Assertion failure for TRACK_VARS_SERVER

[YuanchengJiang]

Description

The following code:

To reproduce:

php -d "variables_order=E" -d "auto_globals_jit=0"

Resulted in this output:

/php-src/Zend/zend_hash.c:825: _zend_hash_add_or_update_i: Assertion `(zend_gc_refcount(&(ht)->gc) == 1) || ((ht)->u.flags & (1<<6))' failed.
Aborted (core dumped)

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

[cmb69]

Good finding, @YuanchengJiang!

Relevant:

php-src/main/php_variables.c

Lines 902 to 905 in c65e042

	/* TODO: TRACK_VARS_SERVER is modified in a number of places (e.g. phar) past this point,
	* where rc>1 due to the $_SERVER global. Ideally this shouldn't happen, but for now we
	* ignore this issue, as it would probably require larger changes. */
	HT_ALLOW_COW_VIOLATION(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));

However, with -d variables_order=E -d auto_globals_jit=0, PG(http_globals)[TRACK_VARS_SERVER]) is not properly initialized, so it looses the HASH_FLAG_ALLOW_COW_VIOLATION flag. A possible fix could be to initialize the hash table right away for this code path, i.e.:

 main/php_variables.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main/php_variables.c b/main/php_variables.c
index c3b773516e..7569fd43e9 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -893,6 +893,7 @@ static bool php_auto_globals_create_server(zend_string *name)
 	} else {
 		zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_SERVER]);
 		array_init(&PG(http_globals)[TRACK_VARS_SERVER]);
+		zend_hash_real_init_mixed(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
 	}
 
 	check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));

[nielsdos]

Reminds me of #13013 ...
Anyway, I think your patch is fine @cmb69

[cmb69]

Reminds me of #13013 ...

Fascinating!