laruence Tue, 24 Jan 2012 14:39:45 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=322678
Log: Re-fixed bug #60825 (Segfault when running symfony 2 tests) Bug: https://bugs.php.net/60825 (Critical) Segfault when running symfony 2 tests Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/tests/bug60825.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h
Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-24 14:39:45 UTC (rev 322678) @@ -5,6 +5,8 @@ - Core: . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui) + . Fixed bug #60825 (Segfault when running symfony 2 tests). + (Dmitry, Laruence) - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). Added: php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt =================================================================== --- php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt 2012-01-24 14:39:45 UTC (rev 322678) @@ -0,0 +1,19 @@ +--TEST-- +Bug #60825 (Segfault when running symfony 2 tests) +--DESCRIPTION-- +run this with valgrind +--FILE-- +<?php +class test { + public static $x; + public function __toString() { + self::$x = $this; + return __FILE__; + } +} +$a = new test; +require_once $a; +debug_zval_dump(test::$x); +?> +--EXPECTF-- +string(%d) "%sbug60825.php" refcount(2) Modified: php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h 2012-01-24 14:39:45 UTC (rev 322678) @@ -3224,14 +3224,15 @@ int return_value_used; zend_free_op free_op1; zval *inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R); - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename->type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } return_value_used = RETURN_VALUE_USED(opline); @@ -3297,8 +3298,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } FREE_OP1(); EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; Modified: php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h 2012-01-24 14:39:45 UTC (rev 322678) @@ -1902,14 +1902,15 @@ int return_value_used; zval *inc_filename = &opline->op1.u.constant; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename->type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } return_value_used = RETURN_VALUE_USED(opline); @@ -1975,8 +1976,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; @@ -5190,14 +5191,15 @@ int return_value_used; zend_free_op free_op1; zval *inc_filename = _get_zval_ptr_tmp(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename->type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } return_value_used = RETURN_VALUE_USED(opline); @@ -5263,8 +5265,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } zval_dtor(free_op1.var); EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; @@ -8573,14 +8575,15 @@ int return_value_used; zend_free_op free_op1; zval *inc_filename = _get_zval_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename->type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } return_value_used = RETURN_VALUE_USED(opline); @@ -8646,8 +8649,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; @@ -22465,14 +22468,15 @@ int return_value_used; zval *inc_filename = _get_zval_ptr_cv(&opline->op1, EX(Ts), BP_VAR_R TSRMLS_CC); - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename->type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } return_value_used = RETURN_VALUE_USED(opline); @@ -22538,8 +22542,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; Modified: php/php-src/trunk/NEWS =================================================================== --- php/php-src/trunk/NEWS 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/trunk/NEWS 2012-01-24 14:39:45 UTC (rev 322678) @@ -8,7 +8,8 @@ - Core: . Fixed bug #60573 (type hinting with "self" keyword causes weird errors). (Laruence) - . Fixed bug #60825 (Segfault when running symfony 2 tests). (Laruence) + . Fixed bug #60825 (Segfault when running symfony 2 tests). + (Dmitry, Laruence) - cURL: . Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND, Modified: php/php-src/trunk/Zend/tests/bug60825.phpt =================================================================== --- php/php-src/trunk/Zend/tests/bug60825.phpt 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/trunk/Zend/tests/bug60825.phpt 2012-01-24 14:39:45 UTC (rev 322678) @@ -4,15 +4,16 @@ run this with valgrind --FILE-- <?php -if (isset($loaded)) { - $loaded = true; - class test { - public function __toString() { - return __FILE__; - } +class test { + public static $x; + public function __toString() { + self::$x = $this; + return __FILE__; } - $a = new test; - require_once $a; } +$a = new test; +require_once $a; +debug_zval_dump(test::$x); ?> ---EXPECT-- +--EXPECTF-- +string(%d) "%sbug60825.php" refcount(2) Modified: php/php-src/trunk/Zend/zend_vm_def.h =================================================================== --- php/php-src/trunk/Zend/zend_vm_def.h 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/trunk/Zend/zend_vm_def.h 2012-01-24 14:39:45 UTC (rev 322678) @@ -3693,17 +3693,18 @@ zend_op_array *new_op_array=NULL; zend_free_op free_op1; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R); if (inc_filename->type!=IS_STRING) { - INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -3767,8 +3768,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } FREE_OP1(); if (UNEXPECTED(EG(exception) != NULL)) { Modified: php/php-src/trunk/Zend/zend_vm_execute.h =================================================================== --- php/php-src/trunk/Zend/zend_vm_execute.h 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/trunk/Zend/zend_vm_execute.h 2012-01-24 14:39:45 UTC (rev 322678) @@ -2522,17 +2522,18 @@ zend_op_array *new_op_array=NULL; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = opline->op1.zv; if (inc_filename->type!=IS_STRING) { - INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -2596,8 +2597,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } if (UNEXPECTED(EG(exception) != NULL)) { @@ -6852,17 +6853,18 @@ zend_op_array *new_op_array=NULL; zend_free_op free_op1; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = _get_zval_ptr_tmp(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC); if (inc_filename->type!=IS_STRING) { - INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -6926,8 +6928,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } zval_dtor(free_op1.var); if (UNEXPECTED(EG(exception) != NULL)) { @@ -11209,17 +11211,18 @@ zend_op_array *new_op_array=NULL; zend_free_op free_op1; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = _get_zval_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC); if (inc_filename->type!=IS_STRING) { - INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -11283,8 +11286,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; if (UNEXPECTED(EG(exception) != NULL)) { @@ -27061,17 +27064,18 @@ zend_op_array *new_op_array=NULL; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = _get_zval_ptr_cv_BP_VAR_R(EX_CVs(), opline->op1.var TSRMLS_CC); if (inc_filename->type!=IS_STRING) { - INIT_PZVAL_COPY(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -27135,8 +27139,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } if (UNEXPECTED(EG(exception) != NULL)) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php