From: Dmitry Stogov Date: Tue, 20 Nov 2007 09:51:44 +0000 (+0000) Subject: Fixed bug #43136 (possible crash on script execution timeout. The EG(function_state_p... X-Git-Tag: RELEASE_2_0_0a1~1338 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3f247aaf103e13b02c3c37fb296a2b9d86308d59;p=php Fixed bug #43136 (possible crash on script execution timeout. The EG(function_state_ptr) is completely removed, EG(current_execute_data)->function_state must be used instead) --- diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 0dc39395ff..1bf804d1c3 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -1445,6 +1445,7 @@ ZEND_API void execute_internal(zend_execute_data *execute_data_ptr, int return_v } \ EG(in_execution) = EX(original_in_execution); \ EG(current_execute_data) = EX(prev_execute_data); \ + EG(opline_ptr) = NULL; \ ZEND_VM_RETURN() #include "zend_vm_execute.h" diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index f3a549d39b..77d3b3c525 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -362,11 +362,11 @@ ZEND_API zstr get_active_class_name(char **space TSRMLS_DC) /* {{{ */ } return EMPTY_ZSTR; } - switch (EG(function_state_ptr)->function->type) { + switch (EG(current_execute_data)->function_state.function->type) { case ZEND_USER_FUNCTION: case ZEND_INTERNAL_FUNCTION: { - zend_class_entry *ce = EG(function_state_ptr)->function->common.scope; + zend_class_entry *ce = EG(current_execute_data)->function_state.function->common.scope; if (space) { *space = ce ? "::" : ""; @@ -389,9 +389,9 @@ ZEND_API zstr get_active_function_name(TSRMLS_D) /* {{{ */ if (!zend_is_executing(TSRMLS_C)) { return NULL_ZSTR; } - switch (EG(function_state_ptr)->function->type) { + switch (EG(current_execute_data)->function_state.function->type) { case ZEND_USER_FUNCTION: { - zstr function_name = ((zend_op_array *) EG(function_state_ptr)->function)->function_name; + zstr function_name = ((zend_op_array *)EG(current_execute_data)->function_state.function)->function_name; if (function_name.v) { return function_name; @@ -404,7 +404,7 @@ ZEND_API zstr get_active_function_name(TSRMLS_D) /* {{{ */ } break; case ZEND_INTERNAL_FUNCTION: - return ((zend_internal_function *) EG(function_state_ptr)->function)->function_name; + return ((zend_internal_function *)EG(current_execute_data)->function_state.function)->function_name; break; default: return NULL_ZSTR; @@ -655,7 +655,6 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS zend_uint i; zval **original_return_value; HashTable *calling_symbol_table; - zend_function_state *original_function_state_ptr; zend_op_array *original_op_array; zend_op **original_opline_ptr; zend_class_entry *current_scope; @@ -1045,9 +1044,6 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS zend_ptr_stack_2_push(&EG(argument_stack), (void *) (zend_uintptr_t) fci->param_count, NULL); - original_function_state_ptr = EG(function_state_ptr); - EG(function_state_ptr) = &EX(function_state); - current_scope = EG(scope); EG(scope) = calling_scope; @@ -1136,7 +1132,6 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS zval_ptr_dtor(&method_name); zval_ptr_dtor(¶ms_array); } - EG(function_state_ptr) = original_function_state_ptr; if (EG(This)) { zval_ptr_dtor(&EG(This)); @@ -1316,7 +1311,6 @@ ZEND_API int zend_u_eval_string(zend_uchar type, zstr string, zval *retval_ptr, zval pv; zend_op_array *new_op_array; zend_op_array *original_active_op_array = EG(active_op_array); - zend_function_state *original_function_state_ptr = EG(function_state_ptr); zend_uchar original_handle_op_arrays; int retval; @@ -1382,7 +1376,6 @@ ZEND_API int zend_u_eval_string(zend_uchar type, zstr