dmitry Thu, 30 Sep 2010 14:11:51 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=303895
Log: Prevented crash in GC because of incorrect reference counting Changed paths: A php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt U php/php-src/branches/PHP_5_3/Zend/zend_execute.c A php/php-src/trunk/Zend/tests/gc_032.phpt U php/php-src/trunk/Zend/zend_execute.c Added: php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt =================================================================== --- php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt 2010-09-30 14:11:51 UTC (rev 303895) @@ -0,0 +1,40 @@ +--TEST-- +GC 032: Crash in GC because of invalid reference counting +--FILE-- +<?php +$a = array(); +$b =& $a; +$a[0] = $a; +debug_zval_dump($a); +$a = array(array()); +$b =& $a; +$a[0][0] = $a; +debug_zval_dump($a); +?> +--EXPECT-- +array(1) refcount(1){ + [0]=> + array(1) refcount(3){ + [0]=> + array(1) refcount(3){ + [0]=> + *RECURSION* + } + } +} +array(1) refcount(1){ + [0]=> + array(1) refcount(3){ + [0]=> + array(1) refcount(1){ + [0]=> + array(1) refcount(3){ + [0]=> + array(1) refcount(1){ + [0]=> + *RECURSION* + } + } + } + } +} Modified: php/php-src/branches/PHP_5_3/Zend/zend_execute.c =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_execute.c 2010-09-30 12:19:43 UTC (rev 303894) +++ php/php-src/branches/PHP_5_3/Zend/zend_execute.c 2010-09-30 14:11:51 UTC (rev 303895) @@ -714,8 +714,8 @@ ALLOC_ZVAL(variable_ptr); *variable_ptr_ptr = variable_ptr; *variable_ptr = *value; + Z_SET_REFCOUNT_P(variable_ptr, 1); zval_copy_ctor(variable_ptr); - Z_SET_REFCOUNT_P(variable_ptr, 1); } else { *variable_ptr_ptr = value; Z_ADDREF_P(value); Added: php/php-src/trunk/Zend/tests/gc_032.phpt =================================================================== --- php/php-src/trunk/Zend/tests/gc_032.phpt (rev 0) +++ php/php-src/trunk/Zend/tests/gc_032.phpt 2010-09-30 14:11:51 UTC (rev 303895) @@ -0,0 +1,40 @@ +--TEST-- +GC 032: Crash in GC because of invalid reference counting +--FILE-- +<?php +$a = array(); +$b =& $a; +$a[0] = $a; +debug_zval_dump($a); +$a = array(array()); +$b =& $a; +$a[0][0] = $a; +debug_zval_dump($a); +?> +--EXPECT-- +array(1) refcount(1){ + [0]=> + array(1) refcount(3){ + [0]=> + array(1) refcount(3){ + [0]=> + *RECURSION* + } + } +} +array(1) refcount(1){ + [0]=> + array(1) refcount(3){ + [0]=> + array(1) refcount(1){ + [0]=> + array(1) refcount(3){ + [0]=> + array(1) refcount(1){ + [0]=> + *RECURSION* + } + } + } + } +} Modified: php/php-src/trunk/Zend/zend_execute.c =================================================================== --- php/php-src/trunk/Zend/zend_execute.c 2010-09-30 12:19:43 UTC (rev 303894) +++ php/php-src/trunk/Zend/zend_execute.c 2010-09-30 14:11:51 UTC (rev 303895) @@ -919,9 +919,9 @@ GC_ZVAL_CHECK_POSSIBLE_ROOT(variable_ptr); if (PZVAL_IS_REF(value) && Z_REFCOUNT_P(value) > 0) { ALLOC_ZVAL(variable_ptr); + *variable_ptr_ptr = variable_ptr; INIT_PZVAL_COPY(variable_ptr, value); zval_copy_ctor(variable_ptr); - *variable_ptr_ptr = variable_ptr; return variable_ptr; } else { *variable_ptr_ptr = value;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php