Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion failure Zend/zend_objects_API.c:189 #17196

Open
YuanchengJiang opened this issue Dec 17, 2024 · 3 comments
Open

Assertion failure Zend/zend_objects_API.c:189 #17196

YuanchengJiang opened this issue Dec 17, 2024 · 3 comments
Labels
Bug Status: Needs Feedback

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
$dirIterator = new DirectoryIterator('test_dir_ptfi');
$fusion = $dirIterator;
require(__DIR__ . "/run_bcmath_tests_function.inc");
$leftSummands = [
"-0.123912932193769965476541321",
];
run_bcmath_tests($leftSummands, $fusion, "+", bcadd(...));

Resulted in this output:

Number "-0.123912932193769965476541321" (scale 0)
-0.123912932193769965476541321 + ..                             = bcadd(): Argument #2 ($num2) is not well-formed
-0.123912932193769965476541321 + .                              = bcadd(): Argument #3 ($scale) must be of type ?int, DirectoryIterator given

Number "-0.123912932193769965476541321" (scale 10)
-0.123912932193769965476541321 + ..                             = bcadd(): Argument #3 ($scale) must be of type ?int, DirectoryIterator given
-0.123912932193769965476541321 + .                              = bcadd(): Argument #3 ($scale) must be of type ?int, DirectoryIterator given

php: /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_objects_API.c:189: void zend_objects_store_del(zend_object *): Assertion `(!(((uintptr_t)((((zend_executor_globals *) (((char*) _tsrm_ls_cache)+(executor_globals_offset)))->objects_store).object_buckets[handle])) & (1<<0)))' failed.
Aborted (core dumped)

To reproduce:

-d "opcache.jit_hot_func=1" -d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "opcache.enable_cli=1" -d "opcache.jit=1254"

you need:run_bcmath_tests_function.inc

PHP Version

nightly

Operating System

No response
@nielsdos nielsdos mentioned this issue Dec 17, 2024
Closed
@nielsdos
Copy link
Member

nielsdos commented Dec 17, 2024
edited
Loading

This doesn't reproduce on my system.
Does this reproduce reliably for you? What configuration flags did you use?
Is there anything special needed in the test_dir_ptfi directory?
A stack trace could also be useful

@YuanchengJiang
Copy link
Author

YuanchengJiang commented Dec 18, 2024
edited
Loading

yes. I can stably reproduce it.

stack trace from valgrind:

php: /home/phpfuzz/WorkSpace/php-src/Zend/zend_objects_API.c:189: void zend_objects_store_del(zend_object *): Assertion `(!(((uintptr_t)((((zend_executor_globals *) (((char*) _tsrm_ls_cache)+(executor_globals_offset)))->objects_store).object_buckets[handle])) & (1<<0)))' failed.
==629383== 
==629383== Process terminating with default action of signal 6 (SIGABRT): dumping core
==629383==    at 0x51F99FC: __pthread_kill_implementation (pthread_kill.c:44)
==629383==    by 0x51F99FC: __pthread_kill_internal (pthread_kill.c:78)
==629383==    by 0x51F99FC: pthread_kill@@GLIBC_2.34 (pthread_kill.c:89)
==629383==    by 0x51A5475: raise (raise.c:26)
==629383==    by 0x518B7F2: abort (abort.c:79)
==629383==    by 0x518B71A: __assert_fail_base.cold (assert.c:92)
==629383==    by 0x519CE95: __assert_fail (assert.c:101)
==629383==    by 0xFC6EFC: zend_objects_store_del (zend_objects_API.c:189)
==629383==    by 0xFEC55D: rc_dtor_func (zend_variables.c:57)
==629383==    by 0xF60E42: i_zval_ptr_dtor (zend_variables.h:45)
==629383==    by 0xF60BBD: zend_array_destroy (zend_hash.c:1831)
==629383==    by 0xFEC55D: rc_dtor_func (zend_variables.c:57)
==629383==    by 0xF60E42: i_zval_ptr_dtor (zend_variables.h:45)
==629383==    by 0xF60C1B: zend_array_destroy (zend_hash.c:1839)
==629383==

nothing special for test_dir_ptfi.

config: CC="clang-12" CXX="clang++-12" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip

@nielsdos
Copy link
Member

Still doesn't reproduce for me on my Linux x86-64 machine, I also get different output:

Number "-0.123912932193769965476541321" (scale 0)
-0.123912932193769965476541321 + ..                             = bcadd(): Argument #2 ($num2) is not well-formed
-0.123912932193769965476541321 + .                              = 0

Number "-0.123912932193769965476541321" (scale 10)
-0.123912932193769965476541321 + ..                             = bcadd(): Argument #2 ($num2) is not well-formed
-0.123912932193769965476541321 + .                              = -0.1239129321

So your output complains about the type of the scale parameter, which is dependent not on the directory iterator but on a constant array.
What OS are you using and what CPU?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nielsdos @YuanchengJiang