Fix GH-18847: set EX(opline) when the tracing JIT enters a call frame#142
Closed
iliaal wants to merge 1 commit into
Closed
Fix GH-18847: set EX(opline) when the tracing JIT enters a call frame#142iliaal wants to merge 1 commit into
iliaal wants to merge 1 commit into
Conversation
The tracing JIT enters a callee frame without writing EX(opline) to memory; it keeps the opline in the IP register and writes it back lazily. When a fatal error is raised before that first store, such as an out-of-memory while the callee's first opcode pushes its own call frame, zend_fetch_debug_backtrace() dereferences the NULL EX(opline). Materialize it at entry, as the observer path already did behind ZEND_OBSERVER_ENABLED. Fixes phpGH-18847
f4aeece to
7b4798f
Compare
Owner
Author
|
Promoted upstream: php#22542. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Under the tracing JIT, entering a callee frame doesn't materialize
EX(opline)in memory (it stays virtual in the IP register), so a fatal error at the frame's first opcode, e.g. an OOM while it pushes its own call frame, makeszend_fetch_debug_backtrace()dereference a NULL opline. That store already existed on the observer path but was gated behindZEND_OBSERVER_ENABLED; this drops the gate.Note for review: this adds one
EX(opline)store per JIT call-frame entry (the same store observer builds already emit); flagging in case you'd prefer to narrow it.Fixes php#18847