|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-11-15 18:09 UTC] sniper@php.net
[2005-11-15 21:33 UTC] segv74 at gmail dot com
[2005-11-15 22:59 UTC] sniper@php.net
[2005-11-16 10:45 UTC] dmitry@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Feb 22 16:01:29 2025 UTC |
Description: ------------ call_user_func() can be creahed when argument_stack in executor_globals is nearly full and callback function is autoloaded after call_user_func() is called. in PHP_FUNCTION(call_user_func), it saves params from argument_stack, and calls zend_is_callable(). so, if zend_is_callable() calls __autoload() and __autoload() uses function calls heavily, argument_stack in executor_globals is realloced(zend_stack.c:173). in this case, saved params should be rewritten by newly alloced one. Reproduce code: --------------- === test.php === <? function __autoload($class) { include 'test1.php'; call_user_func(array('test1', 'use_stack'), 1,2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40 ); } call_user_func(array('test1', 'use_stack'), 1,2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40 ); == test1.php == <? class test1 { function use_stack($a1,$a2,$a3,$a4,$a5,$a6,$a7,$a8,$a9,$a10, $a11,$a12,$a13,$a14,$a15,$a16,$a17,$a18,$a19,$a20, $a21,$a22,$a23,$a24,$a25,$a26,$a27,$a28,$a29,$a30, $a31,$a32,$a33,$a34,$a35,$a36,$a37,$a38,$a39,$a40) { echo "OK\n"; } } Expected result: ---------------- OK Actual result: -------------- OK Segmentation fault (core dumped)