You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
preload_load() accesses EG(function_table) and EG(class_table), but these may be uninitialized at this point. For instance, when preloading is done in a sub-process, these variables are uninitialized when the parent calls preload_load().
The update of EG(persistent_constants_count), EG(persistent_functions_count), EG(persistent_classes_count) is only necessary when preload_load() is invoked in accel_preload(), and preloading doesn't fork, because in this case, shutdown will truncate global symbol tables after the preloading request.
There are two possible sequences during preloading:
Forking: (opcache.preload_user is set)
In the parent: fork(), waitpid(), preload_load()
In the child: php_request_startup(), execute/persist, php_request_shutdown()
Non-forking:
In the same process: php_request_startup(), execute/persist, preload_load(), php_request_shutdown()
preload_load() reads EG(class_table) and updates EG(persistent_classes_count).
EG(class_table) is only initialized by init_executor(), during php_request_startup(). Therefore the forking case may access an uninitialized EG(class_table) in the parent, as php_request_startup() is not called.
I think this has gone unnoticed because EG points to a freshly allocated large block, which is likely all zeros. But after an apache restart cycle, EG is more likely to be allocated from recycled memory.
So we can not update EG(persistent_classes_count) in preload_load(), as EG(class_table) may be uninitialized.
It is not necessary to update it in the forking case, as the next init_executor() call will initialize it, so we can remove that from preload_load().
However it's necessary in the non-forking case, as php_request_shutdown() would remove the preloaded symbols before init_executor(). So I moved the EG(persistent_classes_count) update just after the execute/persist step.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Found while looking at GH-20051.
preload_load()accessesEG(function_table)andEG(class_table), but these may be uninitialized at this point. For instance, when preloading is done in a sub-process, these variables are uninitialized when the parent callspreload_load().The update of
EG(persistent_constants_count),EG(persistent_functions_count),EG(persistent_classes_count)is only necessary whenpreload_load()is invoked inaccel_preload(), and preloading doesn't fork, because in this case, shutdown will truncate global symbol tables after the preloading request.