From: Dmitry Stogov Date: Fri, 29 Apr 2005 07:03:54 +0000 (+0000) Subject: Fixed bug #32852 (Crash with singleton and __destruct when zend.ze1_compatibility_mod... X-Git-Tag: php-5.0.1b1~373 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8db238b075e708f032435fd49e9de0de4da80f0c;p=php Fixed bug #32852 (Crash with singleton and __destruct when zend.ze1_compatibility_mode = On) Fixed bug #31828 (Crash with zend.ze1_compatibility_mode=On) Fixed bug #32080 (segfault when assigning object to itself with zend.ze1_compatibility_mode=On) --- diff --git a/Zend/tests/bug31828.phpt b/Zend/tests/bug31828.phpt new file mode 100644 index 0000000000..a2651d3e24 --- /dev/null +++ b/Zend/tests/bug31828.phpt @@ -0,0 +1,19 @@ +--TSTE-- +Bug #31828 (Crash with zend.ze1_compatibility_mode=On) +--INI-- +zend.ze1_compatibility_mode=on +--FILE-- +id = 77; +$o->name = "Aerospace"; +$a[] = $o; +$a = $a[0]; +print_r($a); +?> +--EXPECT-- +stdClass Object +( + [id] => 77 + [name] => Aerospace +) diff --git a/Zend/tests/bug32080.phpt b/Zend/tests/bug32080.phpt new file mode 100644 index 0000000000..c6430235c1 --- /dev/null +++ b/Zend/tests/bug32080.phpt @@ -0,0 +1,14 @@ +--TSTE-- +Bug #32080 (segfault when assigning object to itself with zend.ze1_compatibility_mode=On) +--INI-- +zend.ze1_compatibility_mode=on +--FILE-- + +--EXPECT-- +object(test)#2 (0) { +} diff --git a/Zend/tests/bug32852.phpt b/Zend/tests/bug32852.phpt new file mode 100644 index 0000000000..7f2b14df21 --- /dev/null +++ b/Zend/tests/bug32852.phpt @@ -0,0 +1,37 @@ +--TEST-- +Bug #32852 (Crash with singleton and __destruct when zend.ze1_compatibility_mode = On) +--INI-- +zend.ze1_compatibility_mode=on +--FILE-- + +--EXPECTF-- +Strict Standards: Implicit cloning object of class 'crashme' because of 'zend.ze1_compatibility_mode' in %sbug32852.php on line 6 +i'm called + +Strict Standards: Implicit cloning object of class 'crashme' because of 'zend.ze1_compatibility_mode' in %sbug32852.php on line 15 +i'm called + +Strict Standards: Implicit cloning object of class 'crashme' because of 'zend.ze1_compatibility_mode' in %sbug32852.php on line 17 +i'm called +i'm called diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 61cc2c459c..7d8cc74261 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -800,7 +800,7 @@ static inline void zend_assign_to_variable(znode *result, znode *op1, znode *op2 if (Z_OBJ_HANDLER_P(value, clone_obj) == NULL) { zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object of class %s", Z_OBJCE_P(value)->name); } else if (PZVAL_IS_REF(variable_ptr)) { - if (variable_ptr != value) { + if (variable_ptr != value) { zend_uint refcount = variable_ptr->refcount; zval garbage; @@ -819,17 +819,21 @@ static inline void zend_assign_to_variable(znode *result, znode *op1, znode *op2 zendi_zval_dtor(garbage); } } else { - variable_ptr->refcount--; - if (variable_ptr->refcount == 0) { - zendi_zval_dtor(*variable_ptr); - } else { - ALLOC_ZVAL(variable_ptr); - *variable_ptr_ptr = variable_ptr; + if (variable_ptr != value) { + value->refcount++; + variable_ptr->refcount--; + if (variable_ptr->refcount == 0) { + zendi_zval_dtor(*variable_ptr); + } else { + ALLOC_ZVAL(variable_ptr); + *variable_ptr_ptr = variable_ptr; + } + *variable_ptr = *value; + INIT_PZVAL(variable_ptr); + zend_error(E_STRICT, "Implicit cloning object of class '%s' because of 'zend.ze1_compatibility_mode'", Z_OBJCE_P(value)->name); + variable_ptr->value.obj = Z_OBJ_HANDLER_P(value, clone_obj)(value TSRMLS_CC); + zval_ptr_dtor(&value); } - *variable_ptr = *value; - INIT_PZVAL(variable_ptr); - zend_error(E_STRICT, "Implicit cloning object of class '%s' because of 'zend.ze1_compatibility_mode'", Z_OBJCE_P(value)->name); - variable_ptr->value.obj = Z_OBJ_HANDLER_P(value, clone_obj)(value TSRMLS_CC); } } else if (PZVAL_IS_REF(variable_ptr)) { if (variable_ptr!=value) {