From: Dmitry Stogov <dmitry@zend.com>
Date: Tue, 14 May 2019 11:53:52 +0000 (+0300)
Subject: Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset
X-Git-Tag: php-7.2.19RC1~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5c4d125d4c2976236e2ecddd1d8c6e7b113ec482;p=php

Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset
---

diff --git a/NEWS b/NEWS
index c89f43a24b..abfa9c6fa4 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,10 @@ PHP                                                                        NEWS
 - JSON:
   . Fixed bug #77843 (Use after free with json serializer). (Nikita)
 
+- Opcache:
+  . Fixed possible crashes, because of inconsistent PCRE cache and opcache
+    SHM reset. (Alexey Kalinin, Dmitry)
+
 - PDO_MySQL:
   . Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)
 
diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c
index 601e3af0cf..34e4ef0071 100644
--- a/ext/opcache/ZendAccelerator.c
+++ b/ext/opcache/ZendAccelerator.c
@@ -412,7 +412,7 @@ static zend_string *accel_find_interned_string(zend_string *str)
 	}
 
 	if (!ZCG(counted)) {
-		if (accel_activate_add() == FAILURE) {
+		if (!ZCG(accelerator_enabled) || accel_activate_add() == FAILURE) {
 			return str;
 		}
 		ZCG(counted) = 1;
@@ -1070,7 +1070,7 @@ char *accel_make_persistent_key(const char *path, int path_length, int *key_len)
 			cwd_len = ZSTR_LEN(cwd_str);
 			if (ZCG(cwd_check)) {
 				ZCG(cwd_check) = 0;
-				if ((ZCG(counted) || ZCSG(accelerator_enabled))) {
+				if (ZCG(accelerator_enabled)) {
 
 					zend_string *str = accel_find_interned_string(cwd_str);
 					if (!str) {
@@ -1110,7 +1110,7 @@ char *accel_make_persistent_key(const char *path, int path_length, int *key_len)
 
 			if (ZCG(include_path_check)) {
 				ZCG(include_path_check) = 0;
-				if ((ZCG(counted) || ZCSG(accelerator_enabled))) {
+				if (ZCG(accelerator_enabled)) {
 
 					zend_string *str = accel_find_interned_string(ZCG(include_path));
 					if (!str) {
@@ -1193,7 +1193,7 @@ int zend_accel_invalidate(const char *filename, int filename_len, zend_bool forc
 	zend_string *realpath;
 	zend_persistent_script *persistent_script;
 
-	if (!ZCG(enabled) || !accel_startup_ok || !ZCSG(accelerator_enabled) || accelerator_shm_read_lock() != SUCCESS) {
+	if (!ZCG(accelerator_enabled) || accelerator_shm_read_lock() != SUCCESS) {
 		return FAILURE;
 	}
 
@@ -1764,7 +1764,7 @@ zend_op_array *persistent_compile_file(zend_file_handle *file_handle, int type)
 	} else if (file_cache_only) {
 		return file_cache_compile_file(file_handle, type);
 #endif
-	} else if ((!ZCG(counted) && !ZCSG(accelerator_enabled)) ||
+	} else if (!ZCG(accelerator_enabled) ||
 	           (ZCSG(restart_in_progress) && accel_restart_is_active())) {
 #ifdef HAVE_OPCACHE_FILE_CACHE
 		if (ZCG(accel_directives).file_cache) {
@@ -2059,12 +2059,11 @@ static int persistent_stream_open_function(const char *filename, zend_file_handl
 /* zend_resolve_path() replacement for PHP 5.3 and above */
 static zend_string* persistent_zend_resolve_path(const char *filename, int filename_len)
 {
-	if (ZCG(enabled) && accel_startup_ok &&
+	if (
 #ifdef HAVE_OPCACHE_FILE_CACHE
 		!file_cache_only &&
 #endif
-	    (ZCG(counted) || ZCSG(accelerator_enabled)) &&
-	    !ZCSG(restart_in_progress)) {
+	    ZCG(accelerator_enabled)) {
 
 		/* check if callback is called from include_once or it's a main request */
 		if ((!EG(current_execute_data) &&
@@ -2213,6 +2212,7 @@ static void accel_activate(void)
 					zend_alter_ini_entry_chars(key, "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_RUNTIME);
 					zend_string_release(key);
 					zend_accel_error(ACCEL_LOG_WARNING, "Can't cache files in chroot() directory with too big inode");
+					ZCG(accelerator_enabled) = 0;
 					return;
 				}
 			}
@@ -2270,12 +2270,15 @@ static void accel_activate(void)
 				}
 				accel_restart_leave();
 			}
-		} else {
+		}
+		if (!ZCG(pcre_reseted)) {
 			reset_pcre = 1;
 		}
 		zend_shared_alloc_unlock();
 	}
 
