search

php / php-src

The PHP Interpreter
https://www.php.net
Other
38.13k stars 7.74k forks source link

PHP Crashs When Execution For Function Calls Opcodes #16138

Closed tahaghafuri closed 2 weeks ago

tahaghafuri commented 2 weeks ago

Description

The following code:

<?php
file_put_contents("output.txt", "This is some content to write to a file.");

Resulted in this output: The PHP Crashs,

static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_FCALL_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
{
    USE_OPLINE
    zval *fname;
    zval *func;
    zend_function *fbc;
    zend_execute_data *call;

    fbc = CACHED_PTR(opline->result.num);
    if (UNEXPECTED(fbc == NULL)) {
        fname = (zval*)RT_CONSTANT(opline, opline->op2);
        func = zend_hash_find_known_hash(EG(function_table), Z_STR_P(fname));
        ZEND_ASSERT(func != NULL && "Function existence must be checked at compile time");
        fbc = Z_FUNC_P(func); <<<<-- IS NULL
        if (EXPECTED(fbc->type == ZEND_USER_FUNCTION) && UNEXPECTED(!RUN_TIME_CACHE(&fbc->op_array))) {
            init_func_run_time_cache(&fbc->op_array);
        }
        CACHE_PTR(opline->result.num, fbc);
    }

    call = _zend_vm_stack_push_call_frame_ex(
        opline->op1.num, ZEND_CALL_NESTED_FUNCTION,
        fbc, opline->extended_value, NULL);
    call->prev_execute_data = EX(call);
    EX(call) = call;

    ZEND_VM_NEXT_OPCODE();
}

image Crash Point: image

But I expected this output instead:

Write Sample Content To File.

Also I Think The PHP Needs Check Function Existence At Execution Time, If Not Exist Show Error.

PHP Version

PHP 8.3.12

Operating System

Windows 11

nielsdos commented 2 weeks ago

This should not be possible to hit, can you share your php.ini? Are you using features like disable_functions?

tahaghafuri commented 2 weeks ago

I don't use disable_functions.

tahaghafuri commented 2 weeks ago

php.zip This Is My Own PHP.ini

nielsdos commented 2 weeks ago

An extension may be interfering with your code. Can you try to disable the following extensions in php.ini by commenting out their line?

tahaghafuri commented 2 weeks ago

I made a php accelerator, but when the oparray is built from the cache it crashes to call the functions. Proginow Is My Private PHP Accelerator.

tahaghafuri commented 2 weeks ago

When ZEND_INIT_FCALL This Crash Will Be Showed.

tahaghafuri commented 2 weeks ago

I Also Checked All Parameters Is Correct

nielsdos commented 2 weeks ago

The problem is likely in your own code, not in PHP's VM. If your accelerator breaks assumptions of the VM then the issue should be fixed in your accelerator. I suppose the code works fine when you disable your accelerator?

tahaghafuri commented 2 weeks ago

Its Work Without Accelerators.I even compared oparray but I didn't find any difference in it.

nielsdos commented 2 weeks ago

Since the issue is not within PHP and this bugtracker does not provide support for third party code I'm going to close this issue now. Some things you can look for:

tahaghafuri commented 2 weeks ago

image But ZEND_INIT_FCALL breaks the vm.All Other Opcodes Is Correctly Executed.