This fixes bugs #65035 and #65161. In one of the bugs the issue is
that function_state.arguments is NULL, but the arg count is pushed
to the stack and the code tries to free it. In the other bug the
stack of the generator is freed twice, once in generator_close and
later during shutdown.
It's rather hard (if at all possible) to do a proper stack cleanup
on an unclean shutdown, so I'm just disabling it in this case.
(Adam)
. Fixed bug #65108 (is_callable() triggers Fatal Error).
(David Soria Parra, Laruence)
+ . Fixed bug #65035 (yield / exit segfault). (Nikita)
+ . Fixed bug #65161 (Generator + autoload + syntax error = segfault). (Nikita)
- OPcache
. Fixed bug #64827 (Segfault in zval_mark_grey (zend_gc.c)). (Laruence)
--- /dev/null
+--TEST--
+Bug #65035: yield / exit segfault
+--FILE--
+<?php
+
+function gen() {
+ fn();
+ yield;
+}
+
+function fn() {
+ exit('Done');
+}
+
+$gen = gen();
+$gen->current();
+
+?>
+--EXPECT--
+Done
--- /dev/null
+--TEST--
+Bug #65161: Generator + autoload + syntax error = segfault
+--FILE--
+<?php
+
+function autoload() {
+ foo();
+}
+spl_autoload_register('autoload');
+
+function testGenerator() {
+ new SyntaxError('param');
+ yield;
+}
+
+foreach (testGenerator() as $i);
+
+?>
+--EXPECTF--
+Fatal error: Call to undefined function foo() in %s on line %d
zval_ptr_dtor(&execute_data->current_this);
}
+ /* A fatal error / die occured during the generator execution. Trying to clean
+ * up the stack may not be safe in this case. */
+ if (CG(unclean_shutdown)) {
+ return;
+ }
+
/* If the generator is closed before it can finish execution (reach
* a return statement) we have to free loop variables manually, as
* we don't know whether the SWITCH_FREE / FREE opcodes have run */