dmitry Tue Nov 20 09:51:14 2007 UTC Modified files: (Branch: PHP_5_3) /php-src NEWS /ZendEngine2 zend_API.c zend_execute.c zend_execute_API.c zend_globals.h zend_object_handlers.c zend_vm_def.h zend_vm_execute.h zend_vm_execute.skl /php-src/ext/com_dotnet com_com.c com_handlers.c /php-src/ext/spl php_spl.c Log: Fixed bug #43136 (possible crash on script execution timeout. The EG(function_state_ptr) is completely removed, EG(current_execute_data)->function_state must be used instead)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.965.2.47&r2=1.2027.2.547.2.965.2.48&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.965.2.47 php-src/NEWS:1.2027.2.547.2.965.2.48 --- php-src/NEWS:1.2027.2.547.2.965.2.47 Mon Nov 12 11:23:04 2007 +++ php-src/NEWS Tue Nov 20 09:51:11 2007 @@ -56,6 +56,9 @@ - Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf) +- Fixed bug #43136 (possible crash on script execution timeout. + The EG(function_state_ptr) is completely removed, + EG(current_execute_data)->function_state must be used instead). (Dmitry) - Fixed bug #42848 (Status: header incorrect under FastCGI). (Dmitry) - Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry) - Fixed bug #42737 (preg_split('//u') triggers a E_NOTICE with newlines). (Nuno) http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_API.c?r1=1.296.2.27.2.34.2.10&r2=1.296.2.27.2.34.2.11&diff_format=u Index: ZendEngine2/zend_API.c diff -u ZendEngine2/zend_API.c:1.296.2.27.2.34.2.10 ZendEngine2/zend_API.c:1.296.2.27.2.34.2.11 --- ZendEngine2/zend_API.c:1.296.2.27.2.34.2.10 Mon Nov 5 11:43:31 2007 +++ ZendEngine2/zend_API.c Tue Nov 20 09:51:11 2007 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_API.c,v 1.296.2.27.2.34.2.10 2007/11/05 11:43:31 jani Exp $ */ +/* $Id: zend_API.c,v 1.296.2.27.2.34.2.11 2007/11/20 09:51:11 dmitry Exp $ */ #include "zend.h" #include "zend_execute.h" @@ -689,7 +689,7 @@ case '+': if (have_varargs) { if (!quiet) { - zend_function *active_function = EG(function_state_ptr)->function; + zend_function *active_function = EG(current_execute_data)->function_state.function; char *class_name = active_function->common.scope ? active_function->common.scope->name : ""; zend_error(E_WARNING, "%s%s%s(): only one varargs specifier (* or +) is permitted", class_name, @@ -709,7 +709,7 @@ default: if (!quiet) { - zend_function *active_function = EG(function_state_ptr)->function; + zend_function *active_function = EG(current_execute_data)->function_state.function; char *class_name = active_function->common.scope ? active_function->common.scope->name : ""; zend_error(E_WARNING, "%s%s%s(): bad type specifier while parsing parameters", class_name, @@ -732,7 +732,7 @@ if (num_args < min_num_args || (num_args > max_num_args && max_num_args > 0)) { if (!quiet) { - zend_function *active_function = EG(function_state_ptr)->function; + zend_function *active_function = EG(current_execute_data)->function_state.function; char *class_name = active_function->common.scope ? active_function->common.scope->name : ""; zend_error(E_WARNING, "%s%s%s() expects %s %d parameter%s, %d given", class_name, http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_execute.c?r1=1.716.2.12.2.24.2.4&r2=1.716.2.12.2.24.2.5&diff_format=u Index: ZendEngine2/zend_execute.c diff -u