Since there is no check if there is a refcount before freeing an object there
is a segv if the object gets freed. This segv can be caused by the following
php code
<?php
$t = (object) $_GLOBALS;
?>
RCS file: /repository/Zend/zend_variables.c,v
retrieving revision 1.42
diff -u -3 -p -r1.42 zend_variables.c
--- zend_variables.c 22 Jun 2002 14:11:43 -0000 1.42
+++ zend_variables.c 17 Aug 2002 19:08:28 -0000
@@ -54,8 +54,10 @@ ZEND_API void _zval_dtor(zval *zvalue ZE
}
break;
case IS_OBJECT:
- zend_hash_destroy(zvalue->value.obj.properties);
- FREE_HASHTABLE(zvalue->value.obj.properties);
+ if (zvalue->refcount) {
+
zend_hash_destroy(zvalue->value.obj.properties);
+ FREE_HASHTABLE(zvalue->value.obj.properties);
+ }
break;
case IS_RESOURCE: {
TSRMLS_FETCH();
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
