laruence Tue, 24 Jan 2012 14:39:45 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=322678
Log:
Re-fixed bug #60825 (Segfault when running symfony 2 tests)
Bug: https://bugs.php.net/60825 (Critical) Segfault when running symfony 2 tests
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
A php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt
U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h
U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h
U php/php-src/trunk/NEWS
U php/php-src/trunk/Zend/tests/bug60825.phpt
U php/php-src/trunk/Zend/zend_vm_def.h
U php/php-src/trunk/Zend/zend_vm_execute.h
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2012-01-24 13:28:39 UTC (rev 322677)
+++ php/php-src/branches/PHP_5_3/NEWS 2012-01-24 14:39:45 UTC (rev 322678)
@@ -5,6 +5,8 @@
- Core:
. Fixed bug #60227 (header() cannot detect the multi-line header with CR).
(rui)
+ . Fixed bug #60825 (Segfault when running symfony 2 tests).
+ (Dmitry, Laruence)
- Firebird Database extension (ibase):
. Fixed bug #60802 (ibase_trans() gives segfault when passing params).
Added: php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt 2012-01-24 14:39:45 UTC (rev 322678)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #60825 (Segfault when running symfony 2 tests)
+--DESCRIPTION--
+run this with valgrind
+--FILE--
+<?php
+class test {
+ public static $x;
+ public function __toString() {
+ self::$x = $this;
+ return __FILE__;
+ }
+}
+$a = new test;
+require_once $a;
+debug_zval_dump(test::$x);
+?>
+--EXPECTF--
+string(%d) "%sbug60825.php" refcount(2)
Modified: php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h 2012-01-24 13:28:39 UTC (rev 322677)
+++ php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h 2012-01-24 14:39:45 UTC (rev 322678)
@@ -3224,14 +3224,15 @@
int return_value_used;
zend_free_op free_op1;
zval *inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R);
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
if (inc_filename->type!=IS_STRING) {
- tmp_inc_filename = *inc_filename;
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ *tmp_inc_filename = *inc_filename;
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
return_value_used = RETURN_VALUE_USED(opline);
@@ -3297,8 +3298,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
FREE_OP1();
EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
Modified: php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h 2012-01-24 13:28:39 UTC (rev 322677)
+++ php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h 2012-01-24 14:39:45 UTC (rev 322678)
@@ -1902,14 +1902,15 @@
int return_value_used;
zval *inc_filename = &opline->op1.u.constant;
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
if (inc_filename->type!=IS_STRING) {
- tmp_inc_filename = *inc_filename;
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ *tmp_inc_filename = *inc_filename;
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
return_value_used = RETURN_VALUE_USED(opline);
@@ -1975,8 +1976,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -5190,14 +5191,15 @@
int return_value_used;
zend_free_op free_op1;
zval *inc_filename = _get_zval_ptr_tmp(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
if (inc_filename->type!=IS_STRING) {
- tmp_inc_filename = *inc_filename;
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ *tmp_inc_filename = *inc_filename;
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
return_value_used = RETURN_VALUE_USED(opline);
@@ -5263,8 +5265,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
zval_dtor(free_op1.var);
EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -8573,14 +8575,15 @@
int return_value_used;
zend_free_op free_op1;
zval *inc_filename = _get_zval_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
if (inc_filename->type!=IS_STRING) {
- tmp_inc_filename = *inc_filename;
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ *tmp_inc_filename = *inc_filename;
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
return_value_used = RETURN_VALUE_USED(opline);
@@ -8646,8 +8649,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -22465,14 +22468,15 @@
int return_value_used;
zval *inc_filename = _get_zval_ptr_cv(&opline->op1, EX(Ts), BP_VAR_R TSRMLS_CC);
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
if (inc_filename->type!=IS_STRING) {
- tmp_inc_filename = *inc_filename;
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ *tmp_inc_filename = *inc_filename;
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
return_value_used = RETURN_VALUE_USED(opline);
@@ -22538,8 +22542,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
Modified: php/php-src/trunk/NEWS
===================================================================
--- php/php-src/trunk/NEWS 2012-01-24 13:28:39 UTC (rev 322677)
+++ php/php-src/trunk/NEWS 2012-01-24 14:39:45 UTC (rev 322678)
@@ -8,7 +8,8 @@
- Core:
. Fixed bug #60573 (type hinting with "self" keyword causes weird errors).
