zval ***params;
zval *retval;
zval *z_error_type, *z_error_message, *z_error_filename, *z_error_lineno, *z_context;
- zval lz_context;
char *error_filename;
uint error_lineno;
zval *orig_user_error_handler;
ALLOC_INIT_ZVAL(z_error_type);
ALLOC_INIT_ZVAL(z_error_filename);
ALLOC_INIT_ZVAL(z_error_lineno);
+ ALLOC_INIT_ZVAL(z_context);
z_error_message->value.str.len = zend_vspprintf(&z_error_message->value.str.val, 0, format, args);
z_error_message->type = IS_STRING;
z_error_lineno->value.lval = error_lineno;
z_error_lineno->type = IS_LONG;
- lz_context.value.ht = EG(active_symbol_table);
- lz_context.type = IS_ARRAY;
- lz_context.is_ref = 1;
- lz_context.refcount = 2; /* we don't want this one to be freed */
- z_context = &lz_context;
+ z_context->value.ht = EG(active_symbol_table);
+ z_context->type = IS_ARRAY;
+ ZVAL_ADDREF(z_context); /* we don't want this one to be freed */
params = (zval ***) emalloc(sizeof(zval **)*5);
params[0] = &z_error_type;
zval_ptr_dtor(&z_error_type);
zval_ptr_dtor(&z_error_filename);
zval_ptr_dtor(&z_error_lineno);
- ZVAL_DELREF(z_context);
+ if (ZVAL_REFCOUNT(z_context) == 2) {
+ FREE_ZVAL(z_context);
+ }
break;
}
--- /dev/null
+--TEST--
+Bug #25922 (SEGV in error_handler when context is destroyed)
+--INI--
+error_reporting=2047
+--FILE--
+<?php
+function my_error_handler($error, $errmsg='', $errfile='', $errline=0, $errcontext='')
+{
+ $errcontext = '';
+}
+
+set_error_handler('my_error_handler');
+
+function test()
+{
+ echo "Undefined index here: '{$data['HTTP_HEADER']}'\n";
+}
+test();
+?>
+--EXPECT--
+Undefined index here: ''
projects / php / commitdiff