search

php / php-src

The PHP Interpreter
https://www.php.net
Other
37.93k stars 7.72k forks source link

Member access within misaligned address in ext/opcache/jit/zend_jit_vm_helpers.c #15481

Closed YuanchengJiang closed 2 weeks ago

YuanchengJiang commented 3 weeks ago

Description

The following code:

<?php
$xw = new XMLWriter();
$xw->openMemory();
$xw->setIndent(TRUE);
$xw->startDocument(NULL, "UTF-8");
$xw->writeDtdElement('sxe', '(elem1+, elem11, elem22*)');
$xw->writeDtdAttlist('sxe', 'id     CDATA  #implied');
$xw->startDtdElement('elem1');
$xw->text('elem2*');
$xw->endDtdElement();
$xw->startDtdAttlist('elem1');
$xw->text("attr1  CDATA  #required\n");
$xw->text('attr2  CDATA  #implied');
$xw->endDtdAttlist();
$xw->endDocument();
// Force to write and empty the buffer
$output = $xw->flush(true);
print $output;
$v1 = $xw;
var_dump(Loader::getCounter());

Resulted in this output:

/php-src/ext/opcache/jit/zend_jit_vm_helpers.c:252:17: runtime error: member access within misaligned address 0x940f00f9834807e1 for type 'struct zend_jit_op_array_hot_extension', which requires 8 byte alignment
0x940f00f9834807e1: note: pointer points here
<memory cannot be printed>
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/opcache/jit/zend_jit_vm_helpers.c:252:17 in

To reproduce:

php -d "extension_dir=/php-src/modules/" -d "zend_extension=/php-src/modules/opcache.so" -d "opcache.enable=1" -d "opcache.enable_cli=1" -d "opcache.jit=1235" ./test.php

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

cmb69 commented 3 weeks ago

I can't reproduce, but it seems that can only happen with preloading which is not supported on Windows anyway.

iluuu1994 commented 3 weeks ago

I can confirm that GH-15545 also solves this one.

iluuu1994 commented 2 weeks ago

Forgot to reference it in the commit, but this is also fixed by https://github.com/php/php-src/commit/b839c5f1af68f366fbb66651e0b4821d76eb3fcb.