[PHP-CVS] com php-src: Fixed bug #60598 (cli/apache sapi segfault on objects manipulation): NEWS Zend/tests/bug60598.phpt Zend/zend_objects_API.c

Thu, 29 Aug 2013 20:24:13 -0700 

Commit:    7da6498342d76c34892bfa247bc1779d8f5ee1e6
Author:    Xinchen Hui <larue...@php.net>         Fri, 30 Aug 2013 11:20:24 
+0800
Parents:   dfc6feb6e84f27094e6a2e3947caa094f7c35d26
Branches:  PHP-5.4 PHP-5.5 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=7da6498342d76c34892bfa247bc1779d8f5ee1e6

Log:
Fixed bug #60598 (cli/apache sapi segfault on objects manipulation)

Bugs:
https://bugs.php.net/60598

Changed paths:
  M  NEWS
  A  Zend/tests/bug60598.phpt
  M  Zend/zend_objects_API.c


Diff:
diff --git a/NEWS b/NEWS
index 6169cd0..42b69f5 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                             
           NEWS
 ?? ??? 2013, PHP 5.4.20
 
 - Core:
+  . Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
+    (Laruence)
   . Fixed bug #65579 (Using traits with get_class_methods causes segfault).
     (Adam)
   . Fixed bug #65490 (Duplicate calls to get lineno & filename for 
diff --git a/Zend/tests/bug60598.phpt b/Zend/tests/bug60598.phpt
new file mode 100644
index 0000000..eeee75a
--- /dev/null
+++ b/Zend/tests/bug60598.phpt
@@ -0,0 +1,30 @@
+--TEST--
+Bug #60598 (cli/apache sapi segfault on objects manipulation)
+--FILE--
+<?php
+define('OBJECT_COUNT', 10000);
+
+$containers = array();
+
+class Object {
+    protected $_guid = 0;
+    public function __construct() {
+               global $containers;
+               $this->guid = 1;
+        $containers[spl_object_hash($this)] = $this;
+    }
+    public function __destruct() {
+               global $containers;
+        $containers[spl_object_hash($this)] = NULL;
+    }
+}
+
+for ($i = 0; $i < OBJECT_COUNT; ++$i) {
+    new Object();
+}
+
+// You probably won't see this because of the "zend_mm_heap corrupted"
+?>
+If you see this, try to increase OBJECT_COUNT to 100,000
+--EXPECT--
+If you see this, try to increase OBJECT_COUNT to 100,000
diff --git a/Zend/zend_objects_API.c b/Zend/zend_objects_API.c
index 1fe5d0c..b5dd48f 100644
--- a/Zend/zend_objects_API.c
+++ b/Zend/zend_objects_API.c
@@ -57,6 +57,11 @@ ZEND_API void 
zend_objects_store_call_destructors(zend_objects_store *objects TS
                                        obj->dtor(obj->object, i TSRMLS_CC);
                                        obj = 
&objects->object_buckets[i].bucket.obj;
                                        obj->refcount--;
+
+                                       if (obj->refcount == 0) {
+                                               /* in case gc_collect_cycle is 
triggered before free_storage */
+                                               GC_REMOVE_ZOBJ_FROM_BUFFER(obj);
+                                       }
                                }
                        }
                }


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to