|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76275 Assertion failure in file cache when unserializing empty try_catch_array
Submitted: 2018-04-27 08:21 UTC Modified: 2018-04-27 09:55 UTC
From: mate at sla dot hu Assigned:
Status: Closed Package: opcache
PHP Version: 7.2.5 OS: ubuntu 16
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: mate at sla dot hu
New email:
PHP Version: OS:


 [2018-04-27 08:21 UTC] mate at sla dot hu
code below stripped from paragonie/random_compat/lib/random.php

this my first compilation on 16.04 gcc toolchain, and i dont know my toolchain has a problem, or this is a bug, becaouse the original downloaded binary version works without problem on this file, but my compilation fails

$_main: ; (lines=1, args=0, vars=0, tmps=0)
    ; (after optimizer)
    ; /home/sla/workspace/its3/test6.php:1-22
L0 (4):     RETURN null

random_bytes: ; (lines=6, args=1, vars=1, tmps=1)
    ; (after optimizer)
    ; /home/sla/workspace/its3/test6.php:12-19
L0 (12):    CV0($length) = RECV 1
L1 (14):    UNSET_CV CV0($length)
L2 (15):    V1 = NEW 1 string("Exception")
L3 (16):    SEND_VAL_EX string("There is no suitable CSPRNG installed on your system") 1
L4 (16):    DO_FCALL
L5 (16):    THROW V1
php: /home/mate/php-7.2.5/ext/opcache/zend_file_cache.c:506: zend_file_cache_serialize_op_array: Assertion `(((char*)(op_array->try_catch_array) >= (char*)script->mem && (char*)(op_array->try_catch_array) < (char*)script->mem + script->size) || ((char*)(op_array->try_catch_array) >= (accel_shared_globals->interned_strings_start) && (char*)(op_array->try_catch_array) < (accel_shared_globals->interned_strings_end)))' failed.
Aborted (core dumped)

Test script:

if (PHP_VERSION_ID >= 70000) {

if (!is_callable('random_bytes')) {
            try {
            } catch (com_exception $e) {

        function random_bytes($length)
            unset($length); // Suppress "variable not used" warnings.
            throw new Exception(
                'There is no suitable CSPRNG installed on your system'
            return '';


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-27 09:14 UTC]
-Status: Open +Status: Analyzed
 [2018-04-27 09:14 UTC]
The issue is that the try_catch_array allocation is empty and points at the very end of the script memory. In serialized form, that means ptr == script->size. However, IS_SERIALIZED requires ptr < script->size.

I think we should do two things here:
 a) Allow ptr <= script->size to allow empty allocations. Theoretically this could clash with a new allocation starting at memory address script->size, but that seems rather unlikely to me.
 b) Prevent this particular empty allocation from occurring.

As an alternative to a) we could also assert in the opcache allocator that empty allocations are not allowed, thus catching this earlier.
 [2018-04-27 09:55 UTC]
-Summary: assert +Summary: Assertion failure in file cache when unserializing empty try_catch_array
 [2018-04-27 15:09 UTC]
Automatic comment on behalf of
Log: Fixed bug #76275
 [2018-04-27 15:09 UTC]
-Status: Analyzed +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Feb 29 15:01:32 2024 UTC