|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-03-31 16:13 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 18 02:01:27 2024 UTC |
call_user_function() sets GLOBAL(function_state).function_name to p_function_name.value.str.val and passes same p_function_name as parameter to cs_functioncall_pre_variable_passing() witch pushes function_state to function_state_stack and sets its parameter to GLOBAL(function_state).function_name. This results situration where there is 2 references to p_function_name.value.str.val: in function_state and function_state_stack top element OR if user abort is done in deeper level, 2 consecutive function_state_stack elements This will result in crash php3_request_shutdown() when same pointer is freed twice Possible fix: diff -n -r1.1 language-parser.y d742 1 a742 1 pval p_function_name,dummy_function_name; a760 2 dummy_function_name = p_function_name; pval_copy_constructor(&dummy_function_name); d770 1 a770 1 GLOBAL(function_state).function_name = dummy_function_name.value.str.val; a789 1 pval_destructor(&dummy_function_name); I don't think it is best one, but it works