1+ --TEST--
2+ [profiling] sampling shouldn't crash on `ZEND_FUNC_GET_ARGS` opcode
3+ --DESCRIPTION--
4+ Beginning with PHP 7.4, the ZEND_FUNC_GET_ARGS opcode doesn't save its opline.
5+ If it occurs on a new frame before some other opcode has saved the opline, and
6+ then the allocation profiler triggers (or any other thing which examines
7+ oplines like the error message when hitting the memory limit), then the
8+ invalid opline will be accessed, possibly leading to a crash.
9+
10+ Fixed in PHP 8.1.27, 8.2.14 and 8.3.1:
11+ https://github.com/php/php-src/pull/12768
12+
13+ This test shouldn't crash even on affected versions, because the profiler
14+ should mitigate the issue with a user opcode handler. However, it's difficult
15+ to trigger at exactly the right (wrong?) time anyway, so it's unlikely to
16+ crash anyway.
17+ TODO: run this in some mode which will look at the opline on every allocation.
18+ --SKIPIF--
19+ <?php
20+ if (PHP_VERSION_ID < 70400 )
21+ echo "skip: test requires typed properties " , PHP_EOL ;
22+ if (!extension_loaded ('datadog-profiling ' ))
23+ echo "skip: test requires datadog-profiling " , PHP_EOL ;
24+ ?>
25+ --FILE--
26+ <?php
27+
28+ function ref () {
29+ return func_get_args ();
30+ }
31+
32+ class Foo {
33+ public static int $ i
34+ public static string $ s"x " ;
35+ }
36+
37+ var_dump (Foo::$ i"1 " );
38+ var_dump (Foo::$ s$ i
39+ var_dump (ref ('string ' , 0 ));
40+
41+ echo 'Done. ' ;
42+ ?>
43+ --EXPECT--
44+ int(1)
45+ string(1) "x"
46+ int(1)
47+ array(2) {
48+ [0]=>
49+ string(6) "string"
50+ [1]=>
51+ int(0)
52+ }
53+ Done.
0 commit comments