Commit: e8f004d54252e0130b88131bdc46a41ed365c51e Author: Xinchen Hui <larue...@php.net> Sun, 9 Jun 2013 13:20:40 +0800 Parents: 1aee7ad63672747bd941f169ef42bed5765137e0 Branches: PHP-5.3 PHP-5.4 PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e8f004d54252e0130b88131bdc46a41ed365c51e Log: Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC) Bugs: https://bugs.php.net/64966 Changed paths: M NEWS A Zend/tests/bug64966.phpt M Zend/zend_vm_def.h M Zend/zend_vm_execute.h Diff: diff --git a/NEWS b/NEWS index fc0842f..7f54f39 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2013, PHP 5.3.27 + - Core: + . Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence) . Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence) . Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol) diff --git a/Zend/tests/bug64966.phpt b/Zend/tests/bug64966.phpt new file mode 100644 index 0000000..27fec3b --- /dev/null +++ b/Zend/tests/bug64966.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #64966 (segfault in zend_do_fcall_common_helper_SPEC) +--FILE-- +<?php +error_reporting(E_ALL); +set_error_handler(function($error) { throw new Exception(); }, E_RECOVERABLE_ERROR); + +function test($func) { + $a = $func(""); + return true; +} +class A { + public function b() { + test("strlen"); + test("iterator_apply"); + } +} + +$a = new A(); +$a->b(); +?> +--EXPECTF-- +Fatal error: Uncaught exception 'Exception' in %sbug64966.php:3 +Stack trace: +#0 [internal function]: {closure}(4096, 'Argument 1 pass...', '/home/huixinche...', 6, Array) +#1 %sbug64966.php(6): iterator_apply('') +#2 %sbug64966.php(12): test('iterator_apply') +#3 %sbug64966.php(17): A->b() +#4 {main} + thrown in %sbug64966.php on line 3 diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 02566f3..d471f39 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -2327,6 +2327,8 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY) if (!RETURN_VALUE_USED(opline)) { zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr); } + } else if (RETURN_VALUE_USED(opline)) { + EX_T(opline->result.u.var).var.ptr = NULL; } } else if (EX(function_state).function->type == ZEND_USER_FUNCTION) { EX(original_return_value) = EG(return_value_ptr_ptr); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index f6220b0..993b822 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -327,6 +327,8 @@ static int ZEND_FASTCALL zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_AR if (!RETURN_VALUE_USED(opline)) { zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr); } + } else if (RETURN_VALUE_USED(opline)) { + EX_T(opline->result.u.var).var.ptr = NULL; } } else if (EX(function_state).function->type == ZEND_USER_FUNCTION) { EX(original_return_value) = EG(return_value_ptr_ptr); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
