Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex)

diff --git a/NEWS b/NEWS
index 8d5a381ec663f9fdba4e4dca38f566c3778bb2eb..8c5b74eb4cc979b7bf13b3c2396da80d505c467e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 03 Sep 2015, PHP 7.0.0 RC 2
 
 - Core:
+  . Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex)
+    (Dmitry, Bob, Laruence)
   . Fixed bug #70332 (Wrong behavior while returning reference on object).
     (Laruence, Dmitry)
   . Fixed bug #70300 (Syntactical inconsistency with new group use syntax).

diff --git a/Zend/tests/bug70398.phpt b/Zend/tests/bug70398.phpt
new file mode 100644 (file)
index 0000000..8c0b1ab
--- /dev/null
+++ b/Zend/tests/bug70398.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex)
+--FILE--
+<?php
+
+define("FILE_STREAM", fopen("php://temp", "r"));
+
+
+$array = array(
+       fopen("php://temp", "r"),
+);
+
+define("FILE_STREAMS", $array);
+?>
+OK
+--EXPECT--
+OK

diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index fc834dfa0eb75929efd7274452e1063bd21dabd3..818cc54dd0783aac1c62868c42dd3e51f4ae1ceb 100644 (file)
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -780,6 +780,8 @@ static void copy_constant_array(zval *dst, zval *src) /* {{{ */
                        if (!Z_IMMUTABLE_P(val)) {
                                copy_constant_array(new_val, val);
                        }
+               } else if (Z_TYPE_INFO_P(val) == IS_RESOURCE_EX) {
+                       Z_TYPE_INFO_P(new_val) &= ~(IS_TYPE_REFCOUNTED << Z_TYPE_FLAGS_SHIFT);
                } else if (Z_REFCOUNTED_P(val)) {
                        Z_ADDREF_P(val);
                }
@@ -810,7 +812,7 @@ ZEND_FUNCTION(define)
        ZEND_PARSE_PARAMETERS_END();
 #endif
 
-       if(non_cs) {
+       if (non_cs) {
                case_sensitive = 0;
        }
 
@@ -829,9 +831,14 @@ repeat:
                case IS_STRING:
                case IS_FALSE:
                case IS_TRUE:
-               case IS_RESOURCE:
                case IS_NULL:
                        break;
+               case IS_RESOURCE:
+                       ZVAL_COPY(&val_free, val);
+                       /* TODO: better solution than this tricky disable dtor on resource? */
+                       Z_TYPE_INFO(val_free) &= ~(IS_TYPE_REFCOUNTED << Z_TYPE_FLAGS_SHIFT);
+                       val = &val_free;
+                       break;
                case IS_ARRAY:
                        if (!Z_IMMUTABLE_P(val)) {
                                if (!validate_constant_array(Z_ARRVAL_P(val))) {