From: Dmitry Stogov Date: Fri, 18 Nov 2011 12:43:53 +0000 (+0000) Subject: Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) X-Git-Tag: php-5.3.9RC2~37 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f7278c161f5882f6b7aadfc83737b1b442e31f58;p=php Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) --- diff --git a/NEWS b/NEWS index 3318b784e1..577d2d59fe 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP NEWS ?? ??? 2011, PHP 5.3.9 - Core: + . Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) + (Dmitry). . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe) . Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs). (klightspeed at netspace dot net dot au) diff --git a/Zend/tests/bug60138.phpt b/Zend/tests/bug60138.phpt new file mode 100644 index 0000000000..3bf1fba96c --- /dev/null +++ b/Zend/tests/bug60138.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #60138 (GC crash with referenced array in RecursiveArrayIterator) +--FILE-- + +--EXPECT-- +ok diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 8a3ec3b5d0..d5a8d32f23 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -865,10 +865,11 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0 && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) && PZVAL_IS_REF(*fci->params[i])) { - SEPARATE_ZVAL(fci->params[i]); - } - - if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) + ALLOC_ZVAL(param); + *param = **(fci->params[i]); + INIT_PZVAL(param); + zval_copy_ctor(param); + } else if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) && !PZVAL_IS_REF(*fci->params[i])) { if (Z_REFCOUNT_PP(fci->params[i]) > 1) {