Commit: 0f36224beb61b8d0b189c447bdb44ee2d73be637 Author: Nikita Popov <ni...@php.net> Sat, 29 Jun 2013 21:51:54 +0200 Parents: 5904da994803d2f9a70a0cb4675ebd9eeb9bce54 Branches: PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=0f36224beb61b8d0b189c447bdb44ee2d73be637 Log: Don't try to clean up generator stack on unclean shutdown This fixes bugs #65035 and #65161. In one of the bugs the issue is that function_state.arguments is NULL, but the arg count is pushed to the stack and the code tries to free it. In the other bug the stack of the generator is freed twice, once in generator_close and later during shutdown. It's rather hard (if at all possible) to do a proper stack cleanup on an unclean shutdown, so I'm just disabling it in this case. Bugs: https://bugs.php.net/65035 https://bugs.php.net/65161 Changed paths: M NEWS A Zend/tests/generators/bug65035.phpt A Zend/tests/generators/bug65161.phpt M Zend/zend_generators.c Diff: diff --git a/NEWS b/NEWS index 6122e03..4cbd4e8 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ PHP NEWS (Adam) . Fixed bug #65108 (is_callable() triggers Fatal Error). (David Soria Parra, Laruence) + . Fixed bug #65035 (yield / exit segfault). (Nikita) + . Fixed bug #65161 (Generator + autoload + syntax error = segfault). (Nikita) - OPcache . Fixed bug #64827 (Segfault in zval_mark_grey (zend_gc.c)). (Laruence) diff --git a/Zend/tests/generators/bug65035.phpt b/Zend/tests/generators/bug65035.phpt new file mode 100644 index 0000000..18276cc --- /dev/null +++ b/Zend/tests/generators/bug65035.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #65035: yield / exit segfault +--FILE-- +<?php + +function gen() { + fn(); + yield; +} + +function fn() { + exit('Done'); +} + +$gen = gen(); +$gen->current(); + +?> +--EXPECT-- +Done diff --git a/Zend/tests/generators/bug65161.phpt b/Zend/tests/generators/bug65161.phpt new file mode 100644 index 0000000..215c188 --- /dev/null +++ b/Zend/tests/generators/bug65161.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #65161: Generator + autoload + syntax error = segfault +--FILE-- +<?php + +function autoload() { + foo(); +} +spl_autoload_register('autoload'); + +function testGenerator() { + new SyntaxError('param'); + yield; +} + +foreach (testGenerator() as $i); + +?> +--EXPECTF-- +Fatal error: Call to undefined function foo() in %s on line %d diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c index d189148..4b22eb2 100644 --- a/Zend/zend_generators.c +++ b/Zend/zend_generators.c @@ -55,6 +55,12 @@ ZEND_API void zend_generator_close(zend_generator *generator, zend_bool finished zval_ptr_dtor(&execute_data->current_this); } + /* A fatal error / die occured during the generator execution. Trying to clean + * up the stack may not be safe in this case. */ + if (CG(unclean_shutdown)) { + return; + } + /* If the generator is closed before it can finish execution (reach * a return statement) we have to free loop variables manually, as * we don't know whether the SWITCH_FREE / FREE opcodes have run */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
