. Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight
columns). (Tian Yang)
+- PCNTL:
+ . Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure
+ overwrite). (Laruence)
+
- Opcache:
. Fixed bug #72014 (Including a file with anonymous classes multiple times
leads to fatal error). (Laruence)
struct rusage rusage;
#endif
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "lz/|lz/", &pid, &z_status, &options, &z_rusage) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "lz/|lz/", &pid, &z_status, &options, &z_rusage) == FAILURE) {
return;
+ }
- convert_to_long_ex(z_status);
-
- status = Z_LVAL_P(z_status);
+ status = zval_get_long(z_status);
#ifdef HAVE_WAIT4
if (z_rusage) {
}
#endif
- Z_LVAL_P(z_status) = status;
+ zval_dtor(z_status);
+ ZVAL_LONG(z_status, status);
RETURN_LONG((zend_long) child_id);
}
struct rusage rusage;
#endif
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "z/|lz/", &z_status, &options, &z_rusage) == FAILURE)
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "z/|lz/", &z_status, &options, &z_rusage) == FAILURE) {
return;
+ }
- convert_to_long_ex(z_status);
-
- status = Z_LVAL_P(z_status);
+ status = zval_get_long(z_status);
#ifdef HAVE_WAIT3
if (z_rusage) {
if (Z_TYPE_P(z_rusage) != IS_ARRAY) {
PHP_RUSAGE_TO_ARRAY(rusage, z_rusage);
}
#endif
- Z_LVAL_P(z_status) = status;
+
+ zval_dtor(z_status);
+ ZVAL_LONG(z_status, status);
RETURN_LONG((zend_long) child_id);
}
--- /dev/null
+--TEST--
+Bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite)
+--SKIPIF--
+<?php if (!extension_loaded("pcntl")) print "skip"; ?>
+--FILE--
+<?php
+$b = 666;
+var_dump($b);
+$c = &$b;
+$var5 = pcntl_wait($b,0,$c);
+unset($b);
+
+$b = 666;
+var_dump($b);
+$c = &$b;
+$var5 = pcntl_waitpid(0,$b,0,$c);
+unset($b);
+?>
+--EXPECT--
+int(666)
+int(666)
projects / php / commitdiff