Fix file cache run_time_cache unserialization

nikic · nikic · commit 36d5fbbd6bce · 2020-01-02T14:56:39.000+01:00
If the script was serialized as file_cache_only (thus non-immutable)
and then gets unserialized into SHM, we need to allocate a new
run_time_cache slot and can't use the serialized arena pointer.
diff --git a/ext/opcache/zend_file_cache.c b/ext/opcache/zend_file_cache.c
@@ -1237,7 +1237,15 @@ static void zend_file_cache_unserialize_op_array(zend_op_array           *op_arr
 			ZEND_MAP_PTR_NEW(op_array->run_time_cache);
 		} else {
 			ZEND_MAP_PTR_INIT(op_array->static_variables_ptr, &op_array->static_variables);
-			UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache));
+			if (ZEND_MAP_PTR(op_array->run_time_cache)) {
+				if (script->corrupted) {
+					/* Not in SHM: Use serialized arena pointer. */
+					UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache));
+				} else {
+					/* In SHM: Allocate new pointer. */
+					ZEND_MAP_PTR_NEW(op_array->run_time_cache);
+				}
+			}
 		}
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -1237,7 +1237,15 @@ static void zend_file_cache_unserialize_op_array(zend_op_array *op_arr`
`1237`	`1237`	`ZEND_MAP_PTR_NEW(op_array->run_time_cache);`
`1238`	`1238`	`} else {`
`1239`	`1239`	`ZEND_MAP_PTR_INIT(op_array->static_variables_ptr, &op_array->static_variables);`
`1240`		`- UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache));`
	`1240`	`+ if (ZEND_MAP_PTR(op_array->run_time_cache)) {`
	`1241`	`+ if (script->corrupted) {`
	`1242`	`+ /* Not in SHM: Use serialized arena pointer. */`
	`1243`	`+ UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache));`
	`1244`	`+ } else {`
	`1245`	`+ /* In SHM: Allocate new pointer. */`
	`1246`	`+ ZEND_MAP_PTR_NEW(op_array->run_time_cache);`
	`1247`	`+ }`
	`1248`	`+ }`
`1241`	`1249`	`}`
`1242`	`1250`	`}`
`1243`	`1251`	`}`