Fixed bug #65382 (Segfault in closure_030.phpt)

author Dmitry Stogov <dmitry@zend.com>

Mon, 12 Aug 2013 06:53:20 +0000 (10:53 +0400)

committer Dmitry Stogov <dmitry@zend.com>

Mon, 12 Aug 2013 06:53:20 +0000 (10:53 +0400)
author Dmitry Stogov <dmitry@zend.com>
Mon, 12 Aug 2013 06:53:20 +0000 (10:53 +0400)
committer Dmitry Stogov <dmitry@zend.com>
Mon, 12 Aug 2013 06:53:20 +0000 (10:53 +0400)
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h

index 19b1ff675d0a80856598a80e918a209f2aa0d4ce..027b667532ea357a89a92e7e015d09112d554f0c 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2684,7 +2684,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV)
                         if (call->object) {
                                 Z_ADDREF_P(call->object);
                         }
-                       if (OP2_TYPE == IS_VAR && OP2_FREE &&
+                       if (OP2_TYPE == IS_VAR && OP2_FREE && Z_REFCOUNT_P(function_name) == 1 &&
                             call->fbc->common.fn_flags & ZEND_ACC_CLOSURE) {
                                 /* Delay closure destruction until its invocation */
                                 call->fbc->common.prototype = (zend_function*)function_name;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h

index a3e88cdd5b04a47cb4630b0f28d770b4a5660cf9..c8214b8968f6dce522c1c2b2cb6b8cd0f1861996 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1267,7 +1267,7 @@ static int ZEND_FASTCALL  ZEND_INIT_FCALL_BY_NAME_SPEC_CONST_HANDLER(ZEND_OPCODE
                         if (call->object) {
                                 Z_ADDREF_P(call->object);
                         }
-                       if (IS_CONST == IS_VAR && 0 &&
+                       if (IS_CONST == IS_VAR && 0 && Z_REFCOUNT_P(function_name) == 1 &&
                             call->fbc->common.fn_flags & ZEND_ACC_CLOSURE) {
                                 /* Delay closure destruction until its invocation */
                                 call->fbc->common.prototype = (zend_function*)function_name;
@@ -1592,7 +1592,7 @@ static int ZEND_FASTCALL  ZEND_INIT_FCALL_BY_NAME_SPEC_TMP_HANDLER(ZEND_OPCODE_H
                         if (call->object) {
                                 Z_ADDREF_P(call->object);
                         }
-                       if (IS_TMP_VAR == IS_VAR && 1 &&
+                       if (IS_TMP_VAR == IS_VAR && 1 && Z_REFCOUNT_P(function_name) == 1 &&
                             call->fbc->common.fn_flags & ZEND_ACC_CLOSURE) {
                                 /* Delay closure destruction until its invocation */
                                 call->fbc->common.prototype = (zend_function*)function_name;
@@ -1779,7 +1779,7 @@ static int ZEND_FASTCALL  ZEND_INIT_FCALL_BY_NAME_SPEC_VAR_HANDLER(ZEND_OPCODE_H
                         if (call->object) {
                                 Z_ADDREF_P(call->object);
                         }
-                       if (IS_VAR == IS_VAR && (free_op2.var != NULL) &&
+                       if (IS_VAR == IS_VAR && (free_op2.var != NULL) && Z_REFCOUNT_P(function_name) == 1 &&
                             call->fbc->common.fn_flags & ZEND_ACC_CLOSURE) {
                                 /* Delay closure destruction until its invocation */
                                 call->fbc->common.prototype = (zend_function*)function_name;
@@ -2004,7 +2004,7 @@ static int ZEND_FASTCALL  ZEND_INIT_FCALL_BY_NAME_SPEC_CV_HANDLER(ZEND_OPCODE_HA
                         if (call->object) {
                                 Z_ADDREF_P(call->object);
                         }
-                       if (IS_CV == IS_VAR && 0 &&
+                       if (IS_CV == IS_VAR && 0 && Z_REFCOUNT_P(function_name) == 1 &&
                             call->fbc->common.fn_flags & ZEND_ACC_CLOSURE) {
                                 /* Delay closure destruction until its invocation */
                                 call->fbc->common.prototype = (zend_function*)function_name;
author	Dmitry Stogov <dmitry@zend.com>
	Mon, 12 Aug 2013 06:53:20 +0000 (10:53 +0400)
committer	Dmitry Stogov <dmitry@zend.com>
	Mon, 12 Aug 2013 06:53:20 +0000 (10:53 +0400)
Zend/zend_vm_def.h		patch \| blob \| history
Zend/zend_vm_execute.h		patch \| blob \| history