Re: [PHP-CVS] com php-src: Fixed bug #63882 (zend_std_compare_objects crash on recursion): NEWS Zend/tests/bug63882.phpt Zend/zend_object_handlers.c Zend/zend_objects_API.c Zend/zend_objects_API.h
Hi Stas, Actually this change in zend_object structure doesn't affect the previous structure layout, because of field alignment. The new 1 byte field created inside a 2 byte hole that wasn't used before. Thanks. Dmitry, On Wed, Jan 9, 2013 at 8:53 PM, Stas Malyshev wrote: > Hi! > > Doesn't change of zend_objects_API.h change binary API? I'm not sure we > can do it in 5.4. > > On 1/8/13 11:30 PM, Dmitry Stogov wrote: > > Commit:f9e8678dd3a41ed8a100d8201153a41d6fd25f2e > > Author:Dmitry Stogov Wed, 9 Jan 2013 > 11:30:50 +0400 > > Parents: f3b1b8516906fe900e521216c8f01e362790af30 > > Branches: PHP-5.4 PHP-5.5 master > > > > Link: > http://git.php.net/?p=php-src.git;a=commitdiff;h=f9e8678dd3a41ed8a100d8201153a41d6fd25f2e > > > > Log: > > Fixed bug #63882 (zend_std_compare_objects crash on recursion) > > > > Bugs: > > https://bugs.php.net/63882 > > > > Changed paths: > > M NEWS > > A Zend/tests/bug63882.phpt > > M Zend/zend_object_handlers.c > > M Zend/zend_objects_API.c > > M Zend/zend_objects_API.h > > > > > > Diff: > > diff --git a/NEWS b/NEWS > > index 1abd398..cfc0fa9 100644 > > --- a/NEWS > > +++ b/NEWS > > @@ -5,6 +5,7 @@ PHP >NEWS > > - Core: > >. Fixed bug #63943 (Bad warning text from strpos() on empty needle). > > (Laruence) > > + . Fixed bug #63882 (zend_std_compare_objects crash on recursion). > (Dmitry) > > > > - Litespeed: > >. Fixed bug #63228 (-Werror=format-security error in lsapi code). > (George) > > diff --git a/Zend/tests/bug63882.phpt b/Zend/tests/bug63882.phpt > > new file mode 100644 > > index 000..0cc1bab > > --- /dev/null > > +++ b/Zend/tests/bug63882.phpt > > @@ -0,0 +1,15 @@ > > +--TEST-- > > +Bug #63882 (zend_std_compare_objects crash on recursion) > > +--FILE-- > > + > +class Test { public $x = 5; } > > + > > +$testobj1 = new Test; > > +$testobj2 = new Test; > > +$testobj1->x = $testobj1; > > +$testobj2->x = $testobj2; > > + > > +var_dump($testobj1 == $testobj2); > > +?> > > +--EXPECTF-- > > +Fatal error: Nesting level too deep - recursive dependency? in > %sbug63882.php on line 9 > > diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c > > index a76dfb3..3881c0e 100644 > > --- a/Zend/zend_object_handlers.c > > +++ b/Zend/zend_object_handlers.c > > @@ -35,6 +35,17 @@ > > #define Z_OBJ_P(zval_p) \ > > > ((zend_object*)(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zval_p)].bucket.obj.object)) > > > > +#define Z_OBJ_PROTECT_RECURSION(zval_p) \ > > + do { \ > > + if > (EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zval_p)].apply_count++ >= > 3) { \ > > + zend_error(E_ERROR, "Nesting level too deep - > recursive dependency?"); \ > > + } \ > > + } while (0) > > + > > + > > +#define Z_OBJ_UNPROTECT_RECURSION(zval_p) \ > > + > EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zval_p)].apply_count-- > > + > > /* > >__X accessors explanation: > > > > @@ -1319,28 +1330,43 @@ static int zend_std_compare_objects(zval *o1, > zval *o2 TSRMLS_DC) /* {{{ */ > > } > > if (!zobj1->properties && !zobj2->properties) { > > int i; > > + > > + Z_OBJ_PROTECT_RECURSION(o1); > > + Z_OBJ_PROTECT_RECURSION(o2); > > for (i = 0; i < zobj1->ce->default_properties_count; i++) { > > if (zobj1->properties_table[i]) { > > if (zobj2->properties_table[i]) { > > zval result; > > > > if (compare_function(&result, > zobj1->properties_table[i], zobj2->properties_table[i] TSRMLS_CC)==FAILURE) > { > > + > Z_OBJ_UNPROTECT_RECURSION(o1); > > + > Z_OBJ_UNPROTECT_RECURSION(o2); > > return 1; > > } > > if (Z_LVAL(result) != 0) { > > + > Z_OBJ_UNPROTECT_RECURSION(o1); > > + > Z_OBJ_UNPROTECT_RECURSION(o2); > > return Z_LVAL(result); > > } > > } else { > > + Z_OBJ_UNPROTECT_RECURSION(o1); > > + Z_OBJ_UNPROTECT_RECURSION(o2); > > return 1; > > } > > } else { > > if (zobj2->properties_table[i]) { > > + Z_OBJ_UNPROTECT_RECURSION(o1); > > + Z_OBJ_UNPROTECT_RECURSION(o2); > > return 1; > > } else { > > + Z_OBJ_UNPROTECT_RECURSION(o1); > > + Z_OBJ_UNPROTECT_RECURSION(o2); > > return 0; > > } > >
