php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79643 PHP with Opcache crashes when a file with specific name is included
Submitted: 2020-05-27 13:21 UTC Modified: 2020-05-27 14:23 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:3 (75.0%)
From: pluczkiewicz at wayfair dot com Assigned:
Status: Closed Package: opcache
PHP Version: 7.4.6 OS: Linux
Private report: No CVE-ID: None
 [2020-05-27 13:21 UTC] pluczkiewicz at wayfair dot com
Description:
------------
PHP segfaults when a file with a very specific name is included, followed by another file (the first path must be exactly as it is in the test script, for the second one I had more luck with random values). 
I have tested 7.3.0, 7.4.3 and 7.4.6, all of them are segfaulting.
`opcache.interned_strings_buffer=0` seems to be required to get the segfault.

Test script:
---------------
Opcache config:
```
opcache.enable=On
opcache.enable_cli=On
opcache.interned_strings_buffer=0
opcache.max_accelerated_files=4000
```

Script itself:
```
<?php

require_once '/wayfair/data/codebase/php/includes/filesystem/temporary_local_storage.php';
require_once 'rNSSDJBm2jVwL899rn2rA4g0PdC8Pb0S4mrd5Xfsqq00qdaaOW2PkZDOelKbI26iE64oYvrk7l';

echo 'NO CRASH';
```

Code on GitHub: https://github.com/Agares/opcache-bug-repro (run with docker build -t opcache_crash . && docker run opcache_crash)

Actual result:
--------------
Segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-05-27 14:23 UTC] sjon@php.net
-Status: Open +Status: Verified
 [2020-05-27 14:23 UTC] sjon@php.net
can confirm - but it requires the first file to actually exist
 [2020-05-29 13:17 UTC] adbrvn at gmail dot com
Same behaviour.
One more example for reproduce https://github.com/adbrvn/php-sefgault
Tested on 7.4.4
 [2020-10-20 10:51 UTC] nikic@php.net
Automatic comment on behalf of twose@qq.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d134c0ac05b6f8969463ff1cf5dd7b6332bf5ab4
Log: Fix bug #79643: Invalid memory read when opcache.interned_strings_buffer is 0
 [2020-10-20 10:51 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 01:01:30 2024 UTC