code_block (optimize.c:2478)
==58293==    by 0xB56EBFD: optimize_op_array (optimize.c:4392)
==58293==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==58293==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==58293==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==58293==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==58293==    by 0x7D991A: main (in /usr/bin/php5)

[2010-05-30 04:00 UTC] mat999 at gmail dot com

Last bug fixed, dont know if its the correct patch but it fixes the problem.

new definition of the OPTIMIZE_TO_FOOTER struct

flags!=NULL check can be removed, that was just a debug check

======

#define OPTIMIZE_TO_FOOTER                               \
	if (flags!=NULL && flags & OPTIMIZE_TO_DEL_PREV) {                  \
		SET_TO_NOP_EX(prev);                             \
	}                                                    \
	if (flags!=NULL && flags & OPTIMIZE_TO_DEL_OP) {                    \
		if (op && op->opcode == ZEND_FETCH_DIM_R) {	     \
			if (op) {	                                 \
				zval_dtor(&__OP2_VAL(op));      	     \
				SET_TO_NOP(op);	                         \
			}	                                         \
		} else {	                                     \
			if (op) {	                                 \
				zval_dtor(&__OP1_VAL(op));	             \
				SET_TO_NOP(op);	                         \
			}	                                         \
			if(cbl->jmp_2!=NULL){ \
				CB_DEL_PRED(cbl->jmp_2, cbl);       	     \
				cbl->jmp_2 = NULL;	                         \
			}
		}                                                \
	}

[2010-05-30 04:03 UTC] mat999 at gmail dot com

Just a reminder, still havent patched this bug.  Still looking for the cause.

==50370== Invalid read of size 1
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==50370==  Address 0xa65b2444c is not stack'd, malloc'd or (recently)
free'd
==50370==
==50370== Process terminating with default action of signal 11
(SIGSEGV)
==50370==  Access not within mapped region at address 0xA65B2444C
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)

[2010-05-30 04:32 UTC] mat999 at gmail dot com

Found a test case for the bug above.

<?
if (version_compare('5.3.2','6.0.0-dev', '>='))
{
        echo '1';
}
?>


==17706== Invalid read of size 1
==17706==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB56EBD2: optimize_op_array (optimize.c:4405)
==17706==    by 0xB56F955: optimizer_compile_file (optimize.c:4780)
==17706==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==17706==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==17706==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==17706==    by 0x7D991A: main (in /usr/bin/php5)
==17706==  Address 0xa65b2b70c is not stack'd, malloc'd or (recently) free'd
==17706==
==17706== Process terminating with default action of signal 11 (SIGSEGV)
==17706==  Access not within mapped region at address 0xA65B2B70C
==17706==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB56EBD2: optimize_op_array (optimize.c:4405)
==17706==    by 0xB56F955: optimizer_compile_file (optimize.c:4780)
==17706==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==17706==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==17706==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==17706==    by 0x7D991A: main (in /usr/bin/php5)

[2017-10-24 23:38 UTC] kalle@php.net

-Status: Open +Status: Suspended

[2017-10-24 23:38 UTC] kalle@php.net

The optimizer pecl extension had not had a release since 2008 and its safe to say that development has ceased in favor of alternatives such as opcache included with PHP as of PHP5.5+, I'm gonna suspend this in case the package does pick back up development, and in that case it should be re-opened

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 13:00:01 2025 UTC