Fixed bug #43175 (__destruct() throwing an exception with __call() causes segfault)

diff --git a/NEWS b/NEWS
index f1f30713a6358ad9e017c533fd796b85c3913f49..769831bf86cd576de7183de6c2a6909a4f0ddc1b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2008, PHP 5.2.6
+- Fixed bug #43175 (__destruct() throwing an exception with __call() causes
+  segfault). (Dmitry)
 
 08 Nov 2007, PHP 5.2.5
 - Upgraded PCRE to version 7.3 (Nuno)

diff --git a/Zend/tests/bug43175.phpt b/Zend/tests/bug43175.phpt
new file mode 100755 (executable)
index 0000000..3bf6bef
--- /dev/null
+++ b/Zend/tests/bug43175.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #43175 (__destruct() throwing an exception with __call() causes segfault)
+--FILE--
+<?php
+
+class foobar {
+    public function __destruct() {
+        throw new Exception();
+    }
+    public function __call($m, $a) {
+        return $this;
+    }
+}
+function foobar() {
+    return new foobar();
+}
+try {
+    foobar()->unknown();
+} catch (Exception $e) {
+    echo "__call via traditional factory should be caught\n";
+}
+?>
+--EXPECT--
+__call via traditional factory should be caught

diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 514c3f299e1efbc01e3220f7270eb420e4b66ec5..c3919f166d039ede08846c0996e8454be42adf95 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1995,6 +1995,8 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY)
                }
        }
 
+       EX(function_state).function = (zend_function *) EX(op_array);
+       EG(function_state_ptr) = &EX(function_state);
        ctor_opline = (zend_op*)zend_ptr_stack_pop(&EG(arg_types_stack));
 
        if (EG(This)) {
@@ -2017,8 +2019,6 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY)
        }
        zend_ptr_stack_2_pop(&EG(arg_types_stack), (void**)&EX(object), (void**)&EX(fbc));
 
-       EX(function_state).function = (zend_function *) EX(op_array);
-       EG(function_state_ptr) = &EX(function_state);
        zend_ptr_stack_clear_multiple(TSRMLS_C);
 
        if (EG(exception)) {

diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 8ce7ef972488c740c896c449645c1a76ea2071a1..8f8fdf3258b4fc6bd572284910250dbc8f02fe35 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -280,6 +280,8 @@ static int zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
                }
        }
 
+       EX(function_state).function = (zend_function *) EX(op_array);
+       EG(function_state_ptr) = &EX(function_state);
        ctor_opline = (zend_op*)zend_ptr_stack_pop(&EG(arg_types_stack));
 
        if (EG(This)) {
@@ -302,8 +304,6 @@ static int zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
        }
        zend_ptr_stack_2_pop(&EG(arg_types_stack), (void**)&EX(object), (void**)&EX(fbc));
 
-       EX(function_state).function = (zend_function *) EX(op_array);
-       EG(function_state_ptr) = &EX(function_state);
        zend_ptr_stack_clear_multiple(TSRMLS_C);
 
        if (EG(exception)) {