From: Dmitry Stogov <dmitry@php.net>
Date: Fri, 22 Jul 2005 07:33:03 +0000 (+0000)
Subject: Fixed bug #33802 (throw Exception in error handler causes crash)
X-Git-Tag: RELEASE_0_9~37
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1c82ec11a1ce04a9e4999a33f35d527d4e38306a;p=php

Fixed bug #33802 (throw Exception in error handler causes crash)
---

diff --git a/NEWS b/NEWS
index 4599f8bef2..ea75f7e624 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2005, PHP 5.1
+- Fixed bug #33802 (throw Exception in error handler causes crash). (Dmitry)
 - Fixed bug #33710 (ArrayAccess objects doen't initialize $this). (Dmitry)
 - Fixed bug #33578 (strtotime() problem with "Oct17" format). (Derick)
 - Fixed bug #33558 (warning with nested calls to functions returning by
diff --git a/Zend/tests/bug33802.phpt b/Zend/tests/bug33802.phpt
new file mode 100755
index 0000000000..d2f8cd736e
--- /dev/null
+++ b/Zend/tests/bug33802.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #33802 (throw Exception in error handler causes crash)
+--FILE--
+<?php
+set_error_handler('errorHandler', E_USER_ERROR);
+try{
+    test();
+}catch(Exception $e){
+}
+restore_error_handler();
+
+function test(){
+    trigger_error("error", E_USER_ERROR);
+}
+
+function errorHandler($errno, $errstr, $errfile, $errline) {
+    throw new Exception();
+}
+?>
+ok
+--EXPECT--
+ok
diff --git a/Zend/zend.c b/Zend/zend.c
index ba84e39a5f..eb79640b28 100644
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -975,8 +975,7 @@ ZEND_API void zend_error(int type, const char *format, ...)
 
 			z_context->value.ht = EG(active_symbol_table);
 			z_context->type = IS_ARRAY;
-			ZVAL_ADDREF(z_context); /* we don't want this one to be freed */
-			z_context->is_ref = 1;
+			zval_copy_ctor(z_context);
 
 			params = (zval ***) emalloc(sizeof(zval **)*5);
 			params[0] = &z_error_type;
@@ -989,9 +988,6 @@ ZEND_API void zend_error(int type, const char *format, ...)
 			EG(user_error_handler) = NULL;
 	    
 			if (call_user_function_ex(CG(function_table), NULL, orig_user_error_handler, &retval, 5, params, 1, NULL TSRMLS_CC)==SUCCESS) {
-				if (Z_TYPE_P(z_context) != IS_ARRAY || z_context->value.ht != EG(active_symbol_table)) {
-					zend_error(E_ERROR, "User error handler must not modify error context");
-				}
 				if (retval) {
 					if (Z_TYPE_P(retval) == IS_BOOL && Z_LVAL_P(retval) == 0) {
 						zend_error_cb(type, error_filename, error_lineno, format, args);
@@ -1015,12 +1011,7 @@ ZEND_API void zend_error(int type, const char *format, ...)
 			zval_ptr_dtor(&z_error_type);
 			zval_ptr_dtor(&z_error_filename);
 			zval_ptr_dtor(&z_error_lineno);
-			if (ZVAL_REFCOUNT(z_context) <= 2) {
-				FREE_ZVAL(z_context);
-			} else {
-				ZVAL_DELREF(z_context);
-				zval_ptr_dtor(&z_context);
-			}
+			zval_ptr_dtor(&z_context);
 			break;
 	}