From: Xinchen Hui <laruence@php.net>
Date: Tue, 24 Jan 2012 14:39:45 +0000 (+0000)
Subject: Re-fixed bug #60825 (Segfault when running symfony 2 tests)
X-Git-Tag: PHP-5.4.1-RC1~26^2~131
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6b1d3b3d10150b01e7cafdc29bab799735688b53;p=php

Re-fixed bug #60825 (Segfault when running symfony 2 tests)
---

diff --git a/NEWS b/NEWS
index 66ff0cc00a..773f84b5e2 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 - Core:
  . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
    (rui)
+ . Fixed bug #60825 (Segfault when running symfony 2 tests).
+   (Dmitry, Laruence)
 
 - Firebird Database extension (ibase):
  . Fixed bug #60802 (ibase_trans() gives segfault when passing params).
diff --git a/Zend/tests/bug60825.phpt b/Zend/tests/bug60825.phpt
new file mode 100644
index 0000000000..0aeb8f77e3
--- /dev/null
+++ b/Zend/tests/bug60825.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #60825 (Segfault when running symfony 2 tests)
+--DESCRIPTION--
+run this with valgrind
+--FILE--
+<?php
+class test {
+	public static $x;
+	public function __toString() {
+		self::$x = $this;
+		return __FILE__;
+	}
+}
+$a = new test;
+require_once $a;
+debug_zval_dump(test::$x);
+?>
+--EXPECTF--
+string(%d) "%sbug60825.php" refcount(2)
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 635127776f..34020fb9fc 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -3224,14 +3224,15 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY)
 	int return_value_used;
 	zend_free_op free_op1;
 	zval *inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R);
-	zval tmp_inc_filename;
+	zval *tmp_inc_filename = NULL;
 	zend_bool failure_retval=0;
 
 	if (inc_filename->type!=IS_STRING) {
-		tmp_inc_filename = *inc_filename;
-		zval_copy_ctor(&tmp_inc_filename);
-		convert_to_string(&tmp_inc_filename);
-		inc_filename = &tmp_inc_filename;
+		MAKE_STD_ZVAL(tmp_inc_filename);
+		*tmp_inc_filename = *inc_filename;
+		zval_copy_ctor(tmp_inc_filename);
+		convert_to_string(tmp_inc_filename);
+		inc_filename = tmp_inc_filename;
 	}
 
 	return_value_used = RETURN_VALUE_USED(opline);
@@ -3297,8 +3298,8 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY)
 			EMPTY_SWITCH_DEFAULT_CASE()
 		}
 	}
-	if (inc_filename==&tmp_inc_filename) {
-		zval_dtor(&tmp_inc_filename);
+	if (tmp_inc_filename) {
+		zval_ptr_dtor(&tmp_inc_filename);
 	}
 	FREE_OP1();
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index d2c96a4588..2889965e9d 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1902,14 +1902,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA
 	int return_value_used;
 
 	zval *inc_filename = &opline->op1.u.constant;
-	zval tmp_inc_filename;
+	zval *tmp_inc_filename = NULL;
 	zend_bool failure_retval=0;
 
 	if (inc_filename->type!=IS_STRING) {
-		tmp_inc_filename = *inc_filename;
-		zval_copy_ctor(&tmp_inc_filename);
-		convert_to_string(&tmp_inc_filename);
-		inc_filename = &tmp_inc_filename;
+		MAKE_STD_ZVAL(tmp_inc_filename);
+		*tmp_inc_filename = *inc_filename;
+		zval_copy_ctor(tmp_inc_filename);
+		convert_to_string(tmp_inc_filename);
+		inc_filename = tmp_inc_filename;
 	}
 
