From e9c029624031a4ce53e75f5a05997c7b95decad4 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Wed, 19 Mar 2025 23:33:40 +0100 Subject: [PATCH] Fix GH-18112: NULL access with preloading and INI option Preloading shutdown calls request shutdown which will deactivate the virtual cwd state. However, further startup code still assumes the state that was set by virtual_cwd_startup(). So we need to reactivate it manually. Creating a test was a bit difficult because the INI setting I wanted to test this with is overridden by the test runner apparently. To reproduce the issue, create an empty file test.php and execute this in a ZTS build: `php -d opcache.preload=./ext/opcache/tests/preload_class_alias_2.inc -d "error_log=" -d "allow_url_include=1" test.php` Closes GH-18117. --- NEWS | 3 +++ ext/opcache/ZendAccelerator.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/NEWS b/NEWS index 46510db971e..d639cd27f0c 100644 --- a/NEWS +++ b/NEWS @@ -34,6 +34,9 @@ PHP NEWS . Fixed bug GH-17989 (mb_output_handler crash with unset http_output_conv_mimetypes). (nielsdos) +- Opcache: + . Fixed bug GH-18112 (NULL access with preloading and INI option). (nielsdos) + - SPL: . Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in ArrayObject). (nielsdos) diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c index eac5cbbc41f..e3f7ca18151 100644 --- a/ext/opcache/ZendAccelerator.c +++ b/ext/opcache/ZendAccelerator.c @@ -4662,6 +4662,11 @@ static zend_result accel_finish_startup_preload(bool in_child) EG(class_table) = NULL; EG(function_table) = NULL; PG(report_memleaks) = orig_report_memleaks; +#ifdef ZTS + /* Reset the virtual CWD state back to the original state created by virtual_cwd_startup(). + * This is necessary because the normal startup code assumes the CWD state is active. */ + virtual_cwd_activate(); +#endif } else { zend_shared_alloc_unlock(); ret = FAILURE;