On Thu, Oct 18, 2012 at 6:45 PM, Pierre Joye <[email protected]> wrote:
> hi Dmitry, Laruence!
>
> On Thu, Oct 18, 2012 at 11:46 AM, Laruence <[email protected]> wrote:
>> Hey:
>>
>> recently we found a problem, that is "usage zval_dtor on a recursive
>> array while gc enabled" has chance to result a segfault.
>>
>> a reproduce script could be found here:
>> https://github.com/php/php-src/blob/8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e/ext/pcre/tests/bug63055.phpt
>>
>> the preg_match used to call zval_dtor on the third argument. which
>> result a segfault, reported at #63055
>>
>> the segfault backtrace will looks like: http://pastebin.com/uPWBgrTZ
>>
>> thanks to dmitry, we got a simple solution, that is: instead of
>> directly call to zval_dtor, please use following codes instead:
>> "
>> zval garbage = *subpats;
>> array_init(subpats);
>> zval_dtor(&garbage);
>> "
> Nice catch!
>
> We could add a macro? As it looks like many will forget to do that :)
maybe a seris macro:
ZVAL_REPLACE_LONG()
ZVAL_REPLACE_STRING{L}()
ZVAL_REPLACE_ZVAL()
etc;
thanks , will do it later, only for trunk I think
thanks
>
> Cheers,
> --
> Pierre
>
> @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--
Laruence Xinchen Hui
http://www.laruence.com/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
