PHP :: Bug #76477 :: Opcache causes empty return value |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76477 Opcache causes empty return value
Submitted: 2018-06-14 13:16 UTC Modified: 2018-06-14 14:52 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mark2011 at mayberg dot se Assigned:
Status: Closed Package: opcache
PHP Version: 7.2.6 OS: Linux
Private report: No CVE-ID: None
 [2018-06-14 13:16 UTC] mark2011 at mayberg dot se
Running the test script without opcache works fine. But with opcache enabled it results in an unexpected behaviour (after second execution). The test script below is extracted from a bigger library, I isolated a small test case.

PHP 7.2.6 is not yet available for my distro. 

PHP 7.0, 7.1 does not show this error.

Test script:
	echo "PHP ".PHP_VERSION." ".PHP_SAPI."<br>\n";

	$token = "ABC";
	$lengthBytes = strlenb($token);
	echo "$token $lengthBytes ".($lengthBytes!=0 ? "ok" : "error")."<br>\n";

	function testString()
		$token = "ABC";
		$lengthBytes = strlenb($token);
		echo "$token $lengthBytes ".($lengthBytes!=0 ? "ok" : "error")."<br>\n";
	function strlenb() { return call_user_func_array("strlen", func_get_args()); }

Expected result:
PHP 7.2.5-0ubuntu0.18.04.1 apache2handler
ABC 3 ok
ABC 3 ok

Actual result:
PHP 7.2.5-0ubuntu0.18.04.1 apache2handler
ABC 3 ok
ABC error


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-06-14 14:21 UTC] sjon at hortensius dot net
I can reproduce this with a pretty vanilla 7.2.6 under Archlinux. It can be simplified somewhat; this is also unstable (sometimes it returns 3, sometimes NULL):


function t()
    $l = strlenb("ABC");

function strlenb() { return call_user_func_array("strlen", func_get_args()); }
 [2018-06-14 14:37 UTC]
-Status: Open +Status: Verified
 [2018-06-14 14:37 UTC]
I can confirm that this issue affects PHP-7.2 and master, but not
PHP-7.1 (older version are not actively supported anymore).
 [2018-06-14 14:52 UTC]
This is a type-inference bug:

strlenb: ; (lines=5, args=0, vars=0, tmps=1, ssa_vars=2, no_loops)
    ; (after dfa pass)
    ; /home/nikic/php-7.2/t001.php:10-10
    ; return  [null]
BB0: start exit lines=[0-4]
    ; level=0
            INIT_FCALL 0 80 string("strlen")
            #0.T0 [array [long] of [any]] = FUNC_GET_ARGS
            SEND_ARRAY 0 #0.T0 [array [long] of [any]]
            #1.V0 [null] = DO_FCALL
            RETURN #1.V0 [null]

The return value of strlen() is determined to be null, which is wrong. The type is determined by zend_strlen_info(), which doesn't take the SEND_ARRAY into account properly. The same issue might also affect other custom inference functions.

Btw, this particular one we can really just drop, because all useful cases are already handled by ZEND_STRLEN.
 [2018-06-15 08:32 UTC]
Automatic comment on behalf of
Log: Fixed bug #76477 (Opcache causes empty return value)
 [2018-06-15 08:32 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Aug 16 12:01:24 2018 UTC