From 16a35aa46c23ee24ecdaed04ed800af3e8ba79b8 Mon Sep 17 00:00:00 2001 From: Levi Morrison Date: Thu, 28 Dec 2023 10:43:15 -0700 Subject: [PATCH] test: add phpt for ZEND_FUNC_GET_ARGS opline issue --- .../tests/phpt/allocation_func_get_args.phpt | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 profiling/tests/phpt/allocation_func_get_args.phpt diff --git a/profiling/tests/phpt/allocation_func_get_args.phpt b/profiling/tests/phpt/allocation_func_get_args.phpt new file mode 100644 index 00000000000..39953fcb073 --- /dev/null +++ b/profiling/tests/phpt/allocation_func_get_args.phpt @@ -0,0 +1,52 @@ +--TEST-- +[profiling] sampling shouldn't crash on `ZEND_FUNC_GET_ARGS` opcode +--DESCRIPTION-- +Beginning with PHP 7.4, the ZEND_FUNC_GET_ARGS opcode doesn't save its opline. +If it occurs on a new frame before some other opcode has saved the opline, and +then the allocation profiler triggers (or any other thing which examines +oplines like the error message when hitting the memory limit), then the +invalid opline will be accessed, possibly leading to a crash. + +Fixed in PHP 8.1.27, 8.2.14 and 8.3.1: +https://github.com/php/php-src/pull/12768 + +This test shouldn't crash even on affected versions, because the profiler +should mitigate the issue with a user opcode handler. However, it's difficult +to trigger at exactly the right (wrong?) time anyway, so it's unlikely to +crash anyway. +TODO: run this in some mode which will look at the opline on every allocation. +--SKIPIF-- +if (PHP_VERSION_ID < 70400) + echo "skip: test requires typed properties", PHP_EOL; +if (!extension_loaded('datadog-profiling')) + echo "skip: test requires datadog-profiling", PHP_EOL; +?> +--FILE-- + +--EXPECT-- +int(1) +string(1) "x" +int(1) +array(2) { + [0]=> + string(6) "string" + [1]=> + int(0) +} +Done. \ No newline at end of file