From: Dmitry Stogov <dmitry@zend.com>
Date: Fri, 9 Aug 2019 12:58:16 +0000 (+0300)
Subject: Merge branch 'PHP-7.2' into PHP-7.3
X-Git-Tag: php-7.3.9RC1~7
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=22d23e08c927f07b0bc7ed72dbfc3d8ea79bed7c;p=php

Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Fixed second part of the bug #78379 (Cast to object confuses GC, causes crash)
---

22d23e08c927f07b0bc7ed72dbfc3d8ea79bed7c
diff --cc Zend/zend_gc.c
index 60fa7fdd15,55f7271e3f..d1fcbf00ca
--- a/Zend/zend_gc.c
+++ b/Zend/zend_gc.c
@@@ -701,11 -388,14 +701,14 @@@ tail_call
  			ZVAL_OBJ(&tmp, obj);
  			ht = get_gc(&tmp, &zv, &n);
  			end = zv + n;
- 			if (EXPECTED(!ht)) {
 -			if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) == GC_BLACK)) {
++			if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) {
+ 				ht = NULL;
 -				if (!n) return;
 +				if (!n) goto next;
  				while (!Z_REFCOUNTED_P(--end)) {
 -					if (zv == end) return;
 +					if (zv == end) goto next;
  				}
+ 			} else {
+ 				GC_REF_SET_BLACK(ht);
  			}
  			while (zv != end) {
  				if (Z_REFCOUNTED_P(zv)) {
@@@ -820,11 -501,14 +823,14 @@@ static void gc_mark_grey(zend_refcounte
  				ZVAL_OBJ(&tmp, obj);
  				ht = get_gc(&tmp, &zv, &n);
  				end = zv + n;
- 				if (EXPECTED(!ht)) {
 -				if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) == GC_GREY)) {
++				if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_GREY))) {
+ 					ht = NULL;
 -					if (!n) return;
 +					if (!n) goto next;
  					while (!Z_REFCOUNTED_P(--end)) {
 -						if (zv == end) return;
 +						if (zv == end) goto next;
  					}
+ 				} else {
+ 					GC_REF_SET_COLOR(ht, GC_GREY);
  				}
  				while (zv != end) {
  					if (Z_REFCOUNTED_P(zv)) {
@@@ -1010,11 -622,14 +1016,14 @@@ tail_call
  					ZVAL_OBJ(&tmp, obj);
  					ht = get_gc(&tmp, &zv, &n);
  					end = zv + n;
- 					if (EXPECTED(!ht)) {
 -					if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) != GC_GREY)) {
++					if (EXPECTED(!ht) || UNEXPECTED(!GC_REF_CHECK_COLOR(ht, GC_GREY))) {
+ 						ht = NULL;
 -						if (!n) return;
 +						if (!n) goto next;
  						while (!Z_REFCOUNTED_P(--end)) {
 -							if (zv == end) return;
 +							if (zv == end) goto next;
  						}
+ 					} else {
+ 						GC_REF_SET_COLOR(ht, GC_WHITE);
  					}
  					while (zv != end) {
  						if (Z_REFCOUNTED_P(zv)) {
@@@ -1181,15 -800,18 +1190,18 @@@ static int gc_collect_white(zend_refcou
  				ZVAL_OBJ(&tmp, obj);
  				ht = get_gc(&tmp, &zv, &n);
  				end = zv + n;
- 				if (EXPECTED(!ht)) {
 -				if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) == GC_BLACK)) {
++				if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) {
+ 					ht = NULL;
 -					if (!n) return count;
 +					if (!n) goto next;
  					while (!Z_REFCOUNTED_P(--end)) {
  						/* count non-refcounted for compatibility ??? */
  						if (Z_TYPE_P(zv) != IS_UNDEF) {
  							count++;
  						}
 -						if (zv == end) return count;
 +						if (zv == end) goto next;
  					}
+ 				} else {
+ 					GC_REF_SET_BLACK(ht);
  				}
  				while (zv != end) {
  					if (Z_REFCOUNTED_P(zv)) {