[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to it? Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
I initially looked at the final fix when I discovered the issue. Follow me out on this. This is the current code as-implemented in r323563: 265 zval *obj; 266 MAKE_STD_ZVAL(obj); 267 if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { 268 zval_ptr_dtor(arg); 269 *arg = obj; 270 *pl = Z_STRLEN_PP(arg); 271 *p = Z_STRVAL_PP(arg); 272 return SUCCESS; 273 } 274 efree(obj); The issue that I originally identified (overwriting the argument pointer) is still happening. Is there any reason for overwriting the arg pointer? Wouldn't it be better to just do the Z_STRLEN_PP and Z_STRVAL_PP operations on obj instead, and zval_ptr_dtor it as well (instead of efree, as that way if a reference is stored somewhere it won't result in a double free, or a segfault for accessing freed memory)? Thanks, Anthony On Mon, Feb 27, 2012 at 11:39 AM, Xinchen Hui larue...@gmail.com wrote: Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Tue, Feb 28, 2012 at 1:10 AM, Anthony Ferrara ircmax...@gmail.com wrote: I initially looked at the final fix when I discovered the issue. Follow me out on this. This is the current code as-implemented in r323563: 265 zval *obj; 266 MAKE_STD_ZVAL(obj); 267 if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { 268 zval_ptr_dtor(arg); 269 *arg = obj; 270 *pl = Z_STRLEN_PP(arg); 271 *p = Z_STRVAL_PP(arg); 272 return SUCCESS; 273 } 274 efree(obj); The issue that I originally identified (overwriting the argument pointer) is still happening. Is there any reason for overwriting the arg pointer? Wouldn't it be better to just do the Z_STRLEN_PP and Z_STRVAL_PP operations on obj instead, and zval_ptr_dtor it as well Oops, you are right.. thanks for pointing this out. :) (instead of efree, as that way if a reference is stored somewhere it won't result in a double free, or a segfault for accessing freed memory)? Thanks, Anthony On Mon, Feb 27, 2012 at 11:39 AM, Xinchen Hui larue...@gmail.com wrote: Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- 惠新宸 laruence Senior PHP Engineer http://www.laruence.com -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Tue, Feb 28, 2012 at 10:38 AM, Xinchen Hui larue...@gmail.com wrote: On Tue, Feb 28, 2012 at 1:10 AM, Anthony Ferrara ircmax...@gmail.com wrote: I initially looked at the final fix when I discovered the issue. Follow me out on this. This is the current code as-implemented in r323563: 265 zval *obj; 266 MAKE_STD_ZVAL(obj); 267 if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { 268 zval_ptr_dtor(arg); 269 *arg = obj; 270 *pl = Z_STRLEN_PP(arg); 271 *p = Z_STRVAL_PP(arg); 272 return SUCCESS; 273 } 274 efree(obj); The issue that I originally identified (overwriting the argument pointer) is still happening. Is there any reason for overwriting the arg pointer? Wouldn't it be better to just do the Z_STRLEN_PP and Z_STRVAL_PP operations on obj instead, and zval_ptr_dtor it as well Oops, you are right.. thanks for pointing this out. :) Sorry, I miss-read your words. so I revoke my previous words. the reason for why overwriting arg, is we should record that new temp zval(IS_STRING), then release it while doing cleanup parameters. and also, fo 5.3, no p and pl paramters. thanks (instead of efree, as that way if a reference is stored somewhere it won't result in a double free, or a segfault for accessing freed memory)? Thanks, Anthony On Mon, Feb 27, 2012 at 11:39 AM, Xinchen Hui larue...@gmail.com wrote: Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- 惠新宸 laruence Senior PHP Engineer http://www.laruence.com -- 惠新宸 laruence Senior PHP Engineer http://www.laruence.com -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php