Fixed shared memory corruption of opcode caches

diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 7e5074f752a7652e7a5db6e05148f71c9abab7c6..dec7f67fe2916fc02c94f95279625e7bad2b6ffc 100644 (file)
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -452,6 +452,19 @@ ZEND_API int zend_is_true(zval *op)
 #define IS_CONSTANT_VISITED(p)    (Z_TYPE_P(p) & IS_VISITED_CONSTANT)
 #define MARK_CONSTANT_VISITED(p)  Z_TYPE_P(p) |= IS_VISITED_CONSTANT
 
+static void zval_deep_copy(zval **p)
+{
+       zval *value;
+
+       ALLOC_ZVAL(value);
+       *value = **p;
+       Z_TYPE_P(value) &= ~IS_CONSTANT_INDEX;
+       zval_copy_ctor(value);
+       Z_TYPE_P(value) = Z_TYPE_PP(p);
+       INIT_PZVAL(value);
+       *p = value;
+}
+
 ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *scope TSRMLS_DC)
 {
        zval *p = *pp;
@@ -503,6 +516,16 @@ ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *sco
                p = *pp;
                Z_TYPE_P(p) = IS_ARRAY;
 
+               if (!inline_change) {
+                       zval *tmp;
+                       HashTable *tmp_ht = NULL;
+
+                       ALLOC_HASHTABLE(tmp_ht);
+                       zend_hash_init(tmp_ht, zend_hash_num_elements(Z_ARRVAL_P(p)), NULL, ZVAL_PTR_DTOR, 0);
+                       zend_hash_copy(tmp_ht, Z_ARRVAL_P(p), (copy_ctor_func_t) zval_deep_copy, (void *) &tmp, sizeof(zval *));
+                       Z_ARRVAL_P(p) = tmp_ht;
+               } 
+
                /* First go over the array and see if there are any constant indices */
                zend_hash_internal_pointer_reset(Z_ARRVAL_P(p));
                while (zend_hash_get_current_data(Z_ARRVAL_P(p), (void **) &element)==SUCCESS) {

diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index e9e5b3a7c63cf681407d43f24332ef877f19c06c..4ea3dea5b314d751e64817b87e66596d2c1e7fde 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2403,9 +2403,6 @@ ZEND_VM_HANDLER(64, ZEND_RECV_INIT, ANY, CONST)
 
                        ALLOC_ZVAL(default_value);
                        *default_value = opline->op2.u.constant;
-                       if (Z_TYPE(opline->op2.u.constant)==IS_CONSTANT_ARRAY) {
-                               zval_copy_ctor(default_value);
-                       }
                        default_value->refcount=1;
                        zval_update_constant(&default_value, 0 TSRMLS_CC);
                        default_value->refcount=0;

diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 0da39e33a5a1fe45ba14157aea1bb1f3a3906ed3..79e1a1067582a270d4a9ce9f278d552e8f33e992 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -777,9 +777,6 @@ static int ZEND_RECV_INIT_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 
                        ALLOC_ZVAL(default_value);
                        *default_value = opline->op2.u.constant;
-                       if (Z_TYPE(opline->op2.u.constant)==IS_CONSTANT_ARRAY) {
-                               zval_copy_ctor(default_value);
-                       }
                        default_value->refcount=1;
                        zval_update_constant(&default_value, 0 TSRMLS_CC);
                        default_value->refcount=0;