From: Xinchen Hui Date: Mon, 9 Nov 2015 09:14:15 +0000 (+0800) Subject: Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause segfaults) X-Git-Tag: php-7.0.1RC1~123 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d70aa14f2c1617800cbab431db5c2ea021969cc6;p=php Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause segfaults) --- diff --git a/NEWS b/NEWS index 606bb045a0..f45a930cbc 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,8 @@ PHP NEWS . Fixed bug #70863 (Incorect logic to increment_function for proxy objects). (Anatol) . Fixed bug #70842 (Persistent Stream Segmentation Fault). (Caleb Champlin) + . Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause + segfaults). (Aharvey, Laruence) - Opcache: . Fixed bug #70843 (Segmentation fault on MacOSX with diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index 8ffdcaa0bc..6faa57cd99 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -2481,7 +2481,7 @@ ZEND_FUNCTION(debug_print_backtrace) ZEND_API void zend_fetch_debug_backtrace(zval *return_value, int skip_last, int options, int limit) /* {{{ */ { - zend_execute_data *call, *ptr, *skip; + zend_execute_data *ptr, *skip, *call = NULL; zend_object *object; int lineno, frameno = 0; zend_function *func; @@ -2490,8 +2490,12 @@ ZEND_API void zend_fetch_debug_backtrace(zval *return_value, int skip_last, int zend_string *include_filename = NULL; zval stack_frame; - call = NULL; - ptr = EG(current_execute_data); + array_init(return_value); + + if (!(ptr = EG(current_execute_data))) { + return; + } + if (!ptr->func || !ZEND_USER_CODE(ptr->func->common.type)) { call = ptr; ptr = ptr->prev_execute_data; @@ -2509,13 +2513,11 @@ ZEND_API void zend_fetch_debug_backtrace(zval *return_value, int skip_last, int ptr = ptr->prev_execute_data; } } + if (!call) { + call = ptr; + ptr = ptr->prev_execute_data; + } } - if (!call) { - call = ptr; - ptr = ptr->prev_execute_data; - } - - array_init(return_value); while (ptr && (limit == 0 || frameno < limit)) { frameno++;