dmitry Thu, 30 Sep 2010 14:11:51 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=303895
Log:
Prevented crash in GC because of incorrect reference counting
Changed paths:
A php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt
U php/php-src/branches/PHP_5_3/Zend/zend_execute.c
A php/php-src/trunk/Zend/tests/gc_032.phpt
U php/php-src/trunk/Zend/zend_execute.c
Added: php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_3/Zend/tests/gc_032.phpt 2010-09-30 14:11:51 UTC
(rev 303895)
@@ -0,0 +1,40 @@
+--TEST--
+GC 032: Crash in GC because of invalid reference counting
+--FILE--
+<?php
+$a = array();
+$b =& $a;
+$a[0] = $a;
+debug_zval_dump($a);
+$a = array(array());
+$b =& $a;
+$a[0][0] = $a;
+debug_zval_dump($a);
+?>
+--EXPECT--
+array(1) refcount(1){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ *RECURSION*
+ }
+ }
+}
+array(1) refcount(1){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ array(1) refcount(1){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ array(1) refcount(1){
+ [0]=>
+ *RECURSION*
+ }
+ }
+ }
+ }
+}
Modified: php/php-src/branches/PHP_5_3/Zend/zend_execute.c
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_execute.c 2010-09-30 12:19:43 UTC
(rev 303894)
+++ php/php-src/branches/PHP_5_3/Zend/zend_execute.c 2010-09-30 14:11:51 UTC
(rev 303895)
@@ -714,8 +714,8 @@
ALLOC_ZVAL(variable_ptr);
*variable_ptr_ptr = variable_ptr;
*variable_ptr = *value;
+ Z_SET_REFCOUNT_P(variable_ptr, 1);
zval_copy_ctor(variable_ptr);
- Z_SET_REFCOUNT_P(variable_ptr, 1);
} else {
*variable_ptr_ptr = value;
Z_ADDREF_P(value);
Added: php/php-src/trunk/Zend/tests/gc_032.phpt
===================================================================
--- php/php-src/trunk/Zend/tests/gc_032.phpt (rev 0)
+++ php/php-src/trunk/Zend/tests/gc_032.phpt 2010-09-30 14:11:51 UTC (rev
303895)
@@ -0,0 +1,40 @@
+--TEST--
+GC 032: Crash in GC because of invalid reference counting
+--FILE--
+<?php
+$a = array();
+$b =& $a;
+$a[0] = $a;
+debug_zval_dump($a);
+$a = array(array());
+$b =& $a;
+$a[0][0] = $a;
+debug_zval_dump($a);
+?>
+--EXPECT--
+array(1) refcount(1){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ *RECURSION*
+ }
+ }
+}
+array(1) refcount(1){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ array(1) refcount(1){
+ [0]=>
+ array(1) refcount(3){
+ [0]=>
+ array(1) refcount(1){
+ [0]=>
+ *RECURSION*
+ }
+ }
+ }
+ }
+}
Modified: php/php-src/trunk/Zend/zend_execute.c
===================================================================
--- php/php-src/trunk/Zend/zend_execute.c 2010-09-30 12:19:43 UTC (rev
303894)
+++ php/php-src/trunk/Zend/zend_execute.c 2010-09-30 14:11:51 UTC (rev
303895)
@@ -919,9 +919,9 @@
GC_ZVAL_CHECK_POSSIBLE_ROOT(variable_ptr);
if (PZVAL_IS_REF(value) && Z_REFCOUNT_P(value) > 0) {
ALLOC_ZVAL(variable_ptr);
+ *variable_ptr_ptr = variable_ptr;
INIT_PZVAL_COPY(variable_ptr, value);
zval_copy_ctor(variable_ptr);
- *variable_ptr_ptr = variable_ptr;
return variable_ptr;
} else {
*variable_ptr_ptr = value;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
