php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78937 Preloading unlinkable anonymous class can segfault
Submitted: 2019-12-09 13:36 UTC Modified: 2019-12-09 16:37 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: cmb@php.net Assigned:
Status: Closed Package: opcache
PHP Version: 7.4Git-2019-12-09 (Git) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2019-12-09 13:36 UTC] cmb@php.net
Description:
------------
When code is preloaded which uses unlinkable anonymous classes,
PHP can crash.  When running the test script in debug mode with
r42a2fb8, I hit an assertion failure:

php7_debug.dll!ZEND_DECLARE_ANON_CLASS_SPEC_HANDLER(_zend_execute_data * execute_data) Line 2449 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend_vm_execute.h:2449)
php7_debug.dll!execute_ex(_zend_execute_data * ex) Line 53379 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend_vm_execute.h:53379)
php7_debug.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 57665 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend_vm_execute.h:57665)
php7_debug.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1664 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\Zend\zend.c:1664)
php7_debug.dll!php_execute_script(_zend_file_handle * primary_file) Line 2619 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\main\main.c:2619)
php.exe!do_cli(int argc, char * * argv) Line 962 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\sapi\cli\php_cli.c:962)
php.exe!main(int argc, char * * argv) Line 1352 (c:\php-sdk\phpdev\vc15\x64\php-src-7.4\sapi\cli\php_cli.c:1352)


Test script:
---------------
preload.inc
<?php
function foo() {
    return new class extends Bar {};
}
?>

test.php
<?php
var_dump(foo()->test());
?>


Expected result:
----------------
object(class@anonymous)#1 (0) {
}


Actual result:
--------------
assertion failure/segfault


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-12-09 16:37 UTC] cmb@php.net
Additional info: the preloader uses opcache_compile_file() to
preload preload.inc, and the error log shows:

PHP Warning:  Can't preload already declared class class@anonymous in …
 [2019-12-10 21:47 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=20ef51db22c46fd45976eb6d0b780c14022c8873
Log: Fixed bug #78937 (Preloading unlinkable anonymous class can segfault)
 [2019-12-10 21:47 UTC] dmitry@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 02:01:27 2024 UTC