johannes                                 Thu, 17 Mar 2011 11:49:18 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=309342

Log:
- Fixed bug #54265 (crash when variable gets reassigned in error handler)

(re-apply 309308, dmitry)

Bug: http://bugs.php.net/54265 (error getting bug information)
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    A   php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt
    U   php/php-src/branches/PHP_5_3/Zend/zend_execute.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-03-17 11:43:05 UTC (rev 309341)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-03-17 11:49:18 UTC (rev 309342)
@@ -1,6 +1,11 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2011, PHP 5.3.7
+
+- Zend Engine:
+  . Fixed bug #54262 (Crash when assigning value to a dimension in a 
non-array).
+    (Dmitry)
+
 - MySQL Improved extension:
   . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi 
queries).
     (Andrey)

Added: php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt                       
        (rev 0)
+++ php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt       2011-03-17 
11:49:18 UTC (rev 309342)
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54265 (crash when variable gets reassigned in error handler)
+--FILE--
+<?php
+function my_errorhandler($errno,$errormsg) {
+  global $my_var;
+  $my_var = 0;
+  echo "EROOR: $errormsg\n";
+}
+set_error_handler("my_errorhandler");
+$my_var = str_repeat("A",$my_var[0]->errormsg = "xyz");
+echo "ok\n";
+?>
+--EXPECT--
+EROOR: Creating default object from empty value
+ok
+


Property changes on: php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt
___________________________________________________________________
Added: svn:keywords
   + Id Rev Revision
Added: svn:eol-style
   + native

Modified: php/php-src/branches/PHP_5_3/Zend/zend_execute.c
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_execute.c    2011-03-17 11:43:05 UTC 
(rev 309341)
+++ php/php-src/branches/PHP_5_3/Zend/zend_execute.c    2011-03-17 11:49:18 UTC 
(rev 309342)
@@ -536,10 +536,22 @@
                    (Z_TYPE_P(object) == IS_BOOL && Z_LVAL_P(object) == 0) ||
                    (Z_TYPE_P(object) == IS_STRING && Z_STRLEN_P(object) == 0)) 
{
                        SEPARATE_ZVAL_IF_NOT_REF(object_ptr);
-                       zval_dtor(*object_ptr);
-                       object_init(*object_ptr);
                        object = *object_ptr;
+                       Z_ADDREF_P(object);
                        zend_error(E_STRICT, "Creating default object from 
empty value");
+                       if (Z_REFCOUNT_P(object) == 1) {
+                               /* object was removed by error handler, nothing 
to assign to */
+                               zval_ptr_dtor(&object);
+                               if (retval) {
+                                       *retval = &EG(uninitialized_zval);
+                                       PZVAL_LOCK(*retval);
+                               }
+                               FREE_OP(free_value);
+                               return;
+                       }
+                       Z_DELREF_P(object);
+                       zval_dtor(object);
+                       object_init(object);
                } else {
                        zend_error(E_WARNING, "Attempt to assign property of 
non-object");
                        if (!RETURN_VALUE_UNUSED(result)) {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to