Commit: 14f133036cfa6c2ab3f5eb9af3a0c0b29ed5d554 Author: Nikita Popov <ni...@php.net> Fri, 21 Dec 2012 17:28:20 +0100 Parents: ffb848b275a085917413c171a79cbfdb1d0159d2 Branches: PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=14f133036cfa6c2ab3f5eb9af3a0c0b29ed5d554 Log: Fix crash when last yielded value is a closure If zend_generator_close is called from within zend_generator_resume (e.g. due to a return statement) then all the EGs will still be using the values from the generator. That's why the stack frame has to be the last thing that is dtored, otherwise some other dtor that is using EG(current_execute_data) might access the already freed memory segment. This was the case with the closure dtor. The fix is to move the dtors for key and value to the start of the handler. This way the stack frame is the last thing that is freed. Changed paths: A Zend/tests/generators/yield_closure.phpt M Zend/zend_generators.c Diff: diff --git a/Zend/tests/generators/yield_closure.phpt b/Zend/tests/generators/yield_closure.phpt new file mode 100644 index 0000000..e380b29 --- /dev/null +++ b/Zend/tests/generators/yield_closure.phpt @@ -0,0 +1,17 @@ +--TEST-- +Generator shouldn't crash if last yielded value is a closure +--FILE-- +<?php + +function gen() { + yield function() {}; +} + +$gen = gen(); +$gen->next(); + +echo "Done!"; + +?> +--EXPECT-- +Done! diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c index a191741..b16687c 100644 --- a/Zend/zend_generators.c +++ b/Zend/zend_generators.c @@ -29,6 +29,16 @@ static zend_object_handlers zend_generator_handlers; ZEND_API void zend_generator_close(zend_generator *generator, zend_bool finished_execution TSRMLS_DC) /* {{{ */ { + if (generator->value) { + zval_ptr_dtor(&generator->value); + generator->value = NULL; + } + + if (generator->key) { + zval_ptr_dtor(&generator->key); + generator->key = NULL; + } + if (generator->execute_data) { zend_execute_data *execute_data = generator->execute_data; zend_op_array *op_array = execute_data->op_array; @@ -162,16 +172,6 @@ ZEND_API void zend_generator_close(zend_generator *generator, zend_bool finished } generator->execute_data = NULL; } - - if (generator->value) { - zval_ptr_dtor(&generator->value); - generator->value = NULL; - } - - if (generator->key) { - zval_ptr_dtor(&generator->key); - generator->key = NULL; - } } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
