php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66474 end of script before headers = error 500
Submitted: 2014-01-12 22:42 UTC Modified: 2014-01-15 22:13 UTC
From: phpdev at ehrhardt dot nl Assigned:
Status: Closed Package: opcache
PHP Version: 5.5.8 OS: Any
Private report: No CVE-ID:
 [2014-01-12 22:42 UTC] phpdev at ehrhardt dot nl
Description:
------------
Enable superfish 7.x-1.9 in any Drupal 7 site and run it with php-cgi.exe from PHP NTS 5.4.24 or PHP 5.5.7+ (x86 or x64) and php_opcache.dll with the recommended settings. You will get an internal server error 500, due to 'End of script output before headers: php-cgi.exe'.

Culprit are the changes in block_pass.c in this patch:
https://github.com/zendtech/ZendOptimizerPlus/commit/b73b6a5559d6ca4925a09ed284a4e93be06726ed

Reverting those changes resolves this issue, but might undo the fix for bug #66176.

Expected result:
----------------
No end of script output before headers

Actual result:
--------------
End of script output before headers

Patches

zo_revert_op1_const_block_pass.patch (last revision 2014-01-12 22:43 UTC) by phpdev at ehrhardt dot nl)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-13 04:42 UTC] phpdev at ehrhardt dot nl
I reproduced the bug on a CentOS 5 server, with PHP 5.4 NTS loaded as mod_fcgid and opcache.so compiled with the currect GIT head sources. So this bug is not Windows specific!

The Superfish 7.x-1.9 can be found here:
https://drupal.org/project/superfish
 [2014-01-13 04:44 UTC] phpdev at ehrhardt dot nl
-Operating System: Windows +Operating System: Any
 [2014-01-13 04:44 UTC] phpdev at ehrhardt dot nl
Changed OS into 'Any'
 [2014-01-13 06:41 UTC] dmitry@php.net
The minimal script that triggers the problem:

<?php
function foo() {
	$speed = 'slow' || 'fast';
}
foo();
?>

It doesn't crash, but valgrind shows the source of the error

==12278== Invalid read of size 1
==12278==    at 0x4C1E335: accel_new_interned_string (zend_hash.h:282)
==12278==    by 0x4C252AD: zend_persist_zval_calc (zend_persist_calc.c:107)
==12278==    by 0x4C258F9: zend_persist_op_array_calc.part.2 (zend_persist_calc.c:148)
==12278==    by 0x4C250D2: zend_hash_persist_calc (zend_persist_calc.c:79)
==12278==    by 0x4C25971: zend_accel_script_persist_calc (zend_persist_calc.c:337)
==12278==    by 0x4C1F78B: compile_and_cache_file.constprop.19 (ZendAccelerator.c:1167)
==12278==    by 0x4C20291: persistent_compile_file (ZendAccelerator.c:1634)
==12278==    by 0x838B57C: zend_execute_scripts (zend.c:1308)
==12278==    by 0x832CAAA: php_execute_script (main.c:2506)
==12278==    by 0x8434E46: do_cli (php_cli.c:994)
==12278==    by 0x806F91C: main (php_cli.c:1378)
==12278==  Address 0x4d04c30 is 0 bytes inside a block of size 5 free'd
==12278==    at 0x4007B21: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==12278==    by 0x8381407: convert_to_boolean (zend_operators.c:543)
==12278==    by 0x4C2B252: zend_optimize_block (block_pass.c:1059)
==12278==    by 0x4C2F5EC: zend_optimizer (block_pass.c:2060)
==12278==    by 0x837F033: zend_llist_apply_with_argument (zend_llist.c:234)
==12278==    by 0x8380307: pass_two (zend_opcode.c:670)
==12278==    by 0x8373FEA: zend_do_end_function_declaration (zend_compile.c:1811)
==12278==    by 0x83550C5: zendparse (zend_language_parser.y:382)
==12278==    by 0x8356149: compile_file (zend_language_scanner.l:588)
==12278==    by 0x82347BC: phar_compile_file (phar.c:3383)
==12278==    by 0x4C1F5A4: compile_and_cache_file.constprop.19 (ZendAccelerator.c:1388)
==12278==    by 0x4C20291: persistent_compile_file (ZendAccelerator.c:1634)
 [2014-01-13 07:22 UTC] phpdev at ehrhardt dot nl
It is quite incomprehensible for me, but I see some code like that in superfish.module and apparently you found out that that code triggers this issue.

Let me know when you have a patch and I will test it.
 [2014-01-13 08:08 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fcd75690fe68c11ff9a327ee2e1ce3646b032431
Log: Fixed bug #66474 (Optimizer bug in constant string to boolean conversion)
 [2014-01-13 08:08 UTC] dmitry@php.net
-Status: Open +Status: Closed
 [2014-01-13 09:46 UTC] phpdev at ehrhardt dot nl
Solved by this patch:
https://github.com/zendtech/ZendOptimizerPlus/archive/master.zip
 [2014-01-13 11:36 UTC] ab@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fcd75690fe68c11ff9a327ee2e1ce3646b032431
Log: Fixed bug #66474 (Optimizer bug in constant string to boolean conversion)
 [2014-01-15 22:01 UTC] spam2 at rhsoft dot net
https://github.com/zendtech/ZendOptimizerPlus/archive/master.zip solves *nothing*
the same segfaults as https://bugs.php.net/bug.php?id=66460

the only solution currently is take the "opcache" folder from 5.5.6
and replace the one from 5.5.7/5.5.8, i tried the master above
a few minutes ago

[Wed Jan 15 22:57:48.019059 2014] [core:notice] [pid 28817] AH00052: child pid 28820 exit signal Segmentation fault (11)
[Wed Jan 15 22:57:49.020977 2014] [core:notice] [pid 28817] AH00052: child pid 28841 exit signal Segmentation fault (11)
 [2014-01-15 22:13 UTC] phpdev at ehrhardt dot nl
@rhsoft: did you try the block_pass.c from the 5.5.6 tarball and the other files from the 5.5.8 tarball?
 [2014-01-16 01:29 UTC] spam2 at rhsoft dot net
i took the source of https://github.com/zendtech/ZendOptimizerPlus/archive/master.zip and repalced the "opcache" folder of 5.5.8 tarball
 [2014-01-16 19:14 UTC] spam2 at rhsoft dot net
thanks for disallow comments and close https://bugs.php.net/bug.php?id=66460
that will help to make things better...............

nothing is fixed - opcache with enabled optimizer which is 
default after 5.5.6 is broken and worked before
https://bugs.php.net/bug.php?id=66499
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC