From b50898894d885eb4a95e6ff88f90ab56f9c8c03c Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 22 Jun 2025 16:03:45 +0200 Subject: [PATCH 1/8] Unbreak PRINTF_DEBUG macro usages Clearly nobody has used this in a while given the compile errors and warnings. This patch fixes them so there are no errors nor warnings anymore. Closes GH-18910. --- ext/standard/formatted_print.c | 46 ++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c index b988422df21ca..00445d3cca7c7 100644 --- a/ext/standard/formatted_print.c +++ b/ext/standard/formatted_print.c @@ -52,10 +52,10 @@ inline static void php_sprintf_appendchar(zend_string **buffer, size_t *pos, char add) { if ((*pos + 1) >= ZSTR_LEN(*buffer)) { - PRINTF_DEBUG(("%s(): ereallocing buffer to %d bytes\n", get_active_function_name(), ZSTR_LEN(*buffer))); + PRINTF_DEBUG(("%s(): ereallocing buffer to %zu bytes\n", get_active_function_name(), ZSTR_LEN(*buffer))); *buffer = zend_string_extend(*buffer, ZSTR_LEN(*buffer) << 1, 0); } - PRINTF_DEBUG(("sprintf: appending '%c', pos=\n", add, *pos)); + PRINTF_DEBUG(("sprintf: appending '%c', pos=%zu\n", add, *pos)); ZSTR_VAL(*buffer)[(*pos)++] = add; } /* }}} */ @@ -67,13 +67,13 @@ php_sprintf_appendchars(zend_string **buffer, size_t *pos, char *add, size_t len if ((*pos + len) >= ZSTR_LEN(*buffer)) { size_t nlen = ZSTR_LEN(*buffer); - PRINTF_DEBUG(("%s(): ereallocing buffer to %d bytes\n", get_active_function_name(), ZSTR_LEN(*buffer))); + PRINTF_DEBUG(("%s(): ereallocing buffer to %zu bytes\n", get_active_function_name(), ZSTR_LEN(*buffer))); do { nlen = nlen << 1; } while ((*pos + len) >= nlen); *buffer = zend_string_extend(*buffer, nlen, 0); } - PRINTF_DEBUG(("sprintf: appending \"%s\", pos=\n", add, *pos)); + PRINTF_DEBUG(("sprintf: appending \"%s\", pos=%zu\n", add, *pos)); memcpy(ZSTR_VAL(*buffer) + (*pos), add, len); *pos += len; } @@ -93,7 +93,7 @@ php_sprintf_appendstring(zend_string **buffer, size_t *pos, char *add, copy_len = (expprec ? MIN(max_width, len) : len); npad = (min_width < copy_len) ? 0 : min_width - copy_len; - PRINTF_DEBUG(("sprintf: appendstring(%x, %d, %d, \"%s\", %d, '%c', %d)\n", + PRINTF_DEBUG(("sprintf: appendstring(%p, %zu, %zu, \"%s\", %zu, '%c', %zu)\n", *buffer, *pos, ZSTR_LEN(*buffer), add, min_width, padding, alignment)); m_width = MAX(min_width, copy_len); @@ -111,7 +111,7 @@ php_sprintf_appendstring(zend_string **buffer, size_t *pos, char *add, } size <<= 1; } - PRINTF_DEBUG(("sprintf ereallocing buffer to %d bytes\n", size)); + PRINTF_DEBUG(("sprintf ereallocing buffer to %zu bytes\n", size)); *buffer = zend_string_extend(*buffer, size, 0); } if (alignment == ALIGN_RIGHT) { @@ -146,8 +146,8 @@ php_sprintf_appendint(zend_string **buffer, size_t *pos, zend_long number, zend_ulong magn, nmagn; unsigned int i = NUM_BUF_SIZE - 1, neg = 0; - PRINTF_DEBUG(("sprintf: appendint(%x, %x, %x, %d, %d, '%c', %d)\n", - *buffer, pos, &ZSTR_LEN(*buffer), number, width, padding, alignment)); + PRINTF_DEBUG(("sprintf: appendint(%p, %zu, %zu, " ZEND_LONG_FMT ", %zu, '%c', %zu)\n", + *buffer, *pos, ZSTR_LEN(*buffer), number, width, padding, alignment)); if (number < 0) { neg = 1; magn = ((zend_ulong) -(number + 1)) + 1; @@ -172,7 +172,7 @@ php_sprintf_appendint(zend_string **buffer, size_t *pos, zend_long number, } else if (always_sign) { numbuf[--i] = '+'; } - PRINTF_DEBUG(("sprintf: appending %d as \"%s\", i=%d\n", + PRINTF_DEBUG(("sprintf: appending " ZEND_LONG_FMT " as \"%s\", i=%u\n", number, &numbuf[i], i)); php_sprintf_appendstring(buffer, pos, &numbuf[i], width, 0, padding, alignment, (NUM_BUF_SIZE - 1) - i, @@ -190,8 +190,8 @@ php_sprintf_appenduint(zend_string **buffer, size_t *pos, zend_ulong magn, nmagn; unsigned int i = NUM_BUF_SIZE - 1; - PRINTF_DEBUG(("sprintf: appenduint(%x, %x, %x, %d, %d, '%c', %d)\n", - *buffer, pos, &ZSTR_LEN(*buffer), number, width, padding, alignment)); + PRINTF_DEBUG(("sprintf: appenduint(%p, %zu, %zu, " ZEND_LONG_FMT ", %zu, '%c', %zu)\n", + *buffer, *pos, ZSTR_LEN(*buffer), number, width, padding, alignment)); magn = (zend_ulong) number; /* Can't right-pad 0's on integers */ @@ -206,7 +206,7 @@ php_sprintf_appenduint(zend_string **buffer, size_t *pos, magn = nmagn; } while (magn > 0 && i > 0); - PRINTF_DEBUG(("sprintf: appending %d as \"%s\", i=%d\n", number, &numbuf[i], i)); + PRINTF_DEBUG(("sprintf: appending " ZEND_LONG_FMT " as \"%s\", i=%d\n", number, &numbuf[i], i)); php_sprintf_appendstring(buffer, pos, &numbuf[i], width, 0, padding, alignment, (NUM_BUF_SIZE - 1) - i, /* neg */ false, 0, 0); } @@ -232,8 +232,8 @@ php_sprintf_appenddouble(zend_string **buffer, size_t *pos, struct lconv *lconv; #endif - PRINTF_DEBUG(("sprintf: appenddouble(%x, %x, %x, %f, %d, '%c', %d, %c)\n", - *buffer, pos, &ZSTR_LEN(*buffer), number, width, padding, alignment, fmt)); + PRINTF_DEBUG(("sprintf: appenddouble(%p, %zu, %zu, %f, %zu, '%c', %zu, %c)\n", + *buffer, *pos, ZSTR_LEN(*buffer), number, width, padding, alignment, fmt)); if ((adjust & ADJ_PRECISION) == 0) { precision = FLOAT_PRECISION; } else if (precision > MAX_FLOAT_PRECISION) { @@ -330,8 +330,8 @@ php_sprintf_append2n(zend_string **buffer, size_t *pos, zend_long number, zend_ulong i = NUM_BUF_SIZE - 1; int andbits = (1 << n) - 1; - PRINTF_DEBUG(("sprintf: append2n(%x, %x, %x, %d, %d, '%c', %d, %d, %x)\n", - *buffer, pos, &ZSTR_LEN(*buffer), number, width, padding, alignment, n, + PRINTF_DEBUG(("sprintf: append2n(%p, %zu, %zu, " ZEND_LONG_FMT ", %zu, '%c', %zu, %d, %p)\n", + *buffer, *pos, ZSTR_LEN(*buffer), number, width, padding, alignment, n, chartable)); PRINTF_DEBUG(("sprintf: append2n 2^%d andbits=%x\n", n, andbits)); @@ -363,7 +363,7 @@ php_sprintf_getnumber(char **buffer, size_t *len) *len -= i; *buffer = endptr; } - PRINTF_DEBUG(("sprintf_getnumber: number was %d bytes long\n", i)); + PRINTF_DEBUG(("sprintf_getnumber: number was %zu bytes long\n", i)); if (num >= INT_MAX || num < 0) { return -1; @@ -431,6 +431,10 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n int always_sign; int max_missing_argnum = -1; + /* For debugging */ + const char *format_orig = format; + ZEND_IGNORE_VALUE(format_orig); + result = zend_string_alloc(size, 0); currarg = 0; @@ -464,8 +468,8 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n always_sign = 0; expprec = 0; - PRINTF_DEBUG(("sprintf: first looking at '%c', inpos=%d\n", - *format, format - Z_STRVAL_P(z_format))); + PRINTF_DEBUG(("sprintf: first looking at '%c', inpos=%zu\n", + *format, format - format_orig)); if (isalpha((int)*format)) { width = precision = 0; argnum = ARG_NUM_NEXT; @@ -478,8 +482,8 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n /* after argnum comes modifiers */ PRINTF_DEBUG(("sprintf: looking for modifiers\n" - "sprintf: now looking at '%c', inpos=%d\n", - *format, format - Z_STRVAL_P(z_format))); + "sprintf: now looking at '%c', inpos=%zu\n", + *format, format - format_orig)); for (;; format++, format_len--) { if (*format == ' ' || *format == '0') { padding = *format; From 799ec7b8c50440f851d823d5c4b68f430234149b Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 22 Jun 2025 16:29:19 +0200 Subject: [PATCH 2/8] Fix misleading errors in printf() The precision and width _can_ be zero. Closes GH-18911. --- NEWS | 3 +++ ext/standard/formatted_print.c | 6 +++--- ext/standard/tests/strings/sprintf_star.phpt | 16 +++++++++++++++- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index fd344ee94c72e..1010209696243 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,9 @@ PHP NEWS - MbString: . Fixed bug GH-18901 (integer overflow mb_split). (nielsdos) +- Standard: + . Fix misleading errors in printf(). (nielsdos) + - Streams: . Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter fatal error). (Jakub Zelenka) diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c index 00445d3cca7c7..1ff0f36212bbf 100644 --- a/ext/standard/formatted_print.c +++ b/ext/standard/formatted_print.c @@ -534,7 +534,7 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n goto fail; } if (Z_LVAL_P(tmp) < 0 || Z_LVAL_P(tmp) > INT_MAX) { - zend_value_error("Width must be greater than zero and less than %d", INT_MAX); + zend_value_error("Width must be between 0 and %d", INT_MAX); goto fail; } width = Z_LVAL_P(tmp); @@ -542,7 +542,7 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n } else if (isdigit((int)*format)) { PRINTF_DEBUG(("sprintf: getting width\n")); if ((width = php_sprintf_getnumber(&format, &format_len)) < 0) { - zend_value_error("Width must be greater than zero and less than %d", INT_MAX); + zend_value_error("Width must be between 0 and %d", INT_MAX); goto fail; } adjusting |= ADJ_WIDTH; @@ -586,7 +586,7 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n expprec = 1; } else if (isdigit((int)*format)) { if ((precision = php_sprintf_getnumber(&format, &format_len)) < 0) { - zend_value_error("Precision must be greater than zero and less than %d", INT_MAX); + zend_value_error("Precision must be between 0 and %d", INT_MAX); goto fail; } adjusting |= ADJ_PRECISION; diff --git a/ext/standard/tests/strings/sprintf_star.phpt b/ext/standard/tests/strings/sprintf_star.phpt index 0e3e16c326420..0c8a211e5c437 100644 --- a/ext/standard/tests/strings/sprintf_star.phpt +++ b/ext/standard/tests/strings/sprintf_star.phpt @@ -62,6 +62,18 @@ try { echo $e->getMessage(), "\n"; } +try { + printf("%9999999999999999999999.f\n", $f); +} catch (ValueError $e) { + echo $e->getMessage(), "\n"; +} + +try { + printf("%.9999999999999999999999f\n", $f); +} catch (ValueError $e) { + echo $e->getMessage(), "\n"; +} + ?> --EXPECT-- float(1.2345678901234567) @@ -95,4 +107,6 @@ foo Precision must be an integer Precision must be between -1 and 2147483647 Precision -1 is only supported for %g, %G, %h and %H -Width must be greater than zero and less than 2147483647 +Width must be between 0 and 2147483647 +Width must be between 0 and 2147483647 +Precision must be between 0 and 2147483647 From 8e731ca622bfc2cf26375c950fdd58ccae2f999f Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 22 Jun 2025 20:18:55 +0200 Subject: [PATCH 3/8] Fix GH-18639: Internal class aliases can break preloading + JIT ZEND_FUNC_INFO() can not be used on internal CE's. If preloading makes a CE that's an alias of an internal class, the invalid access happens when setting the FUNC_INFO. While we could check the class type to be of user code, we can just skip aliases altogether anyway which may be faster. Closes GH-18915. --- NEWS | 4 ++++ ext/opcache/jit/zend_jit.c | 10 +++++++++- ext/opcache/tests/gh18639.phpt | 20 ++++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 ext/opcache/tests/gh18639.phpt diff --git a/NEWS b/NEWS index 1010209696243..b453445854f95 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,10 @@ PHP NEWS - MbString: . Fixed bug GH-18901 (integer overflow mb_split). (nielsdos) +- Opcache: + . Fixed bug GH-18639 (Internal class aliases can break preloading + JIT). + (nielsdos) + - Standard: . Fix misleading errors in printf(). (nielsdos) diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c index 9adfe1719f626..7caa3387016e7 100644 --- a/ext/opcache/jit/zend_jit.c +++ b/ext/opcache/jit/zend_jit.c @@ -4628,8 +4628,16 @@ ZEND_EXT_API int zend_jit_script(zend_script *script) || JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE) { zend_class_entry *ce; zend_op_array *op_array; + zval *zv; + + ZEND_HASH_MAP_FOREACH_VAL(&script->class_table, zv) { + if (Z_TYPE_P(zv) == IS_ALIAS_PTR) { + continue; + } + + ce = Z_PTR_P(zv); + ZEND_ASSERT(ce->type == ZEND_USER_CLASS); - ZEND_HASH_MAP_FOREACH_PTR(&script->class_table, ce) { ZEND_HASH_MAP_FOREACH_PTR(&ce->function_table, op_array) { if (!ZEND_FUNC_INFO(op_array)) { void *jit_extension = zend_shared_alloc_get_xlat_entry(op_array->opcodes); diff --git a/ext/opcache/tests/gh18639.phpt b/ext/opcache/tests/gh18639.phpt new file mode 100644 index 0000000000000..28424032931ab --- /dev/null +++ b/ext/opcache/tests/gh18639.phpt @@ -0,0 +1,20 @@ +--TEST-- +GH-18639 (Internal class aliases can break preloading + JIT) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.jit=1255 +opcache.jit_buffer_size=16M +opcache.preload={PWD}/preload_gh18567.inc +--EXTENSIONS-- +opcache +--SKIPIF-- + +--FILE-- + +--EXPECT-- +ok From 56c4ddfaf62ff3935029847bb6fb44768f4b9452 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 22 Jun 2025 09:43:08 +0200 Subject: [PATCH 4/8] Fix GH-18899: JIT function crash when emitting undefined variable warning and opline is not set yet The crash happens because EX(opline) is attempted to be accessed but it's not set yet. Closes GH-18904. --- NEWS | 2 ++ ext/opcache/jit/zend_jit_ir.c | 2 ++ ext/opcache/tests/jit/gh18899.phpt | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 ext/opcache/tests/jit/gh18899.phpt diff --git a/NEWS b/NEWS index 2e969e0830f41..f71edaedb61c0 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,8 @@ PHP NEWS - Opcache: . Fixed bug GH-18639 (Internal class aliases can break preloading + JIT). (nielsdos) + . Fixed bug GH-18899 (JIT function crash when emitting undefined variable + warning and opline is not set yet). (nielsdos) - Standard: . Fix misleading errors in printf(). (nielsdos) diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c index 74fad38ffee87..6afd768321cb3 100644 --- a/ext/opcache/jit/zend_jit_ir.c +++ b/ext/opcache/jit/zend_jit_ir.c @@ -5981,6 +5981,7 @@ static int zend_jit_long_math_helper(zend_jit_ctx *jit, ir_IF_FALSE_cold(if_def); // zend_error_unchecked(E_WARNING, "Undefined variable $%S", CV_DEF_OF(EX_VAR_TO_NUM(opline->op1.var))); + jit_SET_EX_OPLINE(jit, opline); ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_undefined_op_helper), ir_CONST_U32(opline->op1.var)); ref2 = jit_EG(uninitialized_zval); @@ -5997,6 +5998,7 @@ static int zend_jit_long_math_helper(zend_jit_ctx *jit, ir_IF_FALSE_cold(if_def); // zend_error_unchecked(E_WARNING, "Undefined variable $%S", CV_DEF_OF(EX_VAR_TO_NUM(opline->op2.var))); + jit_SET_EX_OPLINE(jit, opline); ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_undefined_op_helper), ir_CONST_U32(opline->op2.var)); ref2 = jit_EG(uninitialized_zval); diff --git a/ext/opcache/tests/jit/gh18899.phpt b/ext/opcache/tests/jit/gh18899.phpt new file mode 100644 index 0000000000000..47c9a3e1ae379 --- /dev/null +++ b/ext/opcache/tests/jit/gh18899.phpt @@ -0,0 +1,21 @@ +--TEST-- +GH-18899 (JIT function crash when emitting undefined variable warning and opline is not set yet) +--EXTENSIONS-- +opcache +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.jit=1205 +opcache.jit_buffer_size=8M +--FILE-- +>= 8; + } +} +str_repeat("A",232).ptr2str(); +?> +--EXPECTF-- +Warning: Undefined variable $ptr in %s on line %d From 591b3249da3f7dbad91685b1dc78efa733d28b85 Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Mon, 23 Jun 2025 21:44:58 +0200 Subject: [PATCH 5/8] Do not use RTLD_DEEPBIND if dlmopen is available (#18612) DL_LOAD now doesn't use RTLD_DEEPBIND deepbind anymore on platforms where dlmopen with LM_ID_NEWLM is available: this means shared library symbol isolation (if needed) must be enabled on the user side when requiring libphp.so, by using dlmopen with LM_ID_NEWLM instead of dlopen. RTLD_DEEPBIND is still enabled when the Apache SAPI is in use. Closes GH-10670. --- NEWS | 1 + UPGRADING.INTERNALS | 6 ++++++ Zend/zend_API.c | 7 +++++++ Zend/zend_API.h | 2 ++ Zend/zend_portability.h | 7 ++++++- sapi/apache2handler/sapi_apache2.c | 1 + 6 files changed, 23 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 1ce8ce754adc9..65fb408ddaacf 100644 --- a/NEWS +++ b/NEWS @@ -58,6 +58,7 @@ PHP NEWS . Added the pipe (|>) operator. (crell) . Added support for `final` with constructor property promotion. (DanielEScherzer) + . Do not use RTLD_DEEPBIND if dlmopen is available. (Daniil Gentili) - Curl: . Added curl_multi_get_handles(). (timwolla) diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 432754528f09a..47482d40d0b8d 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -17,6 +17,12 @@ PHP 8.5 INTERNALS UPGRADE NOTES - Core . PG(arg_separator).input and PG(arg_separator).output are now `zend_string*` instead of `char*`. + . DL_LOAD now doesn't use RTLD_DEEPBIND deepbind anymore on platforms + where dlmopen with LM_ID_NEWLM is available: + this means shared library symbol isolation (if needed) must be enabled on + the user side when requiring libphp.so, by using dlmopen with LM_ID_NEWLM + instead of dlopen. + RTLD_DEEPBIND is still enabled when the Apache SAPI is in use. - Zend . Added zend_safe_assign_to_variable_noref() function to safely assign diff --git a/Zend/zend_API.c b/Zend/zend_API.c index e0006e7d7275f..d29fe8ae8e3c3 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -40,6 +40,8 @@ /* these variables are true statics/globals, and have to be mutex'ed on every access */ ZEND_API HashTable module_registry; +ZEND_API bool zend_dl_use_deepbind = false; + static zend_module_entry **module_request_startup_handlers; static zend_module_entry **module_request_shutdown_handlers; static zend_module_entry **module_post_deactivate_handlers; @@ -47,6 +49,11 @@ static zend_module_entry **modules_dl_loaded; static zend_class_entry **class_cleanup_handlers; +ZEND_API void zend_set_dl_use_deepbind(bool use_deepbind) +{ + zend_dl_use_deepbind = use_deepbind; +} + ZEND_API zend_result zend_get_parameters_array_ex(uint32_t param_count, zval *argument_array) /* {{{ */ { zval *param_ptr; diff --git a/Zend/zend_API.h b/Zend/zend_API.h index a644de8e15134..02ec1b18a6b69 100644 --- a/Zend/zend_API.h +++ b/Zend/zend_API.h @@ -343,6 +343,8 @@ typedef struct _zend_fcall_info_cache { ZEND_API int zend_next_free_module(void); BEGIN_EXTERN_C() +ZEND_API void zend_set_dl_use_deepbind(bool use_deepbind); + ZEND_API zend_result zend_get_parameters_array_ex(uint32_t param_count, zval *argument_array); /* internal function to efficiently copy parameters when