From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 13 Aug 2019 09:44:54 +0000 (+0200)
Subject: Generalize delref assertion
X-Git-Tag: php-7.4.0beta4~27
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7bd2b9d2e6ae5ab85f01311fab585b0e4e56acd4;p=php

Generalize delref assertion

The refcount should never become negative, not just during GC.
---

diff --git a/Zend/zend_gc.c b/Zend/zend_gc.c
index 4dd0ed14c7..7ff1412ad6 100644
--- a/Zend/zend_gc.c
+++ b/Zend/zend_gc.c
@@ -833,7 +833,6 @@ static void gc_mark_grey(zend_refcounted *ref, gc_stack *stack)
 				while (zv != end) {
 					if (Z_REFCOUNTED_P(zv)) {
 						ref = Z_COUNTED_P(zv);
-						ZEND_ASSERT(GC_REFCOUNT(ref) > 0);
 						GC_DELREF(ref);
 						if (!GC_REF_CHECK_COLOR(ref, GC_GREY)) {
 							GC_REF_SET_COLOR(ref, GC_GREY);
@@ -844,7 +843,6 @@ static void gc_mark_grey(zend_refcounted *ref, gc_stack *stack)
 				}
 				if (EXPECTED(!ht)) {
 					ref = Z_COUNTED_P(zv);
-					ZEND_ASSERT(GC_REFCOUNT(ref) > 0);
 					GC_DELREF(ref);
 					if (!GC_REF_CHECK_COLOR(ref, GC_GREY)) {
 						GC_REF_SET_COLOR(ref, GC_GREY);
@@ -865,7 +863,6 @@ static void gc_mark_grey(zend_refcounted *ref, gc_stack *stack)
 		} else if (GC_TYPE(ref) == IS_REFERENCE) {
 			if (Z_REFCOUNTED(((zend_reference*)ref)->val)) {
 				ref = Z_COUNTED(((zend_reference*)ref)->val);
-				ZEND_ASSERT(GC_REFCOUNT(ref) > 0);
 				GC_DELREF(ref);
 				if (!GC_REF_CHECK_COLOR(ref, GC_GREY)) {
 					GC_REF_SET_COLOR(ref, GC_GREY);
@@ -898,7 +895,6 @@ static void gc_mark_grey(zend_refcounted *ref, gc_stack *stack)
 			}
 			if (Z_REFCOUNTED_P(zv)) {
 				ref = Z_COUNTED_P(zv);
-				ZEND_ASSERT(GC_REFCOUNT(ref) > 0);
 				GC_DELREF(ref);
 				if (!GC_REF_CHECK_COLOR(ref, GC_GREY)) {
 					GC_REF_SET_COLOR(ref, GC_GREY);
@@ -912,7 +908,6 @@ static void gc_mark_grey(zend_refcounted *ref, gc_stack *stack)
 			zv = Z_INDIRECT_P(zv);
 		}
 		ref = Z_COUNTED_P(zv);
-		ZEND_ASSERT(GC_REFCOUNT(ref) > 0);
 		GC_DELREF(ref);
 		if (!GC_REF_CHECK_COLOR(ref, GC_GREY)) {
 			GC_REF_SET_COLOR(ref, GC_GREY);
diff --git a/Zend/zend_types.h b/Zend/zend_types.h
index a018c43b81..83877e0d5d 100644
--- a/Zend/zend_types.h
+++ b/Zend/zend_types.h
@@ -1032,6 +1032,7 @@ static zend_always_inline uint32_t zend_gc_addref(zend_refcounted_h *p) {
 }
 
 static zend_always_inline uint32_t zend_gc_delref(zend_refcounted_h *p) {
+	ZEND_ASSERT(p->refcount > 0);
 	ZEND_RC_MOD_CHECK(p);
 	return --(p->refcount);
 }