ZendEngine2/zend_execute.c:1.716.2.12.2.24.2.4 ZendEngine2/zend_execute.c:1.716.2.12.2.24.2.5 --- ZendEngine2/zend_execute.c:1.716.2.12.2.24.2.4 Sun Oct 7 05:22:03 2007 +++ ZendEngine2/zend_execute.c Tue Nov 20 09:51:11 2007 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_execute.c,v 1.716.2.12.2.24.2.4 2007/10/07 05:22:03 davidw Exp $ */ +/* $Id: zend_execute.c,v 1.716.2.12.2.24.2.5 2007/11/20 09:51:11 dmitry Exp $ */ #define ZEND_INTENSIVE_DEBUGGING 0 @@ -1425,6 +1425,7 @@ } \ EG(in_execution) = EX(original_in_execution); \ EG(current_execute_data) = EX(prev_execute_data); \ + EG(opline_ptr) = NULL; \ ZEND_VM_RETURN() #include "zend_vm_execute.h" http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_execute_API.c?r1=1.331.2.20.2.24.2.10&r2=1.331.2.20.2.24.2.11&diff_format=u Index: ZendEngine2/zend_execute_API.c diff -u ZendEngine2/zend_execute_API.c:1.331.2.20.2.24.2.10 ZendEngine2/zend_execute_API.c:1.331.2.20.2.24.2.11 --- ZendEngine2/zend_execute_API.c:1.331.2.20.2.24.2.10 Fri Nov 2 19:40:38 2007 +++ ZendEngine2/zend_execute_API.c Tue Nov 20 09:51:11 2007 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_execute_API.c,v 1.331.2.20.2.24.2.10 2007/11/02 19:40:38 jani Exp $ */ +/* $Id: zend_execute_API.c,v 1.331.2.20.2.24.2.11 2007/11/20 09:51:11 dmitry Exp $ */ #include <stdio.h> #include <signal.h> @@ -340,11 +340,11 @@ } return ""; } - switch (EG(function_state_ptr)->function->type) { + switch (EG(current_execute_data)->function_state.function->type) { case ZEND_USER_FUNCTION: case ZEND_INTERNAL_FUNCTION: { - zend_class_entry *ce = EG(function_state_ptr)->function->common.scope; + zend_class_entry *ce = EG(current_execute_data)->function_state.function->common.scope; if (space) { *space = ce ? "::" : ""; @@ -365,9 +365,9 @@ if (!zend_is_executing(TSRMLS_C)) { return NULL; } - switch (EG(function_state_ptr)->function->type) { + switch (EG(current_execute_data)->function_state.function->type) { case ZEND_USER_FUNCTION: { - char *function_name = ((zend_op_array *) EG(function_state_ptr)->function)->function_name; + char *function_name = ((zend_op_array *) EG(current_execute_data)->function_state.function)->function_name; if (function_name) { return function_name; @@ -377,7 +377,7 @@ } break; case ZEND_INTERNAL_FUNCTION: - return ((zend_internal_function *) EG(function_state_ptr)->function)->function_name; + return ((zend_internal_function *) EG(current_execute_data)->function_state.function)->function_name; break; default: return NULL; @@ -625,7 +625,6 @@ zend_uint i; zval **original_return_value; HashTable *calling_symbol_table; - zend_function_state *original_function_state_ptr; zend_op_array *original_op_array; zend_op **original_opline_ptr; zend_class_entry *current_scope; @@ -969,9 +968,6 @@ zend_ptr_stack_2_push(&EG(argument_stack), (void *) (zend_uintptr_t) fci->param_count, NULL); - original_function_state_ptr = EG(function_state_ptr); - EG(function_state_ptr) = &EX(function_state); - current_scope = EG(scope); EG(scope) = calling_scope; @@ -1060,7 +1056,6 @@ zval_ptr_dtor(&method_name); zval_ptr_dtor(¶ms_array); } - EG(function_state_ptr) = original_function_state_ptr; if (EG(This)) { zval_ptr_dtor(&EG(This)); @@ -1193,7 +1188,6 @@ zval pv; zend_op_array *new_op_array; zend_op_array *original_active_op_array = EG(active_op_array); - zend_function_state *original_function_state_ptr = EG(function_state_ptr); zend_uchar original_handle_op_arrays; int retval; @@ -1245,7 +1239,6 @@ EG(no_extensions)=0; EG(opline_ptr) = original_opline_ptr; EG(active_op_array) = original_active_op_array; - EG(function_state_ptr) = original_function_state_ptr; destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); EG(return_value_ptr_ptr) = original_return_value_ptr_ptr; http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_globals.h?r1=1.141.2.3.2.7.2.3&r2=1.141.2.3.2.7.2.4&diff_format=u Index: ZendEngine2/zend_globals.h diff -u ZendEngine2/zend_globals.h:1.141.2.3.2.7.2.3 ZendEngine2/zend_globals.h:1.141.2.3.2.7.2.4 --- ZendEngine2/zend_globals.h:1.141.2.3.2.7.2.3 Sat Sep 29 07:28:33 2007 +++ ZendEngine2/zend_globals.h Tue Nov 20 09:51:11 2007 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_globals.h,v 1.141.2.3.2.7.2.3 2007/09/29 07:28:33 dmitry Exp $ */ +/* $Id: zend_globals.h,v 1.141.2.3.2.7.2.4 2007/11/20 09:51:11 dmitry Exp $ */ #ifndef ZEND_GLOBALS_H #define ZEND_GLOBALS_H @@ -162,7 +162,6 @@ zval error_zval; zval *error_zval_ptr; - zend_function_state *function_state_ptr; zend_ptr_stack arg_types_stack; /* symbol table cache */ http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_object_handlers.c?r1=1.135.2.6.2.22.2.7&r2=1.135.2.6.2.22.2.8&diff_format=u Index: ZendEngine2/zend_object_handlers.c diff -u ZendEngine2/zend_object_handlers.c:1.135.2.6.2.22.2.7 ZendEngine2/zend_object_handlers.c:1.135.2.6.2.22.2.8 --- ZendEngine2/zend_object_handlers.c:1.135.2.6.2.22.2.7 Sat Nov 17 21:52:02 2007 +++ ZendEngine2/zend_object_handlers.c Tue Nov 20 09:51:11 2007 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_object_handlers.c,v 1.135.2.6.2.22.2.7 2007/11/17 21:52:02 pollita Exp $ */ +/* $Id: zend_object_handlers.c,v 1.135.2.6.2.22.2.8 2007/11/20 09:51:11 dmitry Exp $ */ #include "zend.h" #include "zend_globals.h" @@ -647,7 +647,7 @@ ZEND_API void zend_std_call_user_call(INTERNAL_FUNCTION_PARAMETERS) /* {{{ */ { - zend_internal_function *func = (zend_internal_function *)EG(function_state_ptr)->function; + zend_internal_function *func = (zend_internal_function *)EG(current_execute_data)->function_state.function; zval *method_name_ptr, *method_args_ptr; zval *method_result_ptr = NULL; zend_class_entry *ce = Z_OBJCE_P(this_ptr); @@ -845,7 +845,7 @@ ZEND_API void zend_std_callstatic_user_call(INTERNAL_FUNCTION_PARAMETERS) /* {{{ */ { - zend_internal_function *func = (zend_internal_function *)EG(function_state_ptr)->function; + zend_internal_function *func = (zend_internal_function *)EG(current_execute_data)->function_state.function; zval *method_name_ptr, *method_args_ptr; zval *method_result_ptr = NULL; zend_class_entry *ce = EG(scope); http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_def.h?r1=1.59.2.29.2.48.2.18&r2=1.59.2.29.2.48.2.19&diff_format=u Index: ZendEngine2/zend_vm_def.h diff -u ZendEngine2/zend_vm_def.h:1.59.2.29.2.48.2.18 ZendEngine2/zend_vm_def.h:1.59.2.29.2.48.2.19 --- ZendEngine2/zend_vm_def.h:1.59.2.29.2.48.2.18 Tue Nov 6 14:56:13 2007 +++ ZendEngine2/zend_vm_def.h Tue Nov 20 09:51:11 2007 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_vm_def.h,v 1.59.2.29.2.48.2.18 2007/11/06 14:56:13 dmitry Exp $ */ +/* $Id: zend_vm_def.h,v 1.59.2.29.2.48.2.19 2007/11/20 09:51:11 dmitry Exp $ */ /* If you change this file, please regenerate the zend_vm_execute.h and * zend_vm_opcodes.h files by running: @@ -2013,8 +2013,6 @@ zend_execute_internal(EXECUTE_DATA, return_value_used TSRMLS_CC); } - EG(current_execute_data) = EXECUTE_DATA; - /* We shouldn't fix bad extensions here, because it can break proper ones (Bug #34045) if (!EX(function_state).function->common.return_reference) { @@ -2093,7 +2091,6 @@ } EX(function_state).function = (zend_function *) EX(op_array); - EG(function_state_ptr) = &EX(function_state); if (EG(This)) { if (EG(exception) && IS_CTOR_CALL(EX(called_scope))) { @@ -3011,7 +3008,6 @@ EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_execute.h?r1=1.62.2.30.2.49.2.17&r2=1.62.2.30.2.49.2.18&diff_format=u Index: ZendEngine2/zend_vm_execute.h diff -u ZendEngine2/zend_vm_execute.h:1.62.2.30.2.49.2.17 ZendEngine2/zend_vm_execute.h:1.62.2.30.2.49.2.18 --- ZendEngine2/zend_vm_execute.h:1.62.2.30.2.49.2.17 Tue Nov 6 14:56:13 2007 +++ ZendEngine2/zend_vm_execute.h Tue Nov 20 09:51:11 2007 @@ -75,7 +75,6 @@ EG(opline_ptr) = &EX(opline); EX(function_state).function = (zend_function *) op_array; - EG(function_state_ptr) = &EX(function_state); while (1) { #ifdef ZEND_WIN32 @@ -85,7 +84,7 @@ #endif if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) { - return; + return; } } @@ -196,8 +195,6 @@ zend_execute_internal(execute_data, return_value_used TSRMLS_CC); } - EG(current_execute_data) = execute_data; - /* We shouldn't fix bad extensions here, because it can break proper ones (Bug #34045) if (!EX(function_state).function->common.return_reference) { @@ -276,7 +273,6 @@ } EX(function_state).function = (zend_function *) EX(op_array); - EG(function_state_ptr) = &EX(function_state); if (EG(This)) { if (EG(exception) && IS_CTOR_CALL(EX(called_scope))) { @@ -1814,7 +1810,6 @@ EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { @@ -4893,7 +4888,6 @@ EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { @@ -8051,7 +8045,6 @@ EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { @@ -20980,7 +20973,6 @@ EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_execute.skl?r1=1.2.2.2.2.1.2.2&r2=1.2.2.2.2.1.2.3&diff_format=u Index: ZendEngine2/zend_vm_execute.skl diff -u ZendEngine2/zend_vm_execute.skl:1.2.2.2.2.1.2.2 ZendEngine2/zend_vm_execute.skl:1.2.2.2.2.1.2.3 --- ZendEngine2/zend_vm_execute.skl:1.2.2.2.2.1.2.2 Sun Oct 7 05:22:04 2007 +++ ZendEngine2/zend_vm_execute.skl Tue Nov 20 09:51:12 2007 @@ -46,7 +46,6 @@ EG(opline_ptr) = &EX(opline); EX(function_state).function = (zend_function *) op_array; - EG(function_state_ptr) = &EX(function_state); while (1) { {%ZEND_VM_CONTINUE_LABEL%} @@ -57,7 +56,7 @@ #endif {%ZEND_VM_DISPATCH%} { - {%INTERNAL_EXECUTOR%} + {%INTERNAL_EXECUTOR%} } } http://cvs.php.net/viewvc.cgi/php-src/ext/com_dotnet/com_com.c?r1=1.16.2.2.2.5&r2=1.16.2.2.2.5.2.1&diff_format=u Index: php-src/ext/com_dotnet/com_com.c diff -u php-src/ext/com_dotnet/com_com.c:1.16.2.2.2.5 php-src/ext/com_dotnet/com_com.c:1.16.2.2.2.5.2.1 --- php-src/ext/com_dotnet/com_com.c:1.16.2.2.2.5 Mon Apr 9 15:32:08 2007 +++ php-src/ext/com_dotnet/com_com.c Tue Nov 20 09:51:12 2007 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: com_com.c,v 