executing __call() */ diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 65ce533c753bd..97bd038ecf3d8 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -165,7 +165,12 @@ # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) -# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) +# if defined(LM_ID_NEWLM) + ZEND_API extern bool zend_dl_use_deepbind; +# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (zend_dl_use_deepbind ? RTLD_DEEPBIND : 0)) +# else +# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) +# endif # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL) # endif diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 1d85a92ebf4d8..e87223b055e12 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -466,6 +466,7 @@ php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp { void *data = NULL; const char *userdata_key = "apache2hook_post_config"; + zend_set_dl_use_deepbind(true); /* Apache will load, unload and then reload a DSO module. This * prevents us from starting PHP until the second load. */ From 1e3d92f8a95c17d0fb19c11e17a0cd8c13c18309 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 22 Jun 2025 20:28:02 +0200 Subject: [PATCH 6/8] Fix GH-14082: Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c During persisting, the JIT may trigger and fill in the call graph. The call graph info is allocated on the arena which will be gone after preloading. To prevent invalid accesses during normal requests, the arena data should be cleared. This has to be done after all scripts have been persisted because shared op arrays between scripts can change the call graph. Closes GH-18916. --- NEWS | 2 + ext/opcache/ZendAccelerator.c | 47 +++++++++++++++++++++++ ext/opcache/tests/jit/gh14082.phpt | 23 +++++++++++ ext/opcache/tests/jit/preload_gh14082.inc | 9 +++++ 4 files changed, 81 insertions(+) create mode 100644 ext/opcache/tests/jit/gh14082.phpt create mode 100644 ext/opcache/tests/jit/preload_gh14082.inc diff --git a/NEWS b/NEWS index b453445854f95..34866abfb21d8 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,8 @@ PHP NEWS - Opcache: . Fixed bug GH-18639 (Internal class aliases can break preloading + JIT). (nielsdos) + . Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 + in ext/opcache/jit/zend_jit.c). (nielsdos) - Standard: . Fix misleading errors in printf(). (nielsdos) diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c index bd6b323871bcc..1b0101dbfd6cb 100644 --- a/ext/opcache/ZendAccelerator.c +++ b/ext/opcache/ZendAccelerator.c @@ -52,6 +52,8 @@ #ifdef HAVE_JIT # include "jit/zend_jit.h" +# include "Optimizer/zend_func_info.h" +# include "Optimizer/zend_call_graph.h" #endif #ifndef ZEND_WIN32 @@ -4363,6 +4365,39 @@ static void preload_load(void) } } +#if HAVE_JIT +static void zend_accel_clear_call_graph_ptrs(zend_op_array *op_array) +{ + ZEND_ASSERT(ZEND_USER_CODE(op_array->type)); + zend_func_info *info = ZEND_FUNC_INFO(op_array); + if (info) { + info->caller_info = NULL; + info->callee_info = NULL; + } +} + +static void accel_reset_arena_info(zend_persistent_script *script) +{ + zend_op_array *op_array; + zend_class_entry *ce; + + zend_accel_clear_call_graph_ptrs(&script->script.main_op_array); + ZEND_HASH_MAP_FOREACH_PTR(&script->script.function_table, op_array) { + zend_accel_clear_call_graph_ptrs(op_array); + } ZEND_HASH_FOREACH_END(); + ZEND_HASH_MAP_FOREACH_PTR(&script->script.class_table, ce) { + ZEND_HASH_MAP_FOREACH_PTR(&ce->function_table, op_array) { + if (op_array->scope == ce + && op_array->type == ZEND_USER_FUNCTION + && !