Open
Description
Description
The following code:
<?php
$cls = new DateTime();
foo();
function foo() {
global $LAST;
}
$fusion = str_repeat('a', 1024 * 1024 * 1.25);
class DestructableObject
{
}
$_ = new DestructableObject();
try {$cls->getMicrosecond();} catch (Exception $e) { echo($e); }
try {$cls->getMicrosecond();} catch (Exception $e) { echo($e); }
try {$cls->getMicrosecond();} catch (Exception $e) { echo($e); }
try {$cls->getMicrosecond();} catch (Exception $e) { echo($e); }
try {$cls->getMicrosecond();} catch (Exception $e) { echo($e); }
try {$cls->getMicrosecond();} catch (Exception $e) { echo($e); }
try {$cls->getMicrosecond();} catch (Exception $e) { echo($e); }Resulted in this output:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==56999==ERROR: AddressSanitizer: SEGV on unknown address 0x77bab5571ca8 (pc 0x77c35b88db6e bp 0x7fff8033a630 sp 0x7fff80339ce0 T0)
==56999==The signal is caused by a READ memory access.
#0 0x77c35b88db6e in zend_jit_trace_copy_ssa_var_range /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_trace.c:1004:36
#1 0x77c35b6f317b in zend_jit_trace_build_tssa /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_trace.c:2276:6
#2 0x77c35b54678c in zend_jit_trace /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_trace.c:4115:8
#3 0x77c35b4903d6 in zend_jit_compile_root_trace /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_trace.c:7498:14
#4 0x77c35b482327 in zend_jit_trace_hot_root /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_trace.c:8171:10
#5 0x77c35b4472df in zend_jit_trace_counter_helper /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_vm_helpers.c:371:7
#6 0x77c35b446920 in zend_jit_func_trace_helper /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_vm_helpers.c:394:2
#7 0x4a00967 in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:58595:7
#8 0x4a02bec in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:64247:2
#9 0x57a3a79 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1943:3
#10 0x3f9945a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2584:13
#11 0x3f9a598 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2624:9
#12 0x57b898a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:952:5
#13 0x57b2d6f in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1355:18
#14 0x77c3628a1d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#15 0x77c3628a1e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#16 0x606174 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x606174)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_trace.c:1004:36 in zend_jit_trace_copy_ssa_var_range
==56999==ABORTING
To reproduce:
./php-src/sapi/cli/php --repeat 2 -d "opcache.cache_id=worker29" -d "output_handler=" -d "open_basedir=" -d "disable_functions=" -d "output_buffering=Off" -d "error_reporting=30719" -d "display_errors=1" -d "display_startup_errors=1" -d "log_errors=0" -d "html_errors=0" -d "track_errors=0" -d "report_memleaks=1" -d "report_zend_debug=0" -d "docref_root=" -d "docref_ext=.html" -d "error_prepend_string=" -d "error_append_string=" -d "auto_prepend_file=" -d "auto_append_file=" -d "ignore_repeated_errors=0" -d "precision=14" -d "serialize_precision=-1" -d "memory_limit=2M" -d "opcache.fast_shutdown=0" -d "opcache.file_update_protection=0" -d "opcache.revalidate_freq=0" -d "opcache.jit_hot_loop=1" -d "opcache.jit_hot_func=1" -d "opcache.jit_hot_return=1" -d "opcache.jit_hot_side_exit=1" -d "opcache.jit_max_root_traces=100000" -d "opcache.jit_max_side_traces=100000" -d "opcache.jit_max_exit_counters=100000" -d "opcache.protect_memory=1" -d "zend.assertions=1" -d "zend.exception_ignore_args=0" -d "zend.exception_string_param_max_len=15" -d "short_open_tag=0" -d "extension_dir=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/" -d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "session.auto_start=0" -d "zlib.output_compression=Off" -d "opcache.record_warnings=1" -d "opcache.jit=1254" -d "fatal_error_backtraces=1" -d "max_execution_time=60" -d "opcache.enable=1" -d "opcache.enable_cli=1" ./test.php
Commit:
a28fb52719020ed737a869b5355892318cc13d29
Configurations:
CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv
Operating System:
Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest
This report is automatically generated by FlowFusion
PHP Version
Operating System
No response