1.16.2.2.2.5 2007/04/09 15:32:08 dmitry Exp $ */ +/* $Id: com_com.c,v 1.16.2.2.2.5.2.1 2007/11/20 09:51:12 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -469,7 +469,7 @@ HRESULT hr; VARIANT *vargs = NULL, *byref_vals = NULL; int i, byref_count = 0, j; - zend_internal_function *f = (zend_internal_function*)EG(function_state_ptr)->function; + zend_internal_function *f = (zend_internal_function*)EG(current_execute_data)->function_state.function; /* assumption: that the active function (f) is the function we generated for the engine */ if (!f || f->arg_info == NULL) { http://cvs.php.net/viewvc.cgi/php-src/ext/com_dotnet/com_handlers.c?r1=1.30.2.5.2.6.2.1&r2=1.30.2.5.2.6.2.2&diff_format=u Index: php-src/ext/com_dotnet/com_handlers.c diff -u php-src/ext/com_dotnet/com_handlers.c:1.30.2.5.2.6.2.1 php-src/ext/com_dotnet/com_handlers.c:1.30.2.5.2.6.2.2 --- php-src/ext/com_dotnet/com_handlers.c:1.30.2.5.2.6.2.1 Sun Oct 7 05:22:04 2007 +++ php-src/ext/com_dotnet/com_handlers.c Tue Nov 20 09:51:12 2007 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: com_handlers.c,v 1.30.2.5.2.6.2.1 2007/10/07 05:22:04 davidw Exp $ */ +/* $Id: com_handlers.c,v 1.30.2.5.2.6.2.2 2007/11/20 09:51:12 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -255,7 +255,7 @@ static PHP_FUNCTION(com_method_handler) { Z_OBJ_HANDLER_P(getThis(), call_method)( - ((zend_internal_function*)EG(function_state_ptr)->function)->function_name, + ((zend_internal_function*)EG(current_execute_data)->function_state.function)->function_name, INTERNAL_FUNCTION_PARAM_PASSTHRU); } http://cvs.php.net/viewvc.cgi/php-src/ext/spl/php_spl.c?r1=1.52.2.28.2.17.2.3&r2=1.52.2.28.2.17.2.4&diff_format=u Index: php-src/ext/spl/php_spl.c diff -u php-src/ext/spl/php_spl.c:1.52.2.28.2.17.2.3 php-src/ext/spl/php_spl.c:1.52.2.28.2.17.2.4 --- php-src/ext/spl/php_spl.c:1.52.2.28.2.17.2.3 Fri Nov 2 19:40:38 2007 +++ php-src/ext/spl/php_spl.c Tue Nov 20 09:51:12 2007 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_spl.c,v 1.52.2.28.2.17.2.3 2007/11/02 19:40:38 jani Exp $ */ +/* $Id: php_spl.c,v 1.52.2.28.2.17.2.4 2007/11/20 09:51:12 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -267,7 +267,6 @@ zval **original_return_value = EG(return_value_ptr_ptr); zend_op **original_opline_ptr = EG(opline_ptr); zend_op_array *original_active_op_array = EG(active_op_array); - zend_function_state *original_function_state_ptr = EG(function_state_ptr); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &class_name, &class_name_len, &file_exts, &file_exts_len) == FAILURE) { RETURN_FALSE; @@ -283,7 +282,6 @@ EG(return_value_ptr_ptr) = original_return_value; EG(opline_ptr) = original_opline_ptr; EG(active_op_array) = original_active_op_array; - EG(function_state_ptr) = original_function_state_ptr; pos2 = strchr(pos1, ','); if (pos2) *pos2 = '\0'; if (spl_autoload(class_name, lc_name, class_name_len, pos1 TSRMLS_CC)) { @@ -300,7 +298,6 @@ EG(return_value_ptr_ptr) = original_return_value; EG(opline_ptr) = original_opline_ptr; EG(active_op_array) = original_active_op_array; - EG(function_state_ptr) = original_function_state_ptr; if (!found && !SPL_G(autoload_running)) { /* For internal errors, we generate E_ERROR, for direct calls an exception is thrown.
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php