php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79743 Fatal error when assigning to array property with JIT enabled
Submitted: 2020-06-26 14:50 UTC Modified: 2020-06-29 09:51 UTC
From: theodorejb@php.net Assigned: nikic (profile)
Status: Closed Package: opcache
PHP Version: 8.0.0alpha1 OS: Windows 10 x64 build 2004
Private report: No CVE-ID: None
 [2020-06-26 14:50 UTC] theodorejb@php.net
Description:
------------
Running php-8.0.0alpha1-nts-Win32-vs16-x64
JIT settings:

opcache.jit_buffer_size=200000000
opcache.jit=1235

When an array contains a bunch of objects with a typed array property, and the objects are looped over and a value is assigned to a non-consecutive key in the typed array property, a fatal error occurs after a few iterations.

Note: I wasn't able to reproduce the error if the array contains 30 or fewer objects. It only seems to occur when there are at least 31 objects, and the more objects are in the array the fewer iterations are successful before the error occurs.

Test script:
---------------
<?php

class Foo
{
    public array $things = [];
}

$objects = [];

for ($i = 0; $i < 70; $i++) {
    $objects[] = new Foo();
}

foreach ($objects as $key => $class) {
    echo $key . '<br/>';
    $class->things[1] = true;
}


Actual result:
--------------
Fatal error: Uncaught TypeError: Cannot auto-initialize an array inside property Foo::$things of type array in test.php:16 Stack trace: #0 {main} thrown in test.php on line 16

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-06-29 09:47 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d005a8e92becb9993ab0d370e4f5688d09bcaaf2
Log: Fixed bug #79743 (Fatal error when assigning to array property with JIT enabled)
 [2020-06-29 09:47 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2020-06-29 09:50 UTC] nikic@php.net
-Status: Closed +Status: Open -Assigned To: +Assigned To: nikic
 [2020-06-29 09:51 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2020-06-29 09:51 UTC] nikic@php.net
Oops, race condition.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Jan 20 14:01:23 2021 UTC