Fix GH-18112: NULL access with preloading and INI option

Preloading shutdown calls request shutdown which will deactivate the virtual cwd state. However, further startup code still assumes the state that was set by virtual_cwd_startup(). So we need to reactivate it manually. Creating a test was a bit difficult because the INI setting I wanted to test this with is overridden by the test runner apparently. To reproduce the issue, create an empty file test.php and execute this in a ZTS build: `php -d opcache.preload=./ext/opcache/tests/preload_class_alias_2.inc -d "error_log=" -d "allow_url_include=1" test.php` Closes GH-18117.
2025-08-15 21:48:51 +02:00 · 2025-03-19 23:33:40 +01:00 · 2025-03-19 23:33:40 +01:00 · e9c0296240
commit e9c0296240
parent d9329b1522
2 changed files with 8 additions and 0 deletions
--- a/3
+++ b/3
@ -34,6 +34,9 @@ PHP                                                                        NEWS
  . Fixed bug GH-17989 (mb_output_handler crash with unset
    http_output_conv_mimetypes). (nielsdos)

+- Opcache:
+  . Fixed bug GH-18112 (NULL access with preloading and INI option). (nielsdos)
+
 - SPL:
  . Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in
    ArrayObject). (nielsdos)
--- a/ext/opcache/ZendAccelerator.c
+++ b/ext/opcache/ZendAccelerator.c
@ -4662,6 +4662,11 @@ static zend_result accel_finish_startup_preload(bool in_child)
 		EG(class_table) = NULL;
 		EG(function_table) = NULL;
 		PG(report_memleaks) = orig_report_memleaks;
+#ifdef ZTS
+		/* Reset the virtual CWD state back to the original state created by virtual_cwd_startup().
+		 * This is necessary because the normal startup code assumes the CWD state is active. */
+		virtual_cwd_activate();
+#endif
 	} else {
 		zend_shared_alloc_unlock();
 		ret = FAILURE;