From bd4fce4f6f5f40f71802f0b2ad12a925af0667c1 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 18 Dec 2019 11:37:39 +0100 Subject: [PATCH] Fixed bug #78986 Don't assume that handlers live in the arena, they may also be in SHM. --- NEWS | 2 ++ ext/opcache/tests/bug78986.phpt | 28 +++++++++++++++++++++++ ext/opcache/zend_accelerator_util_funcs.c | 2 +- 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 ext/opcache/tests/bug78986.phpt diff --git a/NEWS b/NEWS index 39bdee36181..4143c8cb9c9 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,8 @@ PHP NEWS . Fixed bug #78950 (Preloading trait method with static variables). (Nikita) . Fixed bug #78903 (Conflict in RTD key for closures results in crash). (Nikita) + . Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable + into mutable class). (Nikita) - Spl: . Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure). (cmb) diff --git a/ext/opcache/tests/bug78986.phpt b/ext/opcache/tests/bug78986.phpt new file mode 100644 index 00000000000..9479460f764 --- /dev/null +++ b/ext/opcache/tests/bug78986.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #78986: Opcache segfaults when inheriting ctor from immutable into mutable class +--FILE-- + 'test' + ]; +} + +var_dump(new TestClass()); + +?> +--EXPECT-- +object(TestClass)#1 (1) { + ["test"]=> + array(1) { + [1]=> + string(4) "test" + } +} diff --git a/ext/opcache/zend_accelerator_util_funcs.c b/ext/opcache/zend_accelerator_util_funcs.c index 0eb5b70cc57..53efa865c73 100644 --- a/ext/opcache/zend_accelerator_util_funcs.c +++ b/ext/opcache/zend_accelerator_util_funcs.c @@ -246,7 +246,7 @@ static void zend_hash_clone_prop_info(HashTable *ht) #define zend_update_inherited_handler(handler) \ { \ - if (ce->handler != NULL) { \ + if (ce->handler != NULL && IN_ARENA(ce->handler)) { \ ce->handler = ARENA_REALLOC(ce->handler); \ } \ }