string, zval *retval_ptr, EG(no_extensions)=0; EG(opline_ptr) = original_opline_ptr; EG(active_op_array) = original_active_op_array; - EG(function_state_ptr) = original_function_state_ptr; destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); EG(return_value_ptr_ptr) = original_return_value_ptr_ptr; diff --git a/Zend/zend_globals.h b/Zend/zend_globals.h index a543fe6373..18cb2d8dfd 100644 --- a/Zend/zend_globals.h +++ b/Zend/zend_globals.h @@ -157,7 +157,6 @@ struct _zend_executor_globals { zval error_zval; zval *error_zval_ptr; - zend_function_state *function_state_ptr; zend_ptr_stack arg_types_stack; /* symbol table cache */ diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c index 0d0e65acd2..93f7815f91 100644 --- a/Zend/zend_object_handlers.c +++ b/Zend/zend_object_handlers.c @@ -655,7 +655,7 @@ static void zend_std_unset_dimension(zval *object, zval *offset TSRMLS_DC) /* {{ ZEND_API void zend_std_call_user_call(INTERNAL_FUNCTION_PARAMETERS) /* {{{ */ { - zend_internal_function *func = (zend_internal_function *)EG(function_state_ptr)->function; + zend_internal_function *func = (zend_internal_function *)EG(current_execute_data)->function_state.function; zval *method_name_ptr, *method_args_ptr; zval *method_result_ptr = NULL; zend_class_entry *ce = Z_OBJCE_P(this_ptr); @@ -860,7 +860,7 @@ static union _zend_function *zend_std_get_method(zval **object_ptr, zstr method_ ZEND_API void zend_std_callstatic_user_call(INTERNAL_FUNCTION_PARAMETERS) /* {{{ */ { - zend_internal_function *func = (zend_internal_function *)EG(function_state_ptr)->function; + zend_internal_function *func = (zend_internal_function *)EG(current_execute_data)->function_state.function; zval *method_name_ptr, *method_args_ptr; zval *method_result_ptr = NULL; zend_class_entry *ce = EG(scope); diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 16e1e7cc92..fda3514ce3 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -2088,8 +2088,6 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY) zend_execute_internal(EXECUTE_DATA, return_value_used TSRMLS_CC); } - EG(current_execute_data) = EXECUTE_DATA; - /* We shouldn't fix bad extensions here, because it can break proper ones (Bug #34045) if (!EX(function_state).function->common.return_reference) { @@ -2168,7 +2166,6 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY) } EX(function_state).function = (zend_function *) EX(op_array); - EG(function_state_ptr) = &EX(function_state); if (EG(This)) { if (EG(exception) && IS_CTOR_CALL(EX(called_scope))) { @@ -3126,7 +3123,6 @@ skip_compile: EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index cc22f5de17..8d2e1a6b35 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -75,7 +75,6 @@ ZEND_API void execute(zend_op_array *op_array TSRMLS_DC) EG(opline_ptr) = &EX(opline); EX(function_state).function = (zend_function *) op_array; - EG(function_state_ptr) = &EX(function_state); while (1) { #ifdef ZEND_WIN32 @@ -85,7 +84,7 @@ ZEND_API void execute(zend_op_array *op_array TSRMLS_DC) #endif if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) { - return; + return; } } @@ -204,8 +203,6 @@ static int zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS) zend_execute_internal(execute_data, return_value_used TSRMLS_CC); } - EG(current_execute_data) = execute_data; - /* We shouldn't fix bad extensions here, because it can break proper ones (Bug #34045) if (!EX(function_state).function->common.return_reference) { @@ -284,7 +281,6 @@ static int zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS) } EX(function_state).function = (zend_function *) EX(op_array); - EG(function_state_ptr) = &EX(function_state); if (EG(This)) { if (EG(exception) && IS_CTOR_CALL(EX(called_scope))) { @@ -1907,7 +1903,6 @@ skip_compile: EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { @@ -5115,7 +5110,6 @@ skip_compile: EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { @@ -8411,7 +8405,6 @@ skip_compile: EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { @@ -21935,7 +21928,6 @@ skip_compile: EG(opline_ptr) = &EX(opline); EG(active_op_array) = EX(op_array); - EG(function_state_ptr) = &EX(function_state); destroy_op_array(new_op_array TSRMLS_CC); efree(new_op_array); if (EG(exception)) { diff --git a/Zend/zend_vm_execute.skl b/Zend/zend_vm_execute.skl index cf114e95a8..5076e5ee8b 100644 --- a/Zend/zend_vm_execute.skl +++ b/Zend/zend_vm_execute.skl @@ -46,7 +46,6 @@ ZEND_API void {%EXECUTOR_NAME%}(zend_op_array *op_array TSRMLS_DC) EG(opline_ptr) = &EX(opline); EX(function_state).function = (zend_function *) op_array; - EG(function_state_ptr) = &EX(function_state); while (1) { {%ZEND_VM_CONTINUE_LABEL%} @@ -57,7 +56,7 @@ ZEND_API void {%EXECUTOR_NAME%}(zend_op_array *op_array TSRMLS_DC) #endif {%ZEND_VM_DISPATCH%} { - {%INTERNAL_EXECUTOR%} + {%INTERNAL_EXECUTOR%} } } diff --git a/ext/com_dotnet/com_com.c b/ext/com_dotnet/com_com.c index 60bccd96bb..cf6cf8d283 100644 --- a/ext/com_dotnet/com_com.c +++ b/ext/com_dotnet/com_com.c @@ -469,7 +469,7 @@ int php_com_do_invoke_byref(php_com_dotnet_object *obj, char *name, int namelen, HRESULT hr; VARIANT *vargs = NULL, *byref_vals = NULL; int i, byref_count = 0, j; - zend_internal_function *f = (zend_internal_function*)EG(function_state_ptr)->function; + zend_internal_function *f = (zend_internal_function*)EG(current_execute_data)->function_state.function; /* assumption: that the active function (f) is the function we generated for the engine */ if (!f || f->arg_info == NULL) { diff --git a/ext/com_dotnet/com_handlers.c b/ext/com_dotnet/com_handlers.c index f4ea8a5790..211607107e 100644 --- a/ext/com_dotnet/com_handlers.c +++ b/ext/com_dotnet/com_handlers.c @@ -255,7 +255,7 @@ static void function_dtor(void *pDest) static PHP_FUNCTION(com_method_handler) { Z_OBJ_HANDLER_P(getThis(), call_method)( - ((zend_internal_function*)EG(function_state_ptr)->function)->function_name, + ((zend_internal_function*)EG(current_execute_data)->function_state.function)->function_name, INTERNAL_FUNCTION_PARAM_PASSTHRU); } diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c index f83518e3e3..a9bdc6661f 100755 --- a/ext/spl/php_spl.c +++ b/ext/spl/php_spl.c @@ -265,7 +265,6 @@ PHP_FUNCTION(spl_autoload) zval **original_return_value = EG(return_value_ptr_ptr); zend_op **original_opline_ptr = EG(opline_ptr); zend_op_array *original_active_op_array = EG(active_op_array); - zend_function_state *original_function_state_ptr = EG(function_state_ptr); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "x|x", &class_name, &class_name_len, &file_exts, &file_exts_len) == FAILURE) { RETURN_FALSE; @@ -277,7 +276,6 @@ PHP_FUNCTION(spl_autoload) EG(return_value_ptr_ptr) = original_return_value; EG(opline_ptr) = original_opline_ptr; EG(active_op_array) = original_active_op_array; - EG(function_state_ptr) = original_function_state_ptr; if (unicode) { pos2.u = u_strchr(pos1.u, ','); if (pos2.u) *pos2.u = '\0'; @@ -306,7 +304,6 @@ PHP_FUNCTION(spl_autoload) EG(return_value_ptr_ptr) = original_return_value; EG(opline_ptr) = original_opline_ptr; EG(active_op_array) = original_active_op_array; - EG(function_state_ptr) = original_function_state_ptr; if (!found && !SPL_G(autoload_running)) { zend_throw_exception_ex(spl_ce_LogicException, 0 TSRMLS_CC, "Class %v could not be loaded", class_name);