- Fixed ext/mysqli to allocate less memory when fetching bound params
of type (MEDIUM|LONG)BLOB/(MEDIUM|LONG)TEXT. (Andrey)
- Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey)
+- Fixed bug #32852 (Crash with singleton and __destruct when
+ zend.ze1_compatibility_mode = On). (Dmitry)
- Fixed bug #32813 (parse_url() does not handle scheme-only urls properly). (Ilia)
- Fixed bug #32809 (Missing T1LIB support on Windows). (Edin)
- Fixed bug #32802 (General cookie overrides more specific cookie). (Ilia)
- Fixed bug #32282 (Segfault in mysqli_fetch_array on 64-bit). (Georg)
- Fixed bug #32245 (xml_parser_free() in a function assigned to the xml parser
gives a segfault). (Rob)
+- Fixed bug #32080 (segfault when assigning object to itself with
+ zend.ze1_compatibility_mode=On). (Dmitry)
- Fixed bug #32013 (ext/mysqli bind_result causes fatal error: memory
limit). (Andrey)
- Fixed bug #31887 (ISAPI: Custom 5xx error does not return correct HTTP
response message). (Jani)
+- Fixed bug #31828 (Crash with zend.ze1_compatibility_mode=On). (Dmitry)
- Fixed bug #31668 (multi_query works exactly every other time - multi query
d/e flag global and not per connection). (Andrey)
- Fixed bug #31636 (another crash when echoing a COM object). (Wez)
--- /dev/null
+--TSTE--
+Bug #31828 (Crash with zend.ze1_compatibility_mode=On)
+--INI--
+zend.ze1_compatibility_mode=on
+--FILE--
+<?php
+$o = new stdClass();
+$o->id = 77;
+$o->name = "Aerospace";
+$a[] = $o;
+$a = $a[0];
+print_r($a);
+?>
+--EXPECT--
+stdClass Object
+(
+ [id] => 77
+ [name] => Aerospace
+)
--- /dev/null
+--TSTE--
+Bug #32080 (segfault when assigning object to itself with zend.ze1_compatibility_mode=On)
+--INI--
+zend.ze1_compatibility_mode=on
+--FILE--
+<?php
+class test { }
+$t = new test;
+$t = $t; // gives segfault
+var_dump($t);
+?>
+--EXPECT--
+object(test)#2 (0) {
+}
--- /dev/null
+--TEST--
+Bug #32852 (Crash with singleton and __destruct when zend.ze1_compatibility_mode = On)
+--INI--
+zend.ze1_compatibility_mode=on
+--FILE--
+<?php
+class crashme {
+ private static $instance = null;
+
+ public function __construct() {
+ self::$instance = $this;
+ }
+
+ public function __destruct() {
+ echo "i'm called\n";
+ }
+
+ public static function singleton() {
+ if (!isset(self::$instance)) {
+ self::$instance = new crashme();
+ }
+ return self::$instance;
+ }
+}
+
+crashme::singleton();
+?>
+--EXPECTF--
+Strict Standards: Implicit cloning object of class 'crashme' because of 'zend.ze1_compatibility_mode' in %sbug32852.php on line 6
+i'm called
+
+Strict Standards: Implicit cloning object of class 'crashme' because of 'zend.ze1_compatibility_mode' in %sbug32852.php on line 15
+i'm called
+
+Strict Standards: Implicit cloning object of class 'crashme' because of 'zend.ze1_compatibility_mode' in %sbug32852.php on line 17
+i'm called
+i'm called
if (Z_OBJ_HANDLER_P(value, clone_obj) == NULL) {
zend_error(E_ERROR, "Trying to clone an uncloneable object of class %s", Z_OBJCE_P(value)->name);
} else if (PZVAL_IS_REF(variable_ptr)) {
- if (variable_ptr != value) {
+ if (variable_ptr != value) {
zend_uint refcount = variable_ptr->refcount;
zval garbage;
zendi_zval_dtor(garbage);
}
} else {
- variable_ptr->refcount--;
- if (variable_ptr->refcount == 0) {
- zendi_zval_dtor(*variable_ptr);
- } else {
- ALLOC_ZVAL(variable_ptr);
- *variable_ptr_ptr = variable_ptr;
+ if (variable_ptr != value) {
+ value->refcount++;
+ variable_ptr->refcount--;
+ if (variable_ptr->refcount == 0) {
+ zendi_zval_dtor(*variable_ptr);
+ } else {
+ ALLOC_ZVAL(variable_ptr);
+ *variable_ptr_ptr = variable_ptr;
+ }
+ *variable_ptr = *value;
+ INIT_PZVAL(variable_ptr);
+ zend_error(E_STRICT, "Implicit cloning object of class '%s' because of 'zend.ze1_compatibility_mode'", Z_OBJCE_P(value)->name);
+ variable_ptr->value.obj = Z_OBJ_HANDLER_P(value, clone_obj)(value TSRMLS_CC);
+ zval_ptr_dtor(&value);
}
- *variable_ptr = *value;
- INIT_PZVAL(variable_ptr);
- zend_error(E_STRICT, "Implicit cloning object of class '%s' because of 'zend.ze1_compatibility_mode'", Z_OBJCE_P(value)->name);
- variable_ptr->value.obj = Z_OBJ_HANDLER_P(value, clone_obj)(value TSRMLS_CC);
}
} else if (PZVAL_IS_REF(variable_ptr)) {
if (variable_ptr!=value) {
projects / php / commitdiff