]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 83bef0e)
Fixed bug #70601 (Segfault in gc_remove_from_buffer())
authorXinchen Hui <laruence@gmail.com>
Sun, 4 Oct 2015 02:38:56 +0000 (19:38 -0700)
committerXinchen Hui <laruence@gmail.com>
Sun, 4 Oct 2015 02:38:56 +0000 (19:38 -0700)
NEWS patch | blob | history
ext/opcache/Optimizer/pass1_5.c patch | blob | history
ext/opcache/tests/bug70601.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 7f5c7a40a636273856d023bcce5a62da43ab8ec2..4adadb20835bd2ab864f56da9110e311b68345ae 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,9 @@ PHP                                                                        NEWS
    (Andrey)
   . Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
 
+- Opcache:
+  . Fixed bug #70601 (Segfault in gc_remove_from_buffer()). (Laruence)
+
 01 Oct 2015, PHP 5.6.14
 
 - Core:
diff --git a/ext/opcache/Optimizer/pass1_5.c b/ext/opcache/Optimizer/pass1_5.c
index 4ed3dd4c85f52f1a42e795a4c97491c0f6172a0b..1302e4b1826504c23aa12c82761b7e2911373c0c 100644 (file)
--- a/ext/opcache/Optimizer/pass1_5.c
+++ b/ext/opcache/Optimizer/pass1_5.c
@@ -314,9 +314,11 @@ if (ZEND_OPTIMIZER_PASS_1 & OPTIMIZATION_LEVEL) {
                                                            ZEND_IS_CONSTANT_TYPE(Z_TYPE(t))) {
                                                                break;
                                                        }
-                                               } else {
+                                               } else if (Z_TYPE_PP(c) <= IS_BOOL || Z_TYPE_PP(c) == IS_STRING) {
                                                        t = **c;
                                                        zval_copy_ctor(&t);
+                                               } else {
+                                                       break;
                                                }
 
                                                if (ZEND_OP1_TYPE(opline) == IS_CONST) {
diff --git a/ext/opcache/tests/bug70601.phpt b/ext/opcache/tests/bug70601.phpt
new file mode 100644 (file)
index 0000000..55b1d7e
--- /dev/null
+++ b/ext/opcache/tests/bug70601.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Bug #70601 (Segfault in gc_remove_from_buffer())
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.protect_memory=1
+--SKIPIF--
+<?php if (!extension_loaded('Zend OPcache')) die("skip"); ?>
+--FILE--
+<?php
+const REPLACEMENTS_PASS_1 = [ "\x00" => "" ];
+class a {
+       const REPLACEMENTS_PASS_1 = [ "\x01" => "" ];
+       public function __construct() {
+               echo strtr("Ok",  REPLACEMENTS_PASS_1);
+               echo strtr("ay", self::REPLACEMENTS_PASS_1);
+       }
+}
+
+new a();
+?>
+--EXPECT--
+Okay
Unnamed repository; edit this file 'description' to name the repository.