php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66474 end of script before headers = error 500
Submitted: 2014-01-12 22:42 UTC Modified: 2015-04-07 22:42 UTC
From: phpdev at ehrhardt dot nl Assigned:
Status: Closed Package: opcache
PHP Version: 5.5.8 OS: Any
Private report: No CVE-ID:
 [2014-01-12 22:42 UTC] phpdev at ehrhardt dot nl
Description:
------------
Enable superfish 7.x-1.9 in any Drupal 7 site and run it with php-cgi.exe from PHP NTS 5.4.24 or PHP 5.5.7+ (x86 or x64) and php_opcache.dll with the recommended settings. You will get an internal server error 500, due to 'End of script output before headers: php-cgi.exe'.

Culprit are the changes in block_pass.c in this patch:
https://github.com/zendtech/ZendOptimizerPlus/commit/b73b6a5559d6ca4925a09ed284a4e93be06726ed

Reverting those changes resolves this issue, but might undo the fix for bug #66176.

Expected result:
----------------
No end of script output before headers

Actual result:
--------------
End of script output before headers

Patches

zo_revert_op1_const_block_pass.patch (last revision 2014-01-12 22:43 UTC) by phpdev at ehrhardt dot nl)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-13 04:42 UTC] phpdev at ehrhardt dot nl
I reproduced the bug on a CentOS 5 server, with PHP 5.4 NTS loaded as mod_fcgid and opcache.so compiled with the currect GIT head sources. So this bug is not Windows specific!

The Superfish 7.x-1.9 can be found here:
https://drupal.org/project/superfish
 [2014-01-13 04:44 UTC] phpdev at ehrhardt dot nl
-Operating System: Windows +Operating System: Any
 [2014-01-13 04:44 UTC] phpdev at ehrhardt dot nl
Changed OS into 'Any'
 [2014-01-13 06:41 UTC] dmitry@php.net
The minimal script that triggers the problem:

<?php
function foo() {
	$speed = 'slow' || 'fast';
}
foo();
?>

It doesn't crash, but valgrind shows the source of the error

==12278== Invalid read of size 1
==12278==    at 0x4C1E335: accel_new_interned_string (zend_hash.h:282)
==12278==    by 0x4C252AD: zend_persist_zval_calc (zend_persist_calc.c:107)
==12278==    by 0x4C258F9: zend_persist_op_array_calc.part.2 (zend_persist_calc.c:148)
==12278==    by 0x4C250D2: zend_hash_persist_calc (zend_persist_calc.c:79)
==12278==    by 0x4C25971: zend_accel_script_persist_calc (zend_persist_calc.c:337)
==12278==    by 0x4C1F78B: compile_and_cache_file.constprop.19 (ZendAccelerator.c:1167)
==12278==    by 0x4C20291: persistent_compile_file (ZendAccelerator.c:1634)
==12278==    by 0x838B57C: zend_execute_scripts (zend.c:1308)
==12278==    by 0x832CAAA: php_execute_script (main.c:2506)
==12278==    by 0x8434E46: do_cli (php_cli.c:994)
==12278==    by 0x806F91C: main (php_cli.c:1378)
==12278==  Address 0x4d04c30 is 0 bytes inside a block of size 5 free'd
==12278==    at 0x4007B21: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==12278==    by 0x8381407: convert_to_boolean (zend_operators.c:543)
==12278==    by 0x4C2B252: zend_optimize_block (block_pass.c:1059)
==12278==    by 0x4C2F5EC: zend_optimizer (block_pass.c:2060)
==12278==    by 0x837F033: zend_llist_apply_with_argument (zend_llist.c:234)
==12278==    by 0x8380307: pass_two (zend_opcode.c:670)
==12278==    by 0x8373FEA: zend_do_end_function_declaration (zend_compile.c:1811)
==12278==    by 0x83550C5: zendparse (zend_language_parser.y:382)
==12278==    by 0x8356149: compile_file (zend_language_scanner.l:588)
==12278==    by 0x82347BC: phar_compile_file (phar.c:3383)
==12278==    by 0x4C1F5A4: compile_and_cache_file.constprop.19 (ZendAccelerator.c:1388)
==12278==    by 0x4C20291: persistent_compile_file (ZendAccelerator.c:1634)
 [2014-01-13 07:22 UTC] phpdev at ehrhardt dot nl
It is quite incomprehensible for me, but I see some code like that in superfish.module and apparently you found out that that code triggers this issue.

Let me know when you have a patch and I will test it.
 [2014-01-13 08:08 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fcd75690fe68c11ff9a327ee2e1ce3646b032431
Log: Fixed bug #66474 (Optimizer bug in constant string to boolean conversion)
 [2014-01-13 08:08 UTC] dmitry@php.net
-Status: Open +Status: Closed
 [2014-01-13 09:46 UTC] phpdev at ehrhardt dot nl
Solved by this patch:
https://github.com/zendtech/ZendOptimizerPlus/archive/master.zip
 [2014-01-13 11:36 UTC] ab@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fcd75690fe68c11ff9a327ee2e1ce3646b032431
Log: Fixed bug #66474 (Optimizer bug in constant string to boolean conversion)
 [2014-01-15 22:01 UTC] spam2 at rhsoft dot net
https://github.com/zendtech/ZendOptimizerPlus/archive/master.zip solves *nothing*
the same segfaults as https://bugs.php.net/bug.php?id=66460

the only solution currently is take the "opcache" folder from 5.5.6
and replace the one from 5.5.7/5.5.8, i tried the master above
a few minutes ago

[Wed Jan 15 22:57:48.019059 2014] [core:notice] [pid 28817] AH00052: child pid 28820 exit signal Segmentation fault (11)
[Wed Jan 15 22:57:49.020977 2014] [core:notice] [pid 28817] AH00052: child pid 28841 exit signal Segmentation fault (11)
 [2014-01-15 22:13 UTC] phpdev at ehrhardt dot nl
@rhsoft: did you try the block_pass.c from the 5.5.6 tarball and the other files from the 5.5.8 tarball?
 [2014-01-16 01:29 UTC] spam2 at rhsoft dot net
i took the source of https://github.com/zendtech/ZendOptimizerPlus/archive/master.zip and repalced the "opcache" folder of 5.5.8 tarball
 [2014-01-16 19:14 UTC] spam2 at rhsoft dot net
thanks for disallow comments and close https://bugs.php.net/bug.php?id=66460
that will help to make things better...............

nothing is fixed - opcache with enabled optimizer which is 
default after 5.5.6 is broken and worked before
https://bugs.php.net/bug.php?id=66499
 [2015-04-07 22:07 UTC] accounts at 75thtrombone dot com
As the first comment says, this bug applies to PHP 5.4 as well as 5.5+. I just had to upgrade a site to 5.5 to fix it. I know 5.4 is in security-fix-only mode now, so I doubt this will ever get backported, but given that it was brought up during the Active Support period, I thought I'd mention it just in case.
 [2015-04-07 22:42 UTC] phpdev at ehrhardt dot nl
PHP 5.4 does not have a bundled opcache. If you were using opcache with PHP 5.4 then the only way to get it is by using the ZendOptimizer sources from github. Those sources surely have the bugfix for this specific bug:
https://github.com/zendtech/ZendOptimizerPlus/blob/master/Optimizer/block_pass.c#L1060

You must have run into another bug.
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Mon Jun 15 18:01:54 2015 UTC