php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80002 calc free space for new interned string is wrong
Submitted: 2020-08-20 09:09 UTC Modified: 2020-08-21 01:34 UTC
From: t-matsuno at colopl dot co dot jp Assigned: cmb (profile)
Status: Closed Package: opcache
PHP Version: PHP 7.3 OS:
Private report: No CVE-ID: None
 [2020-08-20 09:09 UTC] t-matsuno at colopl dot co dot jp
Description:
------------
Hello,

Since I got "Interned string buffer overflow" warning with relatively large opcache.interned_strings_buffer, I looked ZendAccelerator and tried some tests.
Through the series of tests, it seems that the calculation for free space to keep interned strings is wrong and it derives the 1/32 smaller value than the actual free space and it causes the overflow warning for some big strings even if there is enough free space.

I hope you look at it.
This happens in PHP7.3 and newer.

Regards,
Takeki.


Patches

ZendAccelerator.c.patch (last revision 2020-08-20 09:09 UTC by t-matsuno at colopl dot co dot jp)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-20 09:23 UTC] cmb@php.net
-PHP Version: master-Git-2020-08-20 (Git) +PHP Version: PHP 7.3 -Assigned To: +Assigned To: cmb
 [2020-08-20 09:23 UTC] cmb@php.net
Thanks for reporting, and the patch!
 [2020-08-20 09:25 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #80002: calc free space for new interned string is wrong
On GitHub:  https://github.com/php/php-src/pull/6024
Patch:      https://github.com/php/php-src/pull/6024.patch
 [2020-08-20 12:29 UTC] danack@php.net
"I looked ZendAccelerator and tried some tests.
Through the series of tests, it seems that the calculation for free space to keep interned strings is wrong"

Thanks for the patch.

Would it be possible for you to write a few words about the tests you did, and how they lead to finding this issue?

And also an example of a string that would encounter this bug would be lovely.
 [2020-08-21 01:34 UTC] t-matsuno at colopl dot co dot jp
> a string that would encounter this bug
"bootstrap/cache/routes.php" generated by Laravel has a very big base64 string which is 800k long in our case and encounters this bug.

We encountered the overflow warning when we were upgrading our PHP version from 7.2, then I started to see how much to configure the buffer size and found that the interned strings buffer used memory of opcache_get_status was not so high but the overflow occurred in the routes.php.

Tests were mainly just loading the file with increasing opcache.interned_strings_buffer gradually, and GDB step out after I found the threshold.

Thanks for looking at this report.
 [2020-08-24 09:05 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fcd26ffcc3f3a1ce5e5bd78afd89c484e206e3ea
Log: Fix #80002: calc free space for new interned string is wrong
 [2020-08-24 09:05 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Oct 21 08:01:23 2020 UTC