Fixed bug #77434

Mark arrays containing partial arrays as partial. This was already
done for the ADD_ARRAY_ELEMENT case, but not for ASSIGN_DIM.

diff --git a/NEWS b/NEWS
index 2ae6d5625d80f27b23d564dde9eaebe42cc721f5..18ddbee6ba947685ff3d9f0eb50de2265f061a2f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,8 @@ PHP                                                                        NEWS
   . Fixed bug #77266 (Assertion failed in dce_live_ranges). (Laruence)
   . Fixed bug #77257 (value of variable assigned in a switch() construct gets
     lost). (Nikita)
+  . Fixed bug #77434 (php-fpm workers are segfaulting in zend_gc_addre).
+    (Nikita)
 
 - PCRE:
   . Fixed bug #77338 (get_browser with empty string). (Nikita)

diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c
index c224e4afcc88398417a0e8346d8136e019fb8d16..ff96db4c8d902047a9a2c928cb35996335281d81 100644 (file)
--- a/ext/opcache/Optimizer/sccp.c
+++ b/ext/opcache/Optimizer/sccp.c
@@ -1102,6 +1102,10 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
                                        SET_RESULT(result, data);
                                        SET_RESULT(op1, &zv);
                                } else if (ct_eval_assign_dim(&zv, data, op2) == SUCCESS) {
+                                       /* Mark array containing partial array as partial */
+                                       if (IS_PARTIAL_ARRAY(data)) {
+                                               MAKE_PARTIAL_ARRAY(&zv);
+                                       }
                                        SET_RESULT(result, data);
                                        SET_RESULT(op1, &zv);
                                } else {
@@ -2368,8 +2372,8 @@ int sccp_optimize_op_array(zend_optimizer_ctx *ctx, zend_op_array *op_array, zen
                        }
                        fprintf(stderr, "    #%d.", i);
                        zend_dump_var(op_array, IS_CV, ssa->vars[i].var);
-                       if (IS_PARTIAL_ARRAY(zv)) {
-                               fprintf(stderr, " = [");
+                       if (Z_TYPE_P(zv) == IS_ARRAY || IS_PARTIAL_ARRAY(zv)) {
+                               fprintf(stderr, " = %s[", IS_PARTIAL_ARRAY(zv) ? "partial " : "");
                                zend_dump_ht(Z_ARRVAL_P(zv));
                                fprintf(stderr, "]");
                        } else if (IS_PARTIAL_OBJECT(zv)) {

diff --git a/ext/opcache/tests/bug77434.phpt b/ext/opcache/tests/bug77434.phpt
new file mode 100644 (file)
index 0000000..5b8be3e
--- /dev/null
+++ b/ext/opcache/tests/bug77434.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #77434: php-fpm workers are segfaulting in zend_gc_addref
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+
+function test(int $x) {
+    $a = ['a' => 0, 'b' => $x];
+    $b = [];
+    $b[0] = $a;
+    $c = $b[0];
+}
+
+function test2(int $x) {
+    $a = ['a' => 0, 'b' => $x];
+    $b = [$a];
+    $c = $b[0];
+}
+
+?>
+===DONE===
+--EXPECT--
+===DONE===