From 90f2e7607a7a9da1c50f3588adc79e189fd66349 Mon Sep 17 00:00:00 2001 From: Sergei Turchanov Date: Wed, 11 Oct 2023 16:57:18 +1000 Subject: [PATCH] Reset inheritance_cache pointer of zend_class_entry upon serialization (#12401) to opcache filecache. Usually, when a class is being loaded, a dependency tracking is performed after the call to zend_file_cache_script_store. But sometimes, when opcache cache is empty and there are many simultaneous outstanding requests for compilation, some classes do have their inheritance_cache initialized before the call to zend_file_cache_script_store, and in that case this pointer is serialized as-is. And when such a class is loaded from opcache filecache this pointer also loaded as-is, and now it points to some random location in memory. This causes segfaults occuring when traversing inheritance_cache of such classes. We need to reset inheritance_cache pointer of zend_class_entry upon serialization. This should have been done anyway since it is a sensible strategy to sanitize any memory pointer upon serialization (either by calling SERIALIZE_x macros or setting to NULL or any other deterministic value). --- ext/opcache/zend_file_cache.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/opcache/zend_file_cache.c b/ext/opcache/zend_file_cache.c index bcee38079b3..7b4b4cbb121 100644 --- a/ext/opcache/zend_file_cache.c +++ b/ext/opcache/zend_file_cache.c @@ -867,6 +867,8 @@ static void zend_file_cache_serialize_class(zval *zv, ZEND_MAP_PTR_INIT(ce->static_members_table, NULL); ZEND_MAP_PTR_INIT(ce->mutable_data, NULL); + + ce->inheritance_cache = NULL; } static void zend_file_cache_serialize_warnings(