Re: [PHP-CVS] com php-src: Fixed bug #63882 (zend_std_compare_objects crash on recursion): NEWS Zend/tests/bug63882.phpt Zend/zend_object_handlers.c Zend/zend_objects_API.c Zend/zend_objects_API.h
Hi! Doesn't change of zend_objects_API.h change binary API? I'm not sure we can do it in 5.4. On 1/8/13 11:30 PM, Dmitry Stogov wrote: > Commit:f9e8678dd3a41ed8a100d8201153a41d6fd25f2e > Author:Dmitry Stogov Wed, 9 Jan 2013 11:30:50 > +0400 > Parents: f3b1b8516906fe900e521216c8f01e362790af30 > Branches: PHP-5.4 PHP-5.5 master > > Link: > http://git.php.net/?p=php-src.git;a=commitdiff;h=f9e8678dd3a41ed8a100d8201153a41d6fd25f2e > > Log: > Fixed bug #63882 (zend_std_compare_objects crash on recursion) > > Bugs: > https://bugs.php.net/63882 > > Changed paths: > M NEWS > A Zend/tests/bug63882.phpt > M Zend/zend_object_handlers.c > M Zend/zend_objects_API.c > M Zend/zend_objects_API.h > > > Diff: > diff --git a/NEWS b/NEWS > index 1abd398..cfc0fa9 100644 > --- a/NEWS > +++ b/NEWS > @@ -5,6 +5,7 @@ PHP > NEWS > - Core: >. Fixed bug #63943 (Bad warning text from strpos() on empty needle). > (Laruence) > + . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry) > > - Litespeed: >. Fixed bug #63228 (-Werror=format-security error in lsapi code). (George) > diff --git a/Zend/tests/bug63882.phpt b/Zend/tests/bug63882.phpt > new file mode 100644 > index 000..0cc1bab > --- /dev/null > +++ b/Zend/tests/bug63882.phpt > @@ -0,0 +1,15 @@ > +--TEST-- > +Bug #63882 (zend_std_compare_objects crash on recursion) > +--FILE-- > + +class Test { public $x = 5; } > + > +$testobj1 = new Test; > +$testobj2 = new Test; > +$testobj1->x = $testobj1; > +$testobj2->x = $testobj2; > + > +var_dump($testobj1 == $testobj2); > +?> > +--EXPECTF-- > +Fatal error: Nesting level too deep - recursive dependency? in > %sbug63882.php on line 9 > diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c > index a76dfb3..3881c0e 100644 > --- a/Zend/zend_object_handlers.c > +++ b/Zend/zend_object_handlers.c > @@ -35,6 +35,17 @@ > #define Z_OBJ_P(zval_p) \ > > ((zend_object*)(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zval_p)].bucket.obj.object)) > > +#define Z_OBJ_PROTECT_RECURSION(zval_p) \ > + do { \ > + if > (EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zval_p)].apply_count++ >= 3) > { \ > + zend_error(E_ERROR, "Nesting level too deep - recursive > dependency?"); \ > + } \ > + } while (0) > + > + > +#define Z_OBJ_UNPROTECT_RECURSION(zval_p) \ > + EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zval_p)].apply_count-- > + > /* >__X accessors explanation: > > @@ -1319,28 +1330,43 @@ static int zend_std_compare_objects(zval *o1, zval > *o2 TSRMLS_DC) /* {{{ */ > } > if (!zobj1->properties && !zobj2->properties) { > int i; > + > + Z_OBJ_PROTECT_RECURSION(o1); > + Z_OBJ_PROTECT_RECURSION(o2); > for (i = 0; i < zobj1->ce->default_properties_count; i++) { > if (zobj1->properties_table[i]) { > if (zobj2->properties_table[i]) { > zval result; > > if (compare_function(&result, > zobj1->properties_table[i], zobj2->properties_table[i] TSRMLS_CC)==FAILURE) { > + Z_OBJ_UNPROTECT_RECURSION(o1); > + Z_OBJ_UNPROTECT_RECURSION(o2); > return 1; > } > if (Z_LVAL(result) != 0) { > + Z_OBJ_UNPROTECT_RECURSION(o1); > + Z_OBJ_UNPROTECT_RECURSION(o2); > return Z_LVAL(result); > } > } else { > + Z_OBJ_UNPROTECT_RECURSION(o1); > + Z_OBJ_UNPROTECT_RECURSION(o2); > return 1; > } > } else { > if (zobj2->properties_table[i]) { > + Z_OBJ_UNPROTECT_RECURSION(o1); > + Z_OBJ_UNPROTECT_RECURSION(o2); > return 1; > } else { > + Z_OBJ_UNPROTECT_RECURSION(o1); > + Z_OBJ_UNPROTECT_RECURSION(o2); > return 0; > } > } > } > + Z_OBJ_UNPROTECT_RECURSION(o1); > + Z_OBJ_UNPROTECT_RECURSION(o2); > return 0; > } else { > if (!zobj1->properties) { > diff --git a/Zend/zend_objects_API.c b/Zend/z