From f17cb3497c29231d062c0e166c05085493cd13e9 Mon Sep 17 00:00:00 2001
From: Levi Morrison <levi.morrison@datadoghq.com>
Date: Fri, 16 May 2025 14:38:03 -0600
Subject: [PATCH] fix(prof): crash in ZEND_INIT_ARRAY

The engine currently does not save the opline in ZEND_INIT_ARRAY, so
under rare situations, that opline will be dangling, which can cause
crashes.

The fix works because by having a user opcode handler the engine will
save the opline before it calls the user opcode handler.

I do not have a reproducer for this one yet, but we've hit this issue
before so I'm fairly confident this needs to be done until there is
an upstream fix in PHP, then we can do version-specific mitigation.
---
 profiling/src/php_ffi.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/profiling/src/php_ffi.c b/profiling/src/php_ffi.c
index f0574a5038b..5cbdde7acb4 100644
--- a/profiling/src/php_ffi.c
+++ b/profiling/src/php_ffi.c
@@ -11,7 +11,8 @@
 #include <dlfcn.h> // for dlsym
 #endif
 
-#if PHP_VERSION_ID >= 70400 && PHP_VERSION_ID < 80400
+// todo: not all things are fixed upstream yet e.g. ZEND_INIT_ARRAY
+#if PHP_VERSION_ID >= 70400
 #define CFG_NEED_OPCODE_HANDLERS 1
 #else
 #define CFG_NEED_OPCODE_HANDLERS 0
@@ -168,6 +169,11 @@ static void ddog_php_prof_install_opcode_handlers(uint32_t php_version_id) {
         zend_set_user_opcode_handler(ZEND_FUNC_GET_ARGS, dispatch_handler);
     }
 #endif
+
+    // this is not yet patched upstream
+    if (zend_get_user_opcode_handler(ZEND_INIT_ARRAY) == NULL) {
+        zend_set_user_opcode_handler(ZEND_INIT_ARRAY, dispatch_handler);
+    }
 }
 #endif