From e576d342bb8a4e8078a52383ed360acf00aefd39 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 2 Jan 2020 11:59:36 +0100 Subject: [PATCH 1/2] Update ZCSG(map_ptr_last) only if for_shm Otherwise we may get a memory protection fault here. Updating of ZCSG(map_ptr_last) is handled when loading from file cache to SHM. --- ext/opcache/zend_persist.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/opcache/zend_persist.c b/ext/opcache/zend_persist.c index 06d103d6704..dd4c199ef76 100644 --- a/ext/opcache/zend_persist.c +++ b/ext/opcache/zend_persist.c @@ -1089,7 +1089,9 @@ zend_persistent_script *zend_accel_script_persist(zend_persistent_script *script } ZEND_HASH_FOREACH_END(); zend_persist_op_array_ex(&script->script.main_op_array, script); - ZCSG(map_ptr_last) = CG(map_ptr_last); + if (for_shm) { + ZCSG(map_ptr_last) = CG(map_ptr_last); + } script->corrupted = 0; ZCG(current_persistent_script) = NULL; From 36d5fbbd6bceb1e0e1130bb1fff07a702d548594 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 2 Jan 2020 14:56:39 +0100 Subject: [PATCH 2/2] Fix file cache run_time_cache unserialization If the script was serialized as file_cache_only (thus non-immutable) and then gets unserialized into SHM, we need to allocate a new run_time_cache slot and can't use the serialized arena pointer. --- ext/opcache/zend_file_cache.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ext/opcache/zend_file_cache.c b/ext/opcache/zend_file_cache.c index 6d49b8b9508..6b8ef20434a 100644 --- a/ext/opcache/zend_file_cache.c +++ b/ext/opcache/zend_file_cache.c @@ -1237,7 +1237,15 @@ static void zend_file_cache_unserialize_op_array(zend_op_array *op_arr ZEND_MAP_PTR_NEW(op_array->run_time_cache); } else { ZEND_MAP_PTR_INIT(op_array->static_variables_ptr, &op_array->static_variables); - UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache)); + if (ZEND_MAP_PTR(op_array->run_time_cache)) { + if (script->corrupted) { + /* Not in SHM: Use serialized arena pointer. */ + UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache)); + } else { + /* In SHM: Allocate new pointer. */ + ZEND_MAP_PTR_NEW(op_array->run_time_cache); + } + } } } }