 	return_value_used = RETURN_VALUE_USED(opline);
@@ -1975,8 +1976,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA
 			EMPTY_SWITCH_DEFAULT_CASE()
 		}
 	}
-	if (inc_filename==&tmp_inc_filename) {
-		zval_dtor(&tmp_inc_filename);
+	if (tmp_inc_filename) {
+		zval_ptr_dtor(&tmp_inc_filename);
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -5190,14 +5191,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND
 	int return_value_used;
 	zend_free_op free_op1;
 	zval *inc_filename = _get_zval_ptr_tmp(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-	zval tmp_inc_filename;
+	zval *tmp_inc_filename = NULL;
 	zend_bool failure_retval=0;
 
 	if (inc_filename->type!=IS_STRING) {
-		tmp_inc_filename = *inc_filename;
-		zval_copy_ctor(&tmp_inc_filename);
-		convert_to_string(&tmp_inc_filename);
-		inc_filename = &tmp_inc_filename;
+		MAKE_STD_ZVAL(tmp_inc_filename);
+		*tmp_inc_filename = *inc_filename;
+		zval_copy_ctor(tmp_inc_filename);
+		convert_to_string(tmp_inc_filename);
+		inc_filename = tmp_inc_filename;
 	}
 
 	return_value_used = RETURN_VALUE_USED(opline);
@@ -5263,8 +5265,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND
 			EMPTY_SWITCH_DEFAULT_CASE()
 		}
 	}
-	if (inc_filename==&tmp_inc_filename) {
-		zval_dtor(&tmp_inc_filename);
+	if (tmp_inc_filename) {
+		zval_ptr_dtor(&tmp_inc_filename);
 	}
 	zval_dtor(free_op1.var);
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -8573,14 +8575,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND
 	int return_value_used;
 	zend_free_op free_op1;
 	zval *inc_filename = _get_zval_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-	zval tmp_inc_filename;
+	zval *tmp_inc_filename = NULL;
 	zend_bool failure_retval=0;
 
 	if (inc_filename->type!=IS_STRING) {
-		tmp_inc_filename = *inc_filename;
-		zval_copy_ctor(&tmp_inc_filename);
-		convert_to_string(&tmp_inc_filename);
-		inc_filename = &tmp_inc_filename;
+		MAKE_STD_ZVAL(tmp_inc_filename);
+		*tmp_inc_filename = *inc_filename;
+		zval_copy_ctor(tmp_inc_filename);
+		convert_to_string(tmp_inc_filename);
+		inc_filename = tmp_inc_filename;
 	}
 
 	return_value_used = RETURN_VALUE_USED(opline);
@@ -8646,8 +8649,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND
 			EMPTY_SWITCH_DEFAULT_CASE()
 		}
 	}
-	if (inc_filename==&tmp_inc_filename) {
-		zval_dtor(&tmp_inc_filename);
+	if (tmp_inc_filename) {
+		zval_ptr_dtor(&tmp_inc_filename);
 	}
 	if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -22465,14 +22468,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL
 	int return_value_used;
 
 	zval *inc_filename = _get_zval_ptr_cv(&opline->op1, EX(Ts), BP_VAR_R TSRMLS_CC);
-	zval tmp_inc_filename;
+	zval *tmp_inc_filename = NULL;
 	zend_bool failure_retval=0;
 
 	if (inc_filename->type!=IS_STRING) {
-		tmp_inc_filename = *inc_filename;
-		zval_copy_ctor(&tmp_inc_filename);
-		convert_to_string(&tmp_inc_filename);
-		inc_filename = &tmp_inc_filename;
+		MAKE_STD_ZVAL(tmp_inc_filename);
+		*tmp_inc_filename = *inc_filename;
+		zval_copy_ctor(tmp_inc_filename);
+		convert_to_string(tmp_inc_filename);
+		inc_filename = tmp_inc_filename;
 	}
 
 	return_value_used = RETURN_VALUE_USED(opline);
@@ -22538,8 +22542,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL
 			EMPTY_SWITCH_DEFAULT_CASE()
 		}
 	}
-	if (inc_filename==&tmp_inc_filename) {
-		zval_dtor(&tmp_inc_filename);
+	if (tmp_inc_filename) {
+		zval_ptr_dtor(&tmp_inc_filename);
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;