(Laruence)
- . Fixed bug #60825 (Segfault when running symfony 2 tests). (Laruence)
+ . Fixed bug #60825 (Segfault when running symfony 2 tests).
+ (Dmitry, Laruence)
- cURL:
. Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND,
Modified: php/php-src/trunk/Zend/tests/bug60825.phpt
===================================================================
--- php/php-src/trunk/Zend/tests/bug60825.phpt 2012-01-24 13:28:39 UTC (rev 322677)
+++ php/php-src/trunk/Zend/tests/bug60825.phpt 2012-01-24 14:39:45 UTC (rev 322678)
@@ -4,15 +4,16 @@
run this with valgrind
--FILE--
<?php
-if (isset($loaded)) {
- $loaded = true;
- class test {
- public function __toString() {
- return __FILE__;
- }
+class test {
+ public static $x;
+ public function __toString() {
+ self::$x = $this;
+ return __FILE__;
}
- $a = new test;
- require_once $a;
}
+$a = new test;
+require_once $a;
+debug_zval_dump(test::$x);
?>
---EXPECT--
+--EXPECTF--
+string(%d) "%sbug60825.php" refcount(2)
Modified: php/php-src/trunk/Zend/zend_vm_def.h
===================================================================
--- php/php-src/trunk/Zend/zend_vm_def.h 2012-01-24 13:28:39 UTC (rev 322677)
+++ php/php-src/trunk/Zend/zend_vm_def.h 2012-01-24 14:39:45 UTC (rev 322678)
@@ -3693,17 +3693,18 @@
zend_op_array *new_op_array=NULL;
zend_free_op free_op1;
zval *inc_filename;
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R);
if (inc_filename->type!=IS_STRING) {
- INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename);
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@@ -3767,8 +3768,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
FREE_OP1();
if (UNEXPECTED(EG(exception) != NULL)) {
Modified: php/php-src/trunk/Zend/zend_vm_execute.h
===================================================================
--- php/php-src/trunk/Zend/zend_vm_execute.h 2012-01-24 13:28:39 UTC (rev 322677)
+++ php/php-src/trunk/Zend/zend_vm_execute.h 2012-01-24 14:39:45 UTC (rev 322678)
@@ -2522,17 +2522,18 @@
zend_op_array *new_op_array=NULL;
zval *inc_filename;
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = opline->op1.zv;
if (inc_filename->type!=IS_STRING) {
- INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename);
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@@ -2596,8 +2597,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
if (UNEXPECTED(EG(exception) != NULL)) {
@@ -6852,17 +6853,18 @@
zend_op_array *new_op_array=NULL;
zend_free_op free_op1;
zval *inc_filename;
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = _get_zval_ptr_tmp(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
if (inc_filename->type!=IS_STRING) {
- INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename);
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@@ -6926,8 +6928,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
zval_dtor(free_op1.var);
if (UNEXPECTED(EG(exception) != NULL)) {
@@ -11209,17 +11211,18 @@
zend_op_array *new_op_array=NULL;
zend_free_op free_op1;
zval *inc_filename;
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = _get_zval_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
if (inc_filename->type!=IS_STRING) {
- INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename);
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@@ -11283,8 +11286,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
if (UNEXPECTED(EG(exception) != NULL)) {
@@ -27061,17 +27064,18 @@
zend_op_array *new_op_array=NULL;
zval *inc_filename;
- zval tmp_inc_filename;
+ zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = _get_zval_ptr_cv_BP_VAR_R(EX_CVs(), opline->op1.var TSRMLS_CC);
if (inc_filename->type!=IS_STRING) {
- INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename);
- zval_copy_ctor(&tmp_inc_filename);
- convert_to_string(&tmp_inc_filename);
- inc_filename = &tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@@ -27135,8 +27139,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==&tmp_inc_filename) {
- zval_dtor(&tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(&tmp_inc_filename);
}
if (UNEXPECTED(EG(exception) != NULL)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
