Edit report at http://bugs.php.net/bug.php?id=47930&edit=1
ID: 47930 Updated by: [email protected] Reported by: stas at zend dot com Summary: ext/filter crashes when module startup bails out -Status: Assigned +Status: Closed Type: Bug Package: Reproducible crash Operating System: * PHP Version: 5.2CVS-2009-04-29 Assigned To: stas Block user comment: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. I think this one is fine in both 5.3 and trunk. Previous Comments: ------------------------------------------------------------------------ [2009-09-06 10:16:43] [email protected] I got that, but why trunk (HEAD) is different from 5.3? Or do you mean: - 5.2, no fix at all - 5.3, fix but without ABI break - 6, all changes kept ? ------------------------------------------------------------------------ [2009-09-05 23:40:20] [email protected] Fix for 5.3 changes binary API, so it can't be applied to 5.2 ------------------------------------------------------------------------ [2009-09-05 17:17:31] [email protected] Any reason why this change has been commited to HEAD but never to 5.3, or has it been reverted? Please clarify the situation and sync both branches as soon as possible. ------------------------------------------------------------------------ [2009-04-29 00:41:24] [email protected] fixed for 5.3/HEAD, 5.2 fix still required, since 5.3+ fix changes binary API ------------------------------------------------------------------------ [2009-04-08 23:01:04] stas at zend dot com Description: ------------ 1. If one of the modules startup bails out, that leads to aborting the startup sequence and PG(modules_activated) be 0. This, in turn, precludes running RSHUTDOWN functions on modules. 2. ext/filter allocates IF_G(get_array), etc. in the course of the request startup, and if RSHUTDOWN is not called, they are not cleaned up. 3. Since ext/filter does not initialize IF_G arrays, on the next request uncleaned value will be used. Since these arrays are no longer pointing to a valid memory (which was cleaned on the end of the previous request), this will result in a crash. Reproduce code: --------------- 1. Create extension that uses zend_bailout in RINIT. 2. Run two requests while ext/filter is present and turned on 3. Crash! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=47930&edit=1
