FAQ
in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline calling
the function hast a pointer to the very same struct in it's cache_slot. when
this opcode is called againg, the cache is used and it crashes.

my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does solve the
problem and makes sense to me logically. it is also possible to not free it
and let it be re-used from cache_slot.

my pacth is attached.

Search Discussions

  • Stas Malyshev at Jan 29, 2012 at 11:52 pm
    Hi!
    in zend_vm_execute.h:701 PHP free's the function struct in case of
    ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline calling
    the function hast a pointer to the very same struct in it's cache_slot. when
    this opcode is called againg, the cache is used and it crashes.
    How this can be reproduced?
    my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does solve the
    problem and makes sense to me logically. it is also possible to not free it
    and let it be re-used from cache_slot.

    my pacth is attached.
    The patch should be to zend_vm_def.h since vm_execute is generated.
    Dmitry, what do you think about this?
    --
    Stanislav Malyshev, Software Architect
    SugarCRM: http://www.sugarcrm.com/
    (408)454-6900 ext. 227
  • Dmitry Stogov at Jan 30, 2012 at 7:24 am
    Hi,
    On 01/30/2012 03:52 AM, Stas Malyshev wrote:
    Hi!
    in zend_vm_execute.h:701 PHP free's the function struct in case of
    ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
    calling
    the function hast a pointer to the very same struct in it's
    cache_slot. when
    this opcode is called againg, the cache is used and it crashes.
    How this can be reproduced?
    I would like to see the test case too as well. Is it related to
    ext/com_dotnet? It's the only extension that uses overloaded functions
    in php distribution.
    my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
    solve the
    problem and makes sense to me logically. it is also possible to not
    free it
    and let it be re-used from cache_slot.

    my pacth is attached.
    The patch should be to zend_vm_def.h since vm_execute is generated.
    Dmitry, what do you think about this?
    From the first look the patch makes sense. Of course it should be
    applied to zend_vm_def.h.

    It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE
    in extensions, but the patch looks more robust.

    Thanks. Dmitry.
  • Yoram bar haim at Jan 30, 2012 at 9:18 am
    We have the crash in Zend JavaBridge, but yes it will probably occur in .com
    eather.
    ther scenario is quite simple, you just call a method in a loop. in the
    second interation, it will crash.
    here is a stenario with JavaBridge :
    <?php

    java_require(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'Persons.jar');
    java_set_encoding('UTF-8');

    $employeeClass = 'Employee';

    $person = new java($employeeClass, "Gadi","Goldbarg",28,"male",3000,10);

    for ($i =0; $i< 2; $i++) {
    try {
    $person->xxx();
    } catch (Exception $e) {
    }
    }

    ?>
    On Monday, January 30, 2012 09:24:30 AM Dmitry Stogov wrote:
    Hi,
    On 01/30/2012 03:52 AM, Stas Malyshev wrote:
    Hi!
    in zend_vm_execute.h:701 PHP free's the function struct in case of
    ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
    calling
    the function hast a pointer to the very same struct in it's
    cache_slot. when
    this opcode is called againg, the cache is used and it crashes.
    How this can be reproduced?
    I would like to see the test case too as well. Is it related to
    ext/com_dotnet? It's the only extension that uses overloaded functions
    in php distribution.
    my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
    solve the
    problem and makes sense to me logically. it is also possible to not
    free it
    and let it be re-used from cache_slot.

    my pacth is attached.
    The patch should be to zend_vm_def.h since vm_execute is generated.
    Dmitry, what do you think about this?
    From the first look the patch makes sense. Of course it should be
    applied to zend_vm_def.h.

    It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE
    in extensions, but the patch looks more robust.

    Thanks. Dmitry.
  • Dmitry Stogov at Jan 30, 2012 at 9:34 am
    Thanks. I'll commit the patch later today.

    Thanks. Dmitry.
    On 01/30/2012 01:18 PM, yoram bar haim wrote:
    We have the crash in Zend JavaBridge, but yes it will probably occur in .com
    eather.
    ther scenario is quite simple, you just call a method in a loop. in the
    second interation, it will crash.
    here is a stenario with JavaBridge :
    <?php

    java_require(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'Persons.jar');
    java_set_encoding('UTF-8');

    $employeeClass = 'Employee';

    $person = new java($employeeClass, "Gadi","Goldbarg",28,"male",3000,10);

    for ($i =0; $i< 2; $i++) {
    try {
    $person->xxx();
    } catch (Exception $e) {
    }
    }

    ?>
    On Monday, January 30, 2012 09:24:30 AM Dmitry Stogov wrote:
    Hi,
    On 01/30/2012 03:52 AM, Stas Malyshev wrote:
    Hi!
    in zend_vm_execute.h:701 PHP free's the function struct in case of
    ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
    calling
    the function hast a pointer to the very same struct in it's
    cache_slot. when
    this opcode is called againg, the cache is used and it crashes.
    How this can be reproduced?
    I would like to see the test case too as well. Is it related to
    ext/com_dotnet? It's the only extension that uses overloaded functions
    in php distribution.
    my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
    solve the
    problem and makes sense to me logically. it is also possible to not
    free it
    and let it be re-used from cache_slot.

    my pacth is attached.
    The patch should be to zend_vm_def.h since vm_execute is generated.
    Dmitry, what do you think about this?
    From the first look the patch makes sense. Of course it should be
    applied to zend_vm_def.h.

    It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE
    in extensions, but the patch looks more robust.

    Thanks. Dmitry.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedJan 29, '12 at 4:08p
activeJan 30, '12 at 9:34a
posts5
users3
websitephp.net

People

Translate

site design / logo © 2022 Grokbase