From: Xinchen Hui Date: Thu, 26 Jan 2012 01:21:35 +0000 (+0000) Subject: Fixed bug #60825 (Segfault when running symfony 2 tests) X-Git-Tag: php-5.4.0RC7~28 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=120745123933624508f370732616ab53386115b1;p=php Fixed bug #60825 (Segfault when running symfony 2 tests) --- diff --git a/NEWS b/NEWS index bdfcc81e4a..4a08318355 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,8 @@ PHP NEWS $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick) . Fixed bug #60809 (TRAITS - PHPDoc Comment Style Bug). (Dmitry) . Fixed bug #60768 (Output buffer not discarded) (Mike) + . Fixed bug #60825 (Segfault when running symfony 2 tests). + (Dmitry, Laruence) - Hash . Fixed bug #60221 (Tiger hash output byte order) (Mike) diff --git a/Zend/tests/bug60825.phpt b/Zend/tests/bug60825.phpt new file mode 100644 index 0000000000..0aeb8f77e3 --- /dev/null +++ b/Zend/tests/bug60825.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #60825 (Segfault when running symfony 2 tests) +--DESCRIPTION-- +run this with valgrind +--FILE-- + +--EXPECTF-- +string(%d) "%sbug60825.php" refcount(2) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 9f92a67d6c..e2b487291f 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -2391,7 +2391,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV) CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); } else if (OP2_TYPE != IS_CONST && - EXPECTED(Z_TYPE_P(function_name) == IS_ARRAY) && + EXPECTED(Z_TYPE_P(function_name) == IS_ARRAY) && zend_hash_num_elements(Z_ARRVAL_P(function_name)) == 2) { zend_class_entry *ce; zval **method = NULL; @@ -2399,15 +2399,15 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV) zend_hash_index_find(Z_ARRVAL_P(function_name), 0, (void **) &obj); zend_hash_index_find(Z_ARRVAL_P(function_name), 1, (void **) &method); - + if (Z_TYPE_PP(obj) != IS_STRING && Z_TYPE_PP(obj) != IS_OBJECT) { zend_error_noreturn(E_ERROR, "First array member is not a valid class name or object"); } - + if (Z_TYPE_PP(method) != IS_STRING) { zend_error_noreturn(E_ERROR, "Second array member is not a valid method"); } - + if (Z_TYPE_PP(obj) == IS_STRING) { ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { @@ -2415,7 +2415,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV) } EX(called_scope) = ce; EX(object) = NULL; - + if (ce->get_static_method) { EX(fbc) = ce->get_static_method(ce, Z_STRVAL_PP(method), Z_STRLEN_PP(method) TSRMLS_CC); } else { @@ -2429,7 +2429,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV) if (UNEXPECTED(EX(fbc) == NULL)) { zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", Z_OBJ_CLASS_NAME_P(EX(object)), Z_STRVAL_PP(method)); } - + if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) { EX(object) = NULL; } else { @@ -3693,17 +3693,18 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY) zend_op_array *new_op_array=NULL; zend_free_op free_op1; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R); if (inc_filename->type!=IS_STRING) { - ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -3767,8 +3768,8 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY) EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } FREE_OP1(); if (UNEXPECTED(EG(exception) != NULL)) { @@ -4510,14 +4511,14 @@ ZEND_VM_C_LABEL(num_index_prop): if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 94c34a5550..5289d75722 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -2522,17 +2522,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA zend_op_array *new_op_array=NULL; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = opline->op1.zv; if (inc_filename->type!=IS_STRING) { - ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -2596,8 +2597,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } if (UNEXPECTED(EG(exception) != NULL)) { @@ -6852,17 +6853,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND zend_op_array *new_op_array=NULL; zend_free_op free_op1; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = _get_zval_ptr_tmp(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC); if (inc_filename->type!=IS_STRING) { - ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -6926,8 +6928,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } zval_dtor(free_op1.var); if (UNEXPECTED(EG(exception) != NULL)) { @@ -11209,17 +11211,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND zend_op_array *new_op_array=NULL; zend_free_op free_op1; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = _get_zval_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC); if (inc_filename->type!=IS_STRING) { - ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -11283,8 +11286,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; if (UNEXPECTED(EG(exception) != NULL)) { @@ -14038,14 +14041,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -15951,14 +15954,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -18222,14 +18225,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -21143,14 +21146,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -22477,14 +22480,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -23634,14 +23637,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -24791,14 +24794,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -26214,14 +26217,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -27061,17 +27064,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL zend_op_array *new_op_array=NULL; zval *inc_filename; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; SAVE_OPLINE(); inc_filename = _get_zval_ptr_cv_BP_VAR_R(EX_CVs(), opline->op1.var TSRMLS_CC); if (inc_filename->type!=IS_STRING) { - ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename); - zval_copy_ctor(&tmp_inc_filename); - convert_to_string(&tmp_inc_filename); - inc_filename = &tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename); + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { @@ -27135,8 +27139,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==&tmp_inc_filename) { - zval_dtor(&tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(&tmp_inc_filename); } if (UNEXPECTED(EG(exception) != NULL)) { @@ -29529,14 +29533,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -31316,14 +31320,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -33460,14 +33464,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -36118,14 +36122,14 @@ num_index_prop: if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_COPY_VALUE(&tmp, offset); - zval_copy_ctor(&tmp); - convert_to_long(&tmp); - offset = &tmp; + ZVAL_COPY_VALUE(&tmp, offset); + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + offset = &tmp; } else { /* can not be converted to proper offset, return "not set" */ result = 0; - } + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) {