stas Thu, 01 Apr 2010 22:54:03 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=297307
Log:
fix #49192 - crash in GC when get_properties handler returns null
Bug: http://bugs.php.net/49192 (Re-Opened) PHP crashes when GC invoked on COM
object
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/Zend/zend_gc.c
A php/php-src/branches/PHP_5_3/ext/com_dotnet/tests/bug49192.phpt
U php/php-src/trunk/Zend/zend_gc.c
A php/php-src/trunk/ext/com_dotnet/tests/bug49192.phpt
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2010-04-01 21:23:02 UTC (rev 297306)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-04-01 22:54:03 UTC (rev 297307)
@@ -51,6 +51,7 @@
- Fixed bug #49778 (DateInterval::format("%a") is always zero when an interval
is created from an ISO string). (Derick)
- Fixed bug #49429 (odbc_autocommit doesn't work). (Felipe)
+- Fixed bug #49192 (PHP crashes when GC invoked on COM object). (Stas)
- Fixed bug #49059 (DateTime::diff() repeats previous sub() operation).
([email protected], Derick)
- Fixed bug #48902 (Timezone database fallback map is outdated). (Derick)
Modified: php/php-src/branches/PHP_5_3/Zend/zend_gc.c
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_gc.c 2010-04-01 21:23:02 UTC (rev 297306)
+++ php/php-src/branches/PHP_5_3/Zend/zend_gc.c 2010-04-01 22:54:03 UTC (rev 297307)
@@ -282,7 +282,11 @@
GC_SET_BLACK(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else if (Z_TYPE_P(pz) == IS_ARRAY) {
@@ -313,7 +317,11 @@
GC_SET_BLACK(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
@@ -346,7 +354,11 @@
GC_SET_COLOR(obj->buffered, GC_GREY);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else if (Z_TYPE_P(pz) == IS_ARRAY) {
@@ -380,7 +392,11 @@
GC_SET_COLOR(obj->buffered, GC_GREY);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
@@ -445,7 +461,11 @@
GC_SET_COLOR(obj->buffered, GC_WHITE);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return 0;
+ }
+ p = props->pListHead;
}
}
}
@@ -484,7 +504,11 @@
GC_SET_COLOR(obj->buffered, GC_WHITE);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
zval_scan(*(zval**)p->pData TSRMLS_CC);
p = p->pListNext;
@@ -531,7 +555,11 @@
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else {
@@ -572,7 +600,11 @@
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
Added: php/php-src/branches/PHP_5_3/ext/com_dotnet/tests/bug49192.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/com_dotnet/tests/bug49192.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/com_dotnet/tests/bug49192.phpt 2010-04-01 22:54:03 UTC (rev 297307)
@@ -0,0 +1,13 @@
+--TEST--
+Bug #49192 (PHP crashes when GC invoked on COM object)
+--SKIPIF--
+<?php
+if (!extension_loaded("com_dotnet")) print "skip COM/.Net support not present"; ?>
+--FILE--
+<?php
+
+$dbConnection = new Com('ADODB.Connection');
+var_dump(gc_collect_cycles());
+?>
+--EXPECT--
+int(0)
Modified: php/php-src/trunk/Zend/zend_gc.c
===================================================================
--- php/php-src/trunk/Zend/zend_gc.c 2010-04-01 21:23:02 UTC (rev 297306)
+++ php/php-src/trunk/Zend/zend_gc.c 2010-04-01 22:54:03 UTC (rev 297307)
@@ -282,7 +282,11 @@
GC_SET_BLACK(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else if (Z_TYPE_P(pz) == IS_ARRAY) {
@@ -313,7 +317,11 @@
GC_SET_BLACK(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
@@ -346,7 +354,11 @@
GC_SET_COLOR(obj->buffered, GC_GREY);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else if (Z_TYPE_P(pz) == IS_ARRAY) {
@@ -380,7 +392,11 @@
GC_SET_COLOR(obj->buffered, GC_GREY);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
@@ -445,7 +461,11 @@
GC_SET_COLOR(obj->buffered, GC_WHITE);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return 0;
+ }
+ p = props->pListHead;
}
}
}
@@ -484,7 +504,11 @@
GC_SET_COLOR(obj->buffered, GC_WHITE);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
zval_scan(*(zval**)p->pData TSRMLS_CC);
p = p->pListNext;
@@ -531,7 +555,11 @@
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else {
@@ -572,7 +600,11 @@
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
Added: php/php-src/trunk/ext/com_dotnet/tests/bug49192.phpt
===================================================================
--- php/php-src/trunk/ext/com_dotnet/tests/bug49192.phpt (rev 0)
+++ php/php-src/trunk/ext/com_dotnet/tests/bug49192.phpt 2010-04-01 22:54:03 UTC (rev 297307)
@@ -0,0 +1,13 @@
+--TEST--
+Bug #49192 (PHP crashes when GC invoked on COM object)
+--SKIPIF--
+<?php
+if (!extension_loaded("com_dotnet")) print "skip COM/.Net support not present"; ?>
+--FILE--
+<?php
+
+$dbConnection = new Com('ADODB.Connection');
+var_dump(gc_collect_cycles());
+?>
+--EXPECT--
+int(0)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
