]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49cf106)
MFH: fix bug #47353 (crash when creating a lot of objects in object destructor)
authorAntony Dovgal <tony2001@php.net>
Wed, 11 Feb 2009 09:58:58 +0000 (09:58 +0000)
committerAntony Dovgal <tony2001@php.net>
Wed, 11 Feb 2009 09:58:58 +0000 (09:58 +0000)
NEWS patch | blob | history
Zend/zend_objects_API.c patch | blob | history

diff --git a/NEWS b/NEWS
index edd684a5f9a1b41e159a75576273354c6230abed..7d6870d3860a658d7d8b2d2e6683e0adc38404e6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Feb 2009, PHP 5.2.9
+- Fixed bug #47353 (crash when creating a lot of objects in object destructor).
+  (Tony)
 - Fixed bug #47322 (sscanf %d doesn't work). (Felipe)
 - Fixed bug #46026 (bz2.decompress/zlib.inflate filter tries to decompress after
   end of stream). (Greg)
diff --git a/Zend/zend_objects_API.c b/Zend/zend_objects_API.c
index 4e49ea244a16007913844a06281a6c0363123e22..7b73ab33c2699acc5508fbbc9f461c2f76b046e3 100644 (file)
--- a/Zend/zend_objects_API.c
+++ b/Zend/zend_objects_API.c
@@ -55,6 +55,7 @@ ZEND_API void zend_objects_store_call_destructors(zend_objects_store *objects TS
                                if (obj->dtor && obj->object) {
                                        obj->refcount++;
                                        obj->dtor(obj->object, i TSRMLS_CC);
+                                       obj = &objects->object_buckets[i].bucket.obj;
                                        obj->refcount--;
                                }
                        }
@@ -200,6 +201,10 @@ ZEND_API void zend_objects_store_del_ref_by_handle(zend_object_handle handle TSR
                                        } zend_end_try();
                                }
                        }
+
+                       /* re-read the object from the object store as the store might have been reallocated in the dtor */
+                       obj = &EG(objects_store).object_buckets[handle].bucket.obj;
+
                        if (obj->refcount == 1) {
                                if (obj->free_storage) {
                                        zend_try {
@@ -241,6 +246,7 @@ ZEND_API zend_object_value zend_objects_store_clone_obj(zval *zobject TSRMLS_DC)
        }
 
        obj->clone(obj->object, &new_object TSRMLS_CC);
+       obj = &EG(objects_store).object_buckets[handle].bucket.obj;
 
        retval.handle = zend_objects_store_put(new_object, obj->dtor, obj->free_storage, obj->clone TSRMLS_CC);
        retval.handlers = Z_OBJ_HT_P(zobject);
Unnamed repository; edit this file 'description' to name the repository.