(op_array->fn_flags & ZEND_ACC_ABSTRACT) + && !(op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)) { + zend_accel_clear_call_graph_ptrs(op_array); + } + } ZEND_HASH_FOREACH_END(); + } ZEND_HASH_FOREACH_END(); +} +#endif + static zend_result accel_preload(const char *config, bool in_child) { zend_file_handle file_handle; @@ -4568,6 +4603,18 @@ static zend_result accel_preload(const char *config, bool in_child) } ZEND_HASH_FOREACH_END(); ZCSG(saved_scripts)[i] = NULL; +#if HAVE_JIT + /* During persisting, the JIT may trigger and fill in the call graph. + * The call graph info is allocated on the arena which will be gone after preloading. + * To prevent invalid accesses during normal requests, the arena data should be cleared. + * This has to be done after all scripts have been persisted because shared op arrays between + * scripts can change the call graph. */ + accel_reset_arena_info(ZCSG(preload_script)); + for (zend_persistent_script **scripts = ZCSG(saved_scripts); *scripts; scripts++) { + accel_reset_arena_info(*scripts); + } +#endif + zend_shared_alloc_save_state(); accel_interned_strings_save_state(); diff --git a/ext/opcache/tests/jit/gh14082.phpt b/ext/opcache/tests/jit/gh14082.phpt new file mode 100644 index 0000000000000..eba67a096b82c --- /dev/null +++ b/ext/opcache/tests/jit/gh14082.phpt @@ -0,0 +1,23 @@ +--TEST-- +GH-14082 (Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.jit=1235 +opcache.jit_buffer_size=16M +opcache.preload={PWD}/preload_gh14082.inc +--EXTENSIONS-- +opcache +--SKIPIF-- + +--FILE-- + +--EXPECT-- +int(1) +int(1) +ok diff --git a/ext/opcache/tests/jit/preload_gh14082.inc b/ext/opcache/tests/jit/preload_gh14082.inc new file mode 100644 index 0000000000000..f5b11ac621ebe --- /dev/null +++ b/ext/opcache/tests/jit/preload_gh14082.inc @@ -0,0 +1,9 @@ + Date: Mon, 23 Jun 2025 23:43:52 +0200 Subject: [PATCH 7/8] Autotools: Remove obsole Autoconf macros (#18914) These Autoconf macros have been marked as obsolete in PHP-8.4 and now also removed: - PHP_AP_EXTRACT_VERSION - PHP_BUILD_THREAD_SAFE - PHP_DEF_HAVE - PHP_OUTPUT - PHP_TEST_BUILD --- UPGRADING.INTERNALS | 8 ++++- build/php.m4 | 71 --------------------------------------------- 2 files changed, 7 insertions(+), 72 deletions(-) diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 47482d40d0b8d..f421242dba6c6 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -55,12 +55,18 @@ PHP 8.5 INTERNALS UPGRADE NOTES without duplicate build rules. It is up to the SAPI maintainers to ensure that appropriate build rules are created. -- Linux build system changes +- Unix build system changes . libdir is properly set when --libdir (ex: /usr/lib64) and --with-libdir (ex lib64) configure options are used to ${libdir}/php (ex: /usr/lib64/php) . PHP_ODBC_CFLAGS, PHP_ODBC_LFLAGS, PHP_ODBC_LIBS, PHP_ODBC_TYPE preprocessor macros defined by ext/odbc are now defined in php_config.h instead of the build-defs.h header. + . Autoconf macro PHP_AP_EXTRACT_VERSION has been removed. + . Autoconf macro PHP_BUILD_THREAD_SAFE has been removed (set enable_zts + manually). + . Autoconf macro PHP_DEF_HAVE has been removed (use AC_DEFINE). + . Autoconf macro PHP_OUTPUT has been removed (use AC_CONFIG_FILES). + . Autoconf macro PHP_TEST_BUILD has been removed (use AC_* macros). ======================== 3. Module changes diff --git a/build/php.m4 b/build/php.m4 index aa49766fedd7f..8cdf318083fbb 100644 --- a/build/php.m4 +++ b/build/php.m4 @@ -26,15 +26,6 @@ dnl ---------------------------------------------------------------------------- dnl Build system helper macros. dnl ---------------------------------------------------------------------------- -dnl -dnl PHP_DEF_HAVE(what) -dnl -dnl Generates 'AC_DEFINE(HAVE_WHAT, 1, [ ])'. -dnl -AC_DEFUN([PHP_DEF_HAVE], [m4_warn([obsolete], - [The macro 'PHP_DEF_HAVE' is obsolete. Use AC_DEFINE.]) -AC_DEFINE([HAVE_]translit($1,a-z_.