php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70022 Crash with opcache using opcache.file_cache_only=1
Submitted: 2015-07-08 13:53 UTC Modified: 2015-07-22 17:37 UTC
From: suralc dot github at gmail dot com Assigned: ab
Status: Closed Package: opcache
PHP Version: 7.0Git-2015-07-08 (Git) OS: Windows 10 Build 10162
Private report: No CVE-ID:
 [2015-07-08 13:53 UTC] suralc dot github at gmail dot com
Description:
------------
Note: I am aware that the file based opcache is experimental.

Compiled php (master@f9dc60f36f0c03) using visual studio 2015(RC) on the latest windows 10 build (x64 host and built) using
`configure --enable-debug --with-openssl --enable-opcache-file --without-gd`

Opcache config:
opcache.enable=1
opcache.enable_cli=1
opcache.file_cache=e:\programme\dev\php7\tmp
opcache.file_cache_only=1

Setting file_cache_only to 0 prevents the crash.

Running `phpunit` executes the tests fine (and prints results) but crashes afterwards:

First guess is that p->key->gc.u.v which is accessed by the GC_FLAGS macro which is "called" by the ZSTR_IS_INTERNED macro is already free when execution reaches accel_reset_pcre_cache. (See the output below)


I was unable to reproduce the crash outside of that environment(phpunit) so far.

Actual result:
--------------
>? p->key->gc.u.v
{type=??? flags=??? gc_info=??? }
    type: <Speicher kann nicht gelesen werden>
    flags: <Speicher kann nicht gelesen werden>
    gc_info: <Speicher kann nicht gelesen werden>

>? p->key->gc
{refcount=??? u={v={type=??? flags=??? gc_info=??? } type_info=??? } }
    refcount: <Speicher kann nicht gelesen werden>
    u: {v={type=??? flags=??? gc_info=??? } type_info=??? }

Ausnahmefehler bei 0x00007FFD06498C8E (php_opcache.dll) in php.exe: 0xC0000005: Zugriffsverletzung beim Lesen [Access violation while reading] an Position 0x0000006DF1603925
>	php_opcache.dll!accel_reset_pcre_cache() Zeile 1976	C
 	php_opcache.dll!accel_shutdown() Zeile 2676	C
 	php_opcache.dll!zm_shutdown_zend_accelerator(int type, int module_number) Zeile 420	C
 	php7ts_debug.dll!module_destructor(_zend_module_entry * module) Zeile 2513	C
 	php7ts_debug.dll!module_destructor_zval(_zval_struct * zv) Zeile 603	C
 	php7ts_debug.dll!_zend_hash_del_el_ex(_zend_array * ht, unsigned int idx, _Bucket * p, _Bucket * prev) Zeile 936	C
 	php7ts_debug.dll!_zend_hash_del_el(_zend_array * ht, unsigned int idx, _Bucket * p) Zeile 960	C
 	php7ts_debug.dll!zend_hash_graceful_reverse_destroy(_zend_array * ht) Zeile 1406	C
 	php7ts_debug.dll!zend_destroy_modules() Zeile 1990	C
 	php7ts_debug.dll!zend_shutdown() Zeile 839	C
 	php7ts_debug.dll!php_module_shutdown() Zeile 2346	C
 	php.exe!main(int argc, char * * argv) Zeile 1355	C
 	[Externer Code]	

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-08 14:34 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2015-07-08 14:34 UTC] ab@php.net
Thanks for the report. Could you please share the exact unit test reproducing this?

Thanks.
 [2015-07-08 16:01 UTC] ab@php.net
-Status: Feedback +Status: Verified
 [2015-07-08 16:01 UTC] ab@php.net
Ok, now I reproduce it with our phpt suite. The access to PCRE_G(pcre_cache) seems to be the issue in TS build. Could you please check whether you reproduce the same with NTS build (add --disable-zts)?

Thanks.
 [2015-07-08 17:05 UTC] suralc dot github at gmail dot com
Compiled again using  "--disable-zts" "--enable-debug" "--with-openssl" "--enable-opcache-file" "--without-gd"

The crash also appears using the non thread safe build for me.
 [2015-07-17 14:03 UTC] ab@php.net
-Status: Verified +Status: Feedback
 [2015-07-17 14:03 UTC] ab@php.net
@suralc, please check the latest master state, this should be fixed there.

Thanks.
 [2015-07-21 07:23 UTC] ab@php.net
-Status: Feedback +Status: Closed -Assigned To: +Assigned To: ab
 [2015-07-21 07:23 UTC] ab@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2015-07-22 17:37 UTC] suralc dot github at gmail dot com
Sorry for the late answer.

Just to wrap it up from my site:
I'm unable to reproduce the issue with the latest builds. Thank you for fixing the bug.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC