Skip to content

SEGV ext/opcache/jit/zend_jit_vm_helpers.c #17257

New issue
New issue
Closed
Closed
SEGV ext/opcache/jit/zend_jit_vm_helpers.c#17257
Labels
BugCategory: JITExtension: opcacheStatus: Verified
@YuanchengJiang

Description

@YuanchengJiang
YuanchengJiang
opened on Dec 24, 2024

Description

The following code:

<?php
$functions = get_defined_functions();
$callbacks = $functions['user'];
foreach ($callbacks as $callback) {
ob_start($callback);
ob_end_flush();
}
function get_const() {
}
function test() {
var_dump(call_user_func('get_const', $x));
}
test();
try {session_unset();} catch (Exception $e) { echo($e); }

Resulted in this output:

/home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_vm_helpers.c:138:15: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_vm_helpers.c:138:15

To reproduce:

-d "opcache.jit_hot_func=1" -d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "opcache.enable_cli=1" -d "opcache.jit=1254"

PHP Version

nightly

Operating System

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugCategory: JITExtension: opcacheStatus: Verified

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions