johannes Thu, 17 Mar 2011 11:49:18 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=309342
Log: - Fixed bug #54265 (crash when variable gets reassigned in error handler) (re-apply 309308, dmitry) Bug: http://bugs.php.net/54265 (error getting bug information) Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt U php/php-src/branches/PHP_5_3/Zend/zend_execute.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-03-17 11:43:05 UTC (rev 309341) +++ php/php-src/branches/PHP_5_3/NEWS 2011-03-17 11:49:18 UTC (rev 309342) @@ -1,6 +1,11 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2011, PHP 5.3.7 + +- Zend Engine: + . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). + (Dmitry) + - MySQL Improved extension: . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries). (Andrey) Added: php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt =================================================================== --- php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt 2011-03-17 11:49:18 UTC (rev 309342) @@ -0,0 +1,17 @@ +--TEST-- +Bug #54265 (crash when variable gets reassigned in error handler) +--FILE-- +<?php +function my_errorhandler($errno,$errormsg) { + global $my_var; + $my_var = 0; + echo "EROOR: $errormsg\n"; +} +set_error_handler("my_errorhandler"); +$my_var = str_repeat("A",$my_var[0]->errormsg = "xyz"); +echo "ok\n"; +?> +--EXPECT-- +EROOR: Creating default object from empty value +ok + Property changes on: php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/Zend/zend_execute.c =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_execute.c 2011-03-17 11:43:05 UTC (rev 309341) +++ php/php-src/branches/PHP_5_3/Zend/zend_execute.c 2011-03-17 11:49:18 UTC (rev 309342) @@ -536,10 +536,22 @@ (Z_TYPE_P(object) == IS_BOOL && Z_LVAL_P(object) == 0) || (Z_TYPE_P(object) == IS_STRING && Z_STRLEN_P(object) == 0)) { SEPARATE_ZVAL_IF_NOT_REF(object_ptr); - zval_dtor(*object_ptr); - object_init(*object_ptr); object = *object_ptr; + Z_ADDREF_P(object); zend_error(E_STRICT, "Creating default object from empty value"); + if (Z_REFCOUNT_P(object) == 1) { + /* object was removed by error handler, nothing to assign to */ + zval_ptr_dtor(&object); + if (retval) { + *retval = &EG(uninitialized_zval); + PZVAL_LOCK(*retval); + } + FREE_OP(free_value); + return; + } + Z_DELREF_P(object); + zval_dtor(object); + object_init(object); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); if (!RETURN_VALUE_UNUSED(result)) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php