dmitry Fri, 18 Nov 2011 12:43:53 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=319469
Log: Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) Bug: https://bugs.php.net/60138 (Assigned) GC crash with referenced array in RecursiveArrayIterator Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug60138.phpt U php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c A php/php-src/branches/PHP_5_4/Zend/tests/bug60138.phpt A php/php-src/trunk/Zend/tests/bug60138.phpt Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-11-18 12:08:28 UTC (rev 319468) +++ php/php-src/branches/PHP_5_3/NEWS 2011-11-18 12:43:53 UTC (rev 319469) @@ -3,6 +3,8 @@ ?? ??? 2011, PHP 5.3.9 - Core: + . Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) + (Dmitry). . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe) . Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs). (klightspeed at netspace dot net dot au) Added: php/php-src/branches/PHP_5_3/Zend/tests/bug60138.phpt =================================================================== --- php/php-src/branches/PHP_5_3/Zend/tests/bug60138.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug60138.phpt 2011-11-18 12:43:53 UTC (rev 319469) @@ -0,0 +1,16 @@ +--TEST-- +Bug #60138 (GC crash with referenced array in RecursiveArrayIterator) +--FILE-- +<?php +$tree = array(array("f")); +$category =& $tree[0]; + +$iterator = new RecursiveIteratorIterator( + new RecursiveArrayIterator($tree), + RecursiveIteratorIterator::SELF_FIRST +); +foreach($iterator as $file); +echo "ok\n"; +?> +--EXPECT-- +ok Modified: php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c 2011-11-18 12:08:28 UTC (rev 319468) +++ php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c 2011-11-18 12:43:53 UTC (rev 319469) @@ -865,10 +865,11 @@ && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0 && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) && PZVAL_IS_REF(*fci->params[i])) { - SEPARATE_ZVAL(fci->params[i]); - } - - if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) + ALLOC_ZVAL(param); + *param = **(fci->params[i]); + INIT_PZVAL(param); + zval_copy_ctor(param); + } else if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) && !PZVAL_IS_REF(*fci->params[i])) { if (Z_REFCOUNT_PP(fci->params[i]) > 1) { Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60138.phpt =================================================================== --- php/php-src/branches/PHP_5_4/Zend/tests/bug60138.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/Zend/tests/bug60138.phpt 2011-11-18 12:43:53 UTC (rev 319469) @@ -0,0 +1,16 @@ +--TEST-- +Bug #60138 (GC crash with referenced array in RecursiveArrayIterator) +--FILE-- +<?php +$tree = array(array("f")); +$category =& $tree[0]; + +$iterator = new RecursiveIteratorIterator( + new RecursiveArrayIterator($tree), + RecursiveIteratorIterator::SELF_FIRST +); +foreach($iterator as $file); +echo "ok\n"; +?> +--EXPECT-- +ok Added: php/php-src/trunk/Zend/tests/bug60138.phpt =================================================================== --- php/php-src/trunk/Zend/tests/bug60138.phpt (rev 0) +++ php/php-src/trunk/Zend/tests/bug60138.phpt 2011-11-18 12:43:53 UTC (rev 319469) @@ -0,0 +1,16 @@ +--TEST-- +Bug #60138 (GC crash with referenced array in RecursiveArrayIterator) +--FILE-- +<?php +$tree = array(array("f")); +$category =& $tree[0]; + +$iterator = new RecursiveIteratorIterator( + new RecursiveArrayIterator($tree), + RecursiveIteratorIterator::SELF_FIRST +); +foreach($iterator as $file); +echo "ok\n"; +?> +--EXPECT-- +ok
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
