PHP :: Bug #73402 :: Opcache segfault when using class constant to call a method

Bug #73402	Opcache segfault when using class constant to call a method
Submitted:	2016-10-27 13:26 UTC	Modified:	-
From:	sachavav at tut dot by	Assigned:
Status:	Closed	Package:	opcache
PHP Version:	5.6.27	OS:	Linux Ubuntu 16.04
Private report:	No	CVE-ID:	None

View Developer Edit

[2016-10-27 13:26 UTC] sachavav at tut dot by

Description:
------------
Code that uses class constant to call a method it produces segmentation fault when opcache is enabled. E.g. `$this->{self::SOME_METHOD}();`.

The same code works well without opcache.

To reproduce it create files as in test scripts, enable opcache in CLI (opcache.enable_cli=1), run `php test.php`.

See backtrace from gdb in actual results section.


When using php compiled with debug (with opcache enabled), it gives different results:
[Thu Oct 27 15:35:25 2016]  Script:  '/home/alex/work/www/sugar/Mango/build/rome/builds/ult/sugarcrm/test/test.php'
---------------------------------------
/home/alex/.phpbrew/build/5.6.27-deubg/ext/opcache/ZendAccelerator.c(380) : Block 0x7f177b3ff390 status:
Beginning:  	Cached
Freed (invalid)
    Start:	OK
      End:	OK
---------------------------------------
PHP Fatal error:  Call to undefined method Logger::info() in /home/alex/work/www/sugar/Mango/build/rome/builds/ult/sugarcrm/test/B.php on line 11

Fatal error: Call to undefined method Logger::info() in /home/alex/work/www/sugar/Mango/build/rome/builds/ult/sugarcrm/test/B.php on line 11


Test script:
---------------
Logger.php:
<?php
class Logger
{
	public function info($message)
	{
		echo $message . PHP_EOL;
	}
}

B.php:
<?php
require_once 'Logger.php';

class B
{
	const LOG_LEVEL = 'info';
	public function test()
	{
		$this->logger = new \Logger();
		$this->logger->{self::LOG_LEVEL}('test');
	}
}

test.php:
<?php
require_once 'B.php';

$t = new B();
$t->test();


Expected result:
----------------
Without opcache script just outputs 'test'

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_alloc_int (heap=0x104d010, size=8) at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend_alloc.c:1910
1910				heap->cache[index] = best_fit->prev_free_block;
(gdb) backtrace
#0  _zend_mm_alloc_int (heap=0x104d010, size=8) at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend_alloc.c:1910
#1  0x0000000000705559 in _estrndup (s=0x7ffff7fb3438 "message", length=length@entry=7) at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend_alloc.c:2659
#2  0x0000000000716863 in zend_do_receive_param (op=op@entry=63 '?', varname=varname@entry=0x7fffffff7bf8, initialization=initialization@entry=0x0, class_type=class_type@entry=0x7fffffff7b80, 
    pass_by_reference=<optimized out>, is_variadic=<optimized out>) at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend_compile.c:1918
#3  0x00000000006ee3dc in zendparse () at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend_language_parser.c:4495
#4  0x00000000006f3941 in compile_file (file_handle=0x7fffffff9ec0, type=8) at Zend/zend_language_scanner.l:586
#5  0x00000000005a6480 in phar_compile_file (file_handle=<optimized out>, type=<optimized out>) at /home/alex/.phpbrew/build/php-5.6.26/ext/phar/phar.c:3371
#6  0x00007fffee19c618 in compile_and_cache_file (file_handle=file_handle@entry=0x7fffffff9ec0, type=type@entry=8, 
    key=key@entry=0x7fffee3b8c94 <accel_globals+372> "/home/alex/work/www/sugar/Mango/build/rome/builds/ult/sugarcrm/test/Logger.php", key_length=78, op_array_p=op_array_p@entry=0x7fffffff9da0, 
    from_shared_memory=from_shared_memory@entry=0x7fffffff9d9c) at /home/alex/.phpbrew/build/php-5.6.26/ext/opcache/ZendAccelerator.c:1412
#7  0x00007fffee19cf53 in persistent_compile_file (file_handle=0x7fffffff9ec0, type=8) at /home/alex/.phpbrew/build/php-5.6.26/ext/opcache/ZendAccelerator.c:1658
#8  0x00000000007dad57 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7ffff7f7b228) at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend_vm_execute.h:2968
#9  0x0000000000769a00 in execute_ex (execute_data=0x7ffff7f7b228) at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend_vm_execute.h:363
#10 0x000000000072dbc0 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /home/alex/.phpbrew/build/php-5.6.26/Zend/zend.c:1341
#11 0x00000000006c87f0 in php_execute_script (primary_file=primary_file@entry=0x7fffffffc4a0) at /home/alex/.phpbrew/build/php-5.6.26/main/main.c:2613
#12 0x00000000007dd4cf in do_cli (argc=2, argv=0x101d5a0) at /home/alex/.phpbrew/build/php-5.6.26/sapi/cli/php_cli.c:994
#13 0x00000000004301b1 in main (argc=2, argv=0x101d5a0) at /home/alex/.phpbrew/build/php-5.6.26/sapi/cli/php_cli.c:1378

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-10-29 15:44 UTC] laruence@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ef75ddd4f98e0155e698387ab7ef052a0174278a
Log: Fixed bug #73402 (Opcache segfault when using class constant to call a method)

[2016-10-29 15:44 UTC] laruence@php.net

-Status: Open +Status: Closed

[2016-11-09 03:33 UTC] krakjoe@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ef75ddd4f98e0155e698387ab7ef052a0174278a
Log: Fixed bug #73402 (Opcache segfault when using class constant to call a method)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Dec 30 15:01:28 2024 UTC