Skip to content

Commit 2d4aa1e

Browse files
SammyKSammyK
committed
Fix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers
Modules may have changed after restart which can cause dangling pointers from custom opcode handlers in the second-level cache files. This fix includes the installed module names and versions in the accel_system_id hash as entropy. Closes GH-5836
1 parent 5dcb8f2 commit 2d4aa1e

File tree

2 files changed

+18
-0
lines changed

2 files changed

+18
-0
lines changed

NEWS

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ PHP NEWS
1818
- OPcache:
1919
. Fixed bug #80002 (calc free space for new interned string is wrong).
2020
(t-matsuno)
21+
. Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
22+
handlers changed). (SammyK)
2123

2224
- PDO:
2325
. Fixed bug #80027 (Terrible performance using $query->fetch on queries with

ext/opcache/ZendAccelerator.c

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2692,6 +2692,9 @@ static void accel_gen_system_id(void)
26922692
unsigned char digest[16], c;
26932693
char *md5str = ZCG(system_id);
26942694
int i;
2695+
zend_module_entry *module;
2696+
zend_extension *extension;
2697+
zend_llist_position pos;
26952698

26962699
PHP_MD5Init(&context);
26972700
PHP_MD5Update(&context, PHP_VERSION, sizeof(PHP_VERSION)-1);
@@ -2702,6 +2705,19 @@ static void accel_gen_system_id(void)
27022705
PHP_MD5Update(&context, __DATE__, sizeof(__DATE__)-1);
27032706
PHP_MD5Update(&context, __TIME__, sizeof(__TIME__)-1);
27042707
}
2708+
/* Modules may have changed after restart which can cause dangling pointers from
2709+
* custom opcode handlers in the second-level cache files
2710+
*/
2711+
ZEND_HASH_FOREACH_PTR(&module_registry, module) {
2712+
PHP_MD5Update(&context, module->name, strlen(module->name));
2713+
PHP_MD5Update(&context, module->version, strlen(module->version));
2714+
} ZEND_HASH_FOREACH_END();
2715+
extension = (zend_extension *) zend_llist_get_first_ex(&zend_extensions, &pos);
2716+
while (extension) {
2717+
PHP_MD5Update(&context, extension->name, strlen(extension->name));
2718+
PHP_MD5Update(&context, extension->version, strlen(extension->version));
2719+
extension = (zend_extension *) zend_llist_get_next_ex(&zend_extensions, &pos);
2720+
}
27052721
PHP_MD5Final(digest, &context);
27062722
for (i = 0; i < 16; i++) {
27072723
c = digest[i] >> 4;

0 commit comments

Comments
 (0)