Fix file cache run_time_cache unserialization

If the script was serialized as file_cache_only (thus non-immutable)
and then gets unserialized into SHM, we need to allocate a new
run_time_cache slot and can't use the serialized arena pointer.

diff --git a/ext/opcache/zend_file_cache.c b/ext/opcache/zend_file_cache.c
index 6d49b8b9508eb3c0134c638cf1ef9b44f1398dc6..6b8ef20434a1908691fd3766d72f3daabb09d89b 100644 (file)
--- a/ext/opcache/zend_file_cache.c
+++ b/ext/opcache/zend_file_cache.c
@@ -1237,7 +1237,15 @@ static void zend_file_cache_unserialize_op_array(zend_op_array           *op_arr
                        ZEND_MAP_PTR_NEW(op_array->run_time_cache);
                } else {
                        ZEND_MAP_PTR_INIT(op_array->static_variables_ptr, &op_array->static_variables);
-                       UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache));
+                       if (ZEND_MAP_PTR(op_array->run_time_cache)) {
+                               if (script->corrupted) {
+                                       /* Not in SHM: Use serialized arena pointer. */
+                                       UNSERIALIZE_PTR(ZEND_MAP_PTR(op_array->run_time_cache));
+                               } else {
+                                       /* In SHM: Allocate new pointer. */
+                                       ZEND_MAP_PTR_NEW(op_array->run_time_cache);
+                               }
+                       }
                }
        }
 }