diff options
| author | Sammy Kaye Powers <sammyk@php.net> | 2020-07-10 10:20:40 -0700 |
|---|---|---|
| committer | Sammy Kaye Powers <sammyk@php.net> | 2020-09-09 12:08:19 -0700 |
| commit | 2d4aa1ef3d04ec85a15ae426ffdaa4f2fb0f1556 (patch) | |
| tree | a4679dd8601b73e57fac27447d662a94ff4533c8 | |
| parent | 5dcb8f2f1cd84cab83b7713efcbafeeb629b8b5b (diff) | |
| download | php-git-2d4aa1ef3d04ec85a15ae426ffdaa4f2fb0f1556.tar.gz | |
Fix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers
Modules may have changed after restart which can cause dangling pointers from custom opcode handlers in the second-level cache files. This fix includes the installed module names and versions in the accel_system_id hash as entropy. Closes GH-5836
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/opcache/ZendAccelerator.c | 16 |
2 files changed, 18 insertions, 0 deletions
@@ -18,6 +18,8 @@ PHP NEWS - OPcache: . Fixed bug #80002 (calc free space for new interned string is wrong). (t-matsuno) + . Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode + handlers changed). (SammyK) - PDO: . Fixed bug #80027 (Terrible performance using $query->fetch on queries with diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c index dd4808bb17..3c6a1ae689 100644 --- a/ext/opcache/ZendAccelerator.c +++ b/ext/opcache/ZendAccelerator.c @@ -2692,6 +2692,9 @@ static void accel_gen_system_id(void) unsigned char digest[16], c; char *md5str = ZCG(system_id); int i; + zend_module_entry *module; + zend_extension *extension; + zend_llist_position pos; PHP_MD5Init(&context); PHP_MD5Update(&context, PHP_VERSION, sizeof(PHP_VERSION)-1); @@ -2702,6 +2705,19 @@ static void accel_gen_system_id(void) PHP_MD5Update(&context, __DATE__, sizeof(__DATE__)-1); PHP_MD5Update(&context, __TIME__, sizeof(__TIME__)-1); } + /* Modules may have changed after restart which can cause dangling pointers from + * custom opcode handlers in the second-level cache files + */ + ZEND_HASH_FOREACH_PTR(&module_registry, module) { + PHP_MD5Update(&context, module->name, strlen(module->name)); + PHP_MD5Update(&context, module->version, strlen(module->version)); + } ZEND_HASH_FOREACH_END(); + extension = (zend_extension *) zend_llist_get_first_ex(&zend_extensions, &pos); + while (extension) { + PHP_MD5Update(&context, extension->name, strlen(extension->name)); + PHP_MD5Update(&context, extension->version, strlen(extension->version)); + extension = (zend_extension *) zend_llist_get_next_ex(&zend_extensions, &pos); + } PHP_MD5Final(digest, &context); for (i = 0; i < 16; i++) { c = digest[i] >> 4; |