From: Dmitry Stogov Date: Fri, 9 Aug 2019 12:58:33 +0000 (+0300) Subject: Merge branch 'PHP-7.3' into PHP-7.4 X-Git-Tag: php-7.4.0beta4~42 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1456467cfe19379150a06592d9362091d443d255;p=php Merge branch 'PHP-7.3' into PHP-7.4 * PHP-7.3: Fixed second part of the bug #78379 (Cast to object confuses GC, causes crash) --- 1456467cfe19379150a06592d9362091d443d255 diff --cc Zend/zend_gc.c index fcab58b1f5,d1fcbf00ca..97a7edaac2 --- a/Zend/zend_gc.c +++ b/Zend/zend_gc.c @@@ -699,9 -699,10 +699,10 @@@ tail_call zval tmp; ZVAL_OBJ(&tmp, obj); - ht = get_gc(&tmp, &zv, &n); + ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { if (zv == end) goto next; @@@ -816,9 -821,10 +819,10 @@@ static void gc_mark_grey(zend_refcounte zval tmp; ZVAL_OBJ(&tmp, obj); - ht = get_gc(&tmp, &zv, &n); + ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_GREY))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { if (zv == end) goto next; @@@ -1004,9 -1014,10 +1010,10 @@@ tail_call zval tmp; ZVAL_OBJ(&tmp, obj); - ht = get_gc(&tmp, &zv, &n); + ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(!GC_REF_CHECK_COLOR(ht, GC_GREY))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { if (zv == end) goto next; @@@ -1173,9 -1188,10 +1182,10 @@@ static int gc_collect_white(zend_refcou *flags |= GC_HAS_DESTRUCTORS; } ZVAL_OBJ(&tmp, obj); - ht = get_gc(&tmp, &zv, &n); + ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { /* count non-refcounted for compatibility ??? */