+	ZCG(accelerator_enabled) = ZCSG(accelerator_enabled);
+
 	SHM_PROTECT();
 	HANDLE_UNBLOCK_INTERRUPTIONS();
 
@@ -2287,8 +2290,10 @@ static void accel_activate(void)
 		realpath_cache_clean();
 
 		accel_reset_pcre_cache();
+		ZCG(pcre_reseted) = 0;
 	} else if (reset_pcre) {
 		accel_reset_pcre_cache();
+		ZCG(pcre_reseted) = 1;
 	}
 }
 
@@ -2316,10 +2321,6 @@ static void accel_deactivate(void)
 		zend_string_release(ZCG(cwd));
 		ZCG(cwd) = NULL;
 	}
-
-	if (!ZCG(enabled) || !accel_startup_ok) {
-		return;
-	}
 }
 
 static int accelerator_remove_cb(zend_extension *element1, zend_extension *element2)
diff --git a/ext/opcache/ZendAccelerator.h b/ext/opcache/ZendAccelerator.h
index 5f195ba3bc..5f5b6fd0b2 100644
--- a/ext/opcache/ZendAccelerator.h
+++ b/ext/opcache/ZendAccelerator.h
@@ -196,6 +196,8 @@ typedef struct _zend_accel_globals {
 	int                     counted;   /* the process uses shared memory */
 	zend_bool               enabled;
 	zend_bool               locked;    /* thread obtained exclusive lock */
+	zend_bool               accelerator_enabled; /* accelerator enabled for current request */
+	zend_bool               pcre_reseted;
 	HashTable               bind_hash; /* prototype and zval lookup table */
 	zend_accel_directives   accel_directives;
 	zend_string            *cwd;                  /* current working directory or NULL */
diff --git a/ext/opcache/zend_accelerator_module.c b/ext/opcache/zend_accelerator_module.c
index cbf21fd268..16fe80c9b4 100644
--- a/ext/opcache/zend_accelerator_module.c
+++ b/ext/opcache/zend_accelerator_module.c
@@ -439,11 +439,11 @@ void zend_accel_info(ZEND_MODULE_INFO_FUNC_ARGS)
 {
 	php_info_print_table_start();
 
-	if (ZCG(enabled) && accel_startup_ok &&
+	if (
 #ifdef HAVE_OPCACHE_FILE_CACHE
-		((ZCG(counted) || ZCSG(accelerator_enabled)) || file_cache_only)
+		(ZCG(accelerator_enabled) || file_cache_only)
 #else
-		(ZCG(counted) || ZCSG(accelerator_enabled))
+		(ZCG(accelerator_enabled))
 #endif
 	) {
 		php_info_print_table_row(2, "Opcode Caching", "Up and Running");
@@ -547,7 +547,7 @@ static int accelerator_get_scripts(zval *return_value)
 	struct timeval exec_time;
 	struct timeval fetch_time;
 
-	if (!ZCG(enabled) || !accel_startup_ok || !ZCSG(accelerator_enabled) || accelerator_shm_read_lock() != SUCCESS) {
+	if (!ZCG(accelerator_enabled) || accelerator_shm_read_lock() != SUCCESS) {
 		return 0;
 	}
 
@@ -609,7 +609,7 @@ static ZEND_FUNCTION(opcache_get_status)
 	array_init(return_value);
 
 	/* Trivia */
-	add_assoc_bool(return_value, "opcache_enabled", ZCG(enabled) && (ZCG(counted) || ZCSG(accelerator_enabled)));
+	add_assoc_bool(return_value, "opcache_enabled", ZCG(accelerator_enabled));
 
 #ifdef HAVE_OPCACHE_FILE_CACHE
 	if (ZCG(accel_directives).file_cache) {
@@ -807,7 +807,7 @@ static ZEND_FUNCTION(opcache_compile_file)
 		return;
 	}
 
-	if (!ZCG(enabled) || !accel_startup_ok || !ZCSG(accelerator_enabled)) {
+	if (!ZCG(accelerator_enabled)) {
 		zend_error(E_NOTICE, ACCELERATOR_PRODUCT_NAME " seems to be disabled, can't compile file");
 		RETURN_FALSE;
 	}
@@ -846,7 +846,7 @@ static ZEND_FUNCTION(opcache_is_script_cached)
 		RETURN_FALSE;
 	}
 
-	if (!ZCG(enabled) || !accel_startup_ok || !ZCSG(accelerator_enabled)) {
+	if (!ZCG(accelerator_enabled)) {
 		RETURN_FALSE;
 	}