php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch bug62991.patch for Reproducible crash Bug #62991Patch version 2012-09-02 09:54 UTC Return to Bug #62991 | Download this patchThis patch is obsolete Obsoleted by patches:
Developer: laruence@php.netdiff --git a/Zend/zend_closures.c b/Zend/zend_closures.c index c7527b4..2e2e5cb 100644 index c7527b4..bfc9857 100644 --- a/Zend/zend_closures.c +++ b/Zend/zend_closures.c @@ -36,7 +36,7 @@ + return closure->func; } /* }}} */ @@ -240,15 +240,19 @@ static void zend_closure_free_storage(void *object TSRMLS_DC) /* {{{ */ @@ -240,15 +240,18 @@ static void zend_closure_free_storage(void *object TSRMLS_DC) /* {{{ */ zend_object_std_dtor(&closure->std TSRMLS_CC); - if (closure->func.type == ZEND_USER_FUNCTION) { Line 77 (now 77), was 17 lines, now 16 lines } ex = ex->prev_execute_data; } - destroy_op_array(&closure->func.op_array TSRMLS_CC); + if (!(closure->func->common.fn_flags & ZEND_ACC_GENERATOR) + || !closure->func->op_array.reserved[0]) { + destroy_op_array(&closure->func->op_array TSRMLS_CC); + efree(closure->func); + } + if (!(closure->func->common.fn_flags & ZEND_ACC_GENERATOR)) { + destroy_op_array(&closure->func->op_array TSRMLS_CC); + efree(closure->func); + } } if (closure->debug_info != NULL) { @@ -286,12 +290,11 @@ static zend_object_value zend_closure_clone(zval *zobject TSRMLS_DC) /* {{{ */ @@ -286,12 +289,11 @@ static zend_object_value zend_closure_clone(zval *zobject TSRMLS_DC) /* {{{ */ zend_closure *closure = (zend_closure *)zend_object_store_get_object(zobject TSRMLS_CC); zval result; - zend_create_closure(&result, &closure->func, closure->func.common.scope, closure->this_ptr TSRMLS_CC); - int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zval **zobj_ptr TSRMLS_DC) /* {{{ */ { zend_closure *closure; @@ -301,7 +304,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function @@ -301,7 +303,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function } closure = (zend_closure *)zend_object_store_get_object(obj TSRMLS_CC); - *fptr_ptr = &closure->func; + *fptr_ptr = closure->func; if (closure->this_ptr) { if (zobj_ptr) { @@ -312,7 +315,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function @@ -312,7 +314,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function if (zobj_ptr) { *zobj_ptr = NULL; } - *ce_ptr = closure->func.common.scope; + *ce_ptr = closure->func->common.scope; } return SUCCESS; } @@ -322,7 +325,7 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_ @@ -322,7 +324,7 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_ { zend_closure *closure = (zend_closure *)zend_object_store_get_object(object TSRMLS_CC); zval *val; - struct _zend_arg_info *arg_info = closure->func.common.arg_info; + struct _zend_arg_info *arg_info = closure->func->common.arg_info; *is_temp = 0; @@ -331,8 +334,8 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_ @@ -331,8 +333,8 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_ zend_hash_init(closure->debug_info, 1, NULL, ZVAL_PTR_DTOR, 0); } if (closure->debug_info->nApplyCount == 0) { - if (closure->func.type == ZEND_USER_FUNCTION && closure->func.op_array.static_variables) { + HashTable *static_variables = closure->func->op_array.static_variables; MAKE_STD_ZVAL(val); array_init(val); zend_hash_copy(Z_ARRVAL_P(val), static_variables, (copy_ctor_func_t)zval_add_ref, NULL, sizeof(zval*)); @@ -345,25 +348,25 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_ @@ -345,12 +347,12 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_ } if (arg_info) { - zend_uint i, required = closure->func.common.required_num_args; Line 152 (now 151), was 27 lines, now 9 lines + for (i = 0; i < closure->func->common.num_args; i++) { char *name, *info; int name_len, info_len; if (arg_info->name) { name_len = zend_spprintf(&name, 0, "%s$%s", - arg_info->pass_by_reference ? "&" : "", - arg_info->name); + arg_info->pass_by_reference ? "&" : "", + arg_info->name); } else { name_len = zend_spprintf(&name, 0, "%s$param%d", - arg_info->pass_by_reference ? "&" : "", - i + 1); + arg_info->pass_by_reference ? "&" : "", + i + 1); } info_len = zend_spprintf(&info, 0, "%s", - i >= required ? "<optional>" : "<required>"); + i >= required ? "<optional>" : "<required>"); add_assoc_stringl_ex(val, name, name_len + 1, info, info_len, 0); efree(name); arg_info++; @@ -382,8 +385,8 @@ static HashTable *zend_closure_get_gc(zval *obj, zval ***table, int *n TