Commit:    8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e
Author:    Xinchen Hui <larue...@php.net>         Thu, 18 Oct 2012 17:31:27 
+0800
Parents:   3899adb46feb7a2dbd8f976ee02218b994c9f9ad
Branches:  PHP-5.3

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e

Log:
Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite)

Bugs:
https://bugs.php.net/63055

Changed paths:
  M  NEWS
  M  ext/pcre/php_pcre.c
  A  ext/pcre/tests/bug63055.phpt


Diff:
diff --git a/NEWS b/NEWS
index 86f8629..009f082 100644
--- a/NEWS
+++ b/NEWS
@@ -2,9 +2,13 @@ PHP                                                            
            NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2012, PHP 5.3.19
 
-- mysql:
+- MySQL:
   . Fixed compilation failure on mixed 32/64 bit systems. (Andrey)
 
+- PCRE:
+  . Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
+    (Dmitry, Laruence)
+
 - PDO:
   . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
     (Martin Osvald, Remi)
diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c
index b1b9e66..1af8151 100644
--- a/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@@ -547,8 +547,9 @@ PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, char 
*subject, int subjec
 
        /* Overwrite the passed-in value for subpatterns with an empty array. */
        if (subpats != NULL) {
-               zval_dtor(subpats);
+               zval garbage = *subpats;
                array_init(subpats);
+               zval_dtor(&garbage);
        }
 
        subpats_order = global ? PREG_PATTERN_ORDER : 0;
diff --git a/ext/pcre/tests/bug63055.phpt b/ext/pcre/tests/bug63055.phpt
new file mode 100644
index 0000000..16c50b5
--- /dev/null
+++ b/ext/pcre/tests/bug63055.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Bug #63055 (Segfault in zend_gc with SF2 testsuite)
+--FILE--
+<?php
+/* the default gc root size is 10,000 */
+for ($i=0; $i<9998; $i++) {
+    $array = array();
+    $array[0] = &$array;
+    unset($array);
+}
+
+$matches = array("foo" => "bar"); /* this bucket will trigger the segfault */
+$dummy   = array("dummy");        /* used to trigger gc_collect_cycles */
+$dummy[1] = &$dummy;
+
+$matches[1] = &$matches;
+$matches[2] = $dummy;
+
+preg_match_all("/(\d)+/", "foo123456bar", $matches);
+echo "okey";
+?>
+--EXPECTF--
+okey


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to