]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: b2044cd 22d23e0)
Merge branch 'PHP-7.3' into PHP-7.4
authorDmitry Stogov <dmitry@zend.com>
Fri, 9 Aug 2019 12:58:33 +0000 (15:58 +0300)
committerDmitry Stogov <dmitry@zend.com>
Fri, 9 Aug 2019 12:58:33 +0000 (15:58 +0300)
* PHP-7.3:
  Fixed second part of the bug #78379 (Cast to object confuses GC, causes crash)

1  2 
Zend/zend_gc.c patch | diff1 | diff2 | blob | history

diff --cc Zend/zend_gc.c
index fcab58b1f54615eb9fbb1e2e5f62723e0bc6e46a,d1fcbf00ca6348c2b94ab54df4bef6dac9b57c47..97a7edaac2e0eee44635158a3841c18e34faa454
--- 1/Zend/zend_gc.c
--- 2/Zend/zend_gc.c
+++ b/Zend/zend_gc.c
@@@ -699,9 -699,10 +699,10 @@@ tail_call
                        zval tmp;
  
                        ZVAL_OBJ(&tmp, obj);
 -                      ht = get_gc(&tmp, &zv, &n);
 +                      ht = obj->handlers->get_gc(&tmp, &zv, &n);
                        end = zv + n;
-                       if (EXPECTED(!ht)) {
+                       if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) {
+                               ht = NULL;
                                if (!n) goto next;
                                while (!Z_REFCOUNTED_P(--end)) {
                                        if (zv == end) goto next;
@@@ -816,9 -821,10 +819,10 @@@ static void gc_mark_grey(zend_refcounte
                                zval tmp;
  
                                ZVAL_OBJ(&tmp, obj);
 -                              ht = get_gc(&tmp, &zv, &n);
 +                              ht = obj->handlers->get_gc(&tmp, &zv, &n);
                                end = zv + n;
-                               if (EXPECTED(!ht)) {
+                               if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_GREY))) {
+                                       ht = NULL;
                                        if (!n) goto next;
                                        while (!Z_REFCOUNTED_P(--end)) {
                                                if (zv == end) goto next;
@@@ -1004,9 -1014,10 +1010,10 @@@ tail_call
                                        zval tmp;
  
                                        ZVAL_OBJ(&tmp, obj);
 -                                      ht = get_gc(&tmp, &zv, &n);
 +                                      ht = obj->handlers->get_gc(&tmp, &zv, &n);
                                        end = zv + n;
-                                       if (EXPECTED(!ht)) {
+                                       if (EXPECTED(!ht) || UNEXPECTED(!GC_REF_CHECK_COLOR(ht, GC_GREY))) {
+                                               ht = NULL;
                                                if (!n) goto next;
                                                while (!Z_REFCOUNTED_P(--end)) {
                                                        if (zv == end) goto next;
@@@ -1173,9 -1188,10 +1182,10 @@@ static int gc_collect_white(zend_refcou
                                        *flags |= GC_HAS_DESTRUCTORS;
                                }
                                ZVAL_OBJ(&tmp, obj);
 -                              ht = get_gc(&tmp, &zv, &n);
 +                              ht = obj->handlers->get_gc(&tmp, &zv, &n);
                                end = zv + n;
-                               if (EXPECTED(!ht)) {
+                               if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) {
+                                       ht = NULL;
                                        if (!n) goto next;
                                        while (!Z_REFCOUNTED_P(--end)) {
                                                /* count non-refcounted for compatibility ??? */
Unnamed repository; edit this file 'description' to name the repository.