From a4f1c898dfeb5ae72d9b1aa25640bae715249e82 Mon Sep 17 00:00:00 2001 From: Florian Engelhardt Date: Tue, 22 Jul 2025 10:39:56 +0200 Subject: [PATCH 1/2] reset global pointers to prevent use-after-free --- ext/opcache/jit/zend_jit.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c index 4d2baddb90090..0f38627c4c0b9 100644 --- a/ext/opcache/jit/zend_jit.c +++ b/ext/opcache/jit/zend_jit.c @@ -791,7 +791,7 @@ ZEND_EXT_API void zend_jit_status(zval *ret) add_assoc_long(&stats, "kind", JIT_G(trigger)); add_assoc_long(&stats, "opt_level", JIT_G(opt_level)); add_assoc_long(&stats, "opt_flags", JIT_G(opt_flags)); - if (dasm_buf) { + if (dasm_buf && dasm_end && dasm_ptr) { add_assoc_long(&stats, "buffer_size", (char*)dasm_end - (char*)dasm_buf); add_assoc_long(&stats, "buffer_free", (char*)dasm_end - (char*)*dasm_ptr); } else { @@ -5087,6 +5087,12 @@ ZEND_EXT_API void zend_jit_shutdown(void) #else zend_jit_trace_free_caches(&jit_globals); #endif + + // Reset global pointers to prevent use-after-free in Apache reload + dasm_ptr = NULL; + dasm_buf = NULL; + dasm_end = NULL; + dasm_size = 0; } static void zend_jit_reset_counters(void) From c939b91bf9e9f1c46ffde812d1c4196af4b9b1ab Mon Sep 17 00:00:00 2001 From: Florian Engelhardt Date: Tue, 22 Jul 2025 14:42:10 +0200 Subject: [PATCH 2/2] clarify comment --- ext/opcache/jit/zend_jit.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c index 0f38627c4c0b9..f0225b0c7a889 100644 --- a/ext/opcache/jit/zend_jit.c +++ b/ext/opcache/jit/zend_jit.c @@ -791,7 +791,7 @@ ZEND_EXT_API void zend_jit_status(zval *ret) add_assoc_long(&stats, "kind", JIT_G(trigger)); add_assoc_long(&stats, "opt_level", JIT_G(opt_level)); add_assoc_long(&stats, "opt_flags", JIT_G(opt_flags)); - if (dasm_buf && dasm_end && dasm_ptr) { + if (dasm_buf) { add_assoc_long(&stats, "buffer_size", (char*)dasm_end - (char*)dasm_buf); add_assoc_long(&stats, "buffer_free", (char*)dasm_end - (char*)*dasm_ptr); } else { @@ -5088,7 +5088,9 @@ ZEND_EXT_API void zend_jit_shutdown(void) zend_jit_trace_free_caches(&jit_globals); #endif - // Reset global pointers to prevent use-after-free in Apache reload + /* Reset global pointers to prevent use-after-free in `zend_jit_status()` + * after gracefully restarting Apache with mod_php, see: + * https://github.com/php/php-src/pull/19212 */ dasm_ptr = NULL; dasm_buf = NULL; dasm_end = NULL;