-,A-Z___), 1, [ ])]) - dnl dnl PHP_RUN_ONCE(namespace, variable, code) dnl @@ -89,17 +80,6 @@ AC_DEFUN([PHP_SUBST_OLD],[ PHP_SUBST([$1]) ]) -dnl -dnl PHP_OUTPUT(file) -dnl -dnl Adds "file" to the list of files generated by AC_OUTPUT. This macro can be -dnl used several times. This macro is obsolete as of PHP 8.4 in favor of the -dnl default AC_CONFIG_FILES. -dnl -AC_DEFUN([PHP_OUTPUT], -[m4_warn([obsolete], [The macro 'PHP_OUTPUT' is obsolete. Use AC_CONFIG_FILES.]) -AC_CONFIG_FILES([$1])]) - dnl ---------------------------------------------------------------------------- dnl Build system base macros. dnl ---------------------------------------------------------------------------- @@ -743,13 +723,6 @@ dnl ---------------------------------------------------------------------------- dnl Build macros dnl ---------------------------------------------------------------------------- -dnl -dnl PHP_BUILD_THREAD_SAFE -dnl -AC_DEFUN([PHP_BUILD_THREAD_SAFE], [m4_warn([obsolete], - [The macro 'PHP_BUILD_THREAD_SAFE' is obsolete. Set 'enable_zts' manually.]) - enable_zts=yes]) - dnl dnl PHP_REQUIRE_CXX dnl @@ -1518,31 +1491,6 @@ AC_DEFUN([PHP_CHECK_FUNC],[ esac ]) -dnl -dnl PHP_TEST_BUILD(function, action-if-ok, action-if-not-ok [, extra-libs [, extra-source]]) -dnl -dnl This macro checks whether build works and given function exists. -dnl -AC_DEFUN([PHP_TEST_BUILD], [m4_warn([obsolete], - [The macro 'PHP_TEST_BUILD' is obsolete. Use AC_* macros.]) - old_LIBS=$LIBS - LIBS="$4 $LIBS" - AC_LINK_IFELSE([AC_LANG_SOURCE([ - $5 - char $1(void); - int main(void) { - $1(); - return 0; - } - ])],[ - LIBS=$old_LIBS - $2 - ],[ - LIBS=$old_LIBS - $3 - ]) -]) - dnl ---------------------------------------------------------------------------- dnl Platform characteristics checks. dnl ---------------------------------------------------------------------------- @@ -2039,25 +1987,6 @@ AC_DEFUN([PHP_INSTALL_HEADERS], ]) ]) -dnl -dnl PHP_AP_EXTRACT_VERSION(/path/httpd) -dnl -dnl This macro is used to get a comparable version for Apache. -dnl -AC_DEFUN([PHP_AP_EXTRACT_VERSION], [m4_warn([obsolete], - [The macro 'PHP_AP_EXTRACT_VERSION' is obsolete. Use 'apxs -q HTTPD_VERSION']) -AS_IF([test -x "$1"], [ - ac_output=$($1 -v 2>&1 | grep version | $SED -e 's/Oracle-HTTP-//') - ac_IFS=$IFS -IFS="- /. -" - set $ac_output - IFS=$ac_IFS - - APACHE_VERSION=$(expr [$]4 \* 1000000 + [$]5 \* 1000 + [$]6) -]) -]) - dnl dnl PHP_CONFIG_NICE(filename) dnl From ecc602e3bb5878228cf6b85de790f3f097bbb0fd Mon Sep 17 00:00:00 2001 From: Peter Kokot Date: Mon, 23 Jun 2025 23:44:20 +0200 Subject: [PATCH 8/8] Remove non-existing INI directive detect_unicode (#18909) The detect_unicode was removed and zend.detect_unicode was added in PHP 5.4 (bbf3d43c1ee0ad53b03c3821cd630f0746d5e954). --- ext/phar/tests/zip/notphar.phpt | 1 - pear/Makefile.frag | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ext/phar/tests/zip/notphar.phpt b/ext/phar/tests/zip/notphar.phpt index 10d4d7d8be311..ab4f80e430bba 100644 --- a/ext/phar/tests/zip/notphar.phpt +++ b/ext/phar/tests/zip/notphar.phpt @@ -4,7 +4,6 @@ Phar: a non-executable zip with no stub named .phar.zip phar --INI-- phar.readonly=1 -detect_unicode=0 zend.multibyte=0 --FILE-- /dev/null` FETCH = `which fetch 2>/dev/null`