]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2bec5d1)
Fixed bug #68252 (segfault in Zend/zend_hash.c in function _zend_hash_del_el)
authorXinchen Hui <laruence@php.net>
Tue, 28 Oct 2014 09:36:03 +0000 (17:36 +0800)
committerXinchen Hui <laruence@php.net>
Tue, 28 Oct 2014 09:36:03 +0000 (17:36 +0800)
Don't leave a UNDEF gap in function_table

NEWS patch | blob | history
Zend/zend_builtin_functions.c patch | blob | history
ext/opcache/tests/bug68252.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 1c9fd616efa4deb84069d7e3ac566acdd450a1ff..56441a87914744a1bf7cf7c86198b760f50e5aa7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,8 @@ PHP                                                                        NEWS
   . Update the MIME type list from the one shipped by Apache HTTPD. (Adam)
 
 - Core:
+  . Fixed bug #68252 (segfault in Zend/zend_hash.c in function
+    _zend_hash_del_el). (Laruence)
   . Added PHP_INT_MIN constant. (Andrea)
   . Added Closure::call() method. (Andrea)
   . Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk)
diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index 8203d39e510a84270e5398ed7b1bd91e76e58873..940cdefc81cf4abb2bf90a484750273a3e40904c 100644 (file)
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -1830,6 +1830,7 @@ ZEND_FUNCTION(create_function)
                        RETURN_FALSE;
                }
                (*func->refcount)++;
+               zend_hash_str_del(EG(function_table), LAMBDA_TEMP_FUNCNAME, sizeof(LAMBDA_TEMP_FUNCNAME)-1);
 
                function_name = zend_string_alloc(sizeof("0lambda_")+MAX_LENGTH_OF_LONG, 0);
                function_name->val[0] = '\0';
@@ -1839,7 +1840,6 @@ ZEND_FUNCTION(create_function)
                } while (zend_hash_add_ptr(EG(function_table), function_name, func) == NULL);
                static_variables = func->static_variables;
                func->static_variables = NULL;
-               zend_hash_str_del(EG(function_table), LAMBDA_TEMP_FUNCNAME, sizeof(LAMBDA_TEMP_FUNCNAME)-1);
                func->static_variables = static_variables;
                RETURN_STR(function_name);
        } else {
diff --git a/ext/opcache/tests/bug68252.phpt b/ext/opcache/tests/bug68252.phpt
new file mode 100644 (file)
index 0000000..e05467a
--- /dev/null
+++ b/ext/opcache/tests/bug68252.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #68252 (segfault in Zend/zend_hash.c in function _zend_hash_del_el)
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.fast_shutdown=1
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+/* run this test script with valgrind */
+function a() {
+       echo "okey";
+}
+
+create_function('', 'var_dump("22");');
+
+a();
+--EXPECT--
+okey
Unnamed repository; edit this file 'description' to name the repository.