Closed as not planned
Description
Description
Hi! We found a crashing test case when testing with the php-fuzz-tracing-jit fuzzing driver.
It seems like a bug due to option setting.
The following code:
<?php
ini_set('opcache.enable', 0);
?>Resulted in this output:
php-fuzz-tracing-jit: sapi/fuzzer/fuzzer-execute-common.h:135: void opcache_invalidate(void): Assertion `zval_get_type(&(retval)) == 3' failed.
==593169== ERROR: libFuzzer: deadly signal
#0 0x68da31 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
#1 0x128fd8a in fuzzer::PrintStackTrace() /tmp/libfuzzer/./FuzzerUtil.cpp:205:5
#2 0x126ff78 in fuzzer::Fuzzer::CrashCallback() /tmp/libfuzzer/./FuzzerLoop.cpp:236:3
#3 0x126ff33 in fuzzer::Fuzzer::StaticCrashSignalCallback() /tmp/libfuzzer/./FuzzerLoop.cpp:208:6
#4 0x7f378d16851f (/lib/x86_64-linux-gnu/libc.so.6+0x4251f) (BuildId: cd410b710f0f094c6832edd95931006d883af48e)
#5 0x7f378d1bc9fb in __pthread_kill_implementation nptl/pthread_kill.c:43:17
#6 0x7f378d1bc9fb in __pthread_kill_internal nptl/pthread_kill.c:78:10
#7 0x7f378d1bc9fb in pthread_kill nptl/pthread_kill.c:89:10
#8 0x7f378d168475 in gsignal signal/../sysdeps/posix/raise.c:26:13
#9 0x7f378d14e7f2 in abort stdlib/abort.c:79:7
#10 0x7f378d14e71a in __assert_fail_base assert/assert.c:94:3
#11 0x7f378d15fe95 in __assert_fail assert/assert.c:103:3
#12 0x12610d9 in opcache_invalidate /src/php-src/sapi/fuzzer/fuzzer-execute-common.h:135:2
#13 0x1262185 in fuzzer_do_request_from_buffer /src/php-src/sapi/fuzzer/fuzzer-sapi.c:285:4
#14 0x126095e in LLVMFuzzerTestOneInput /src/php-src/sapi/fuzzer/fuzzer-tracing-jit.c:34:2
PHP Version
Commid id: c7db07eae85587c3ebacdf841ec30597899516aa (May 25 2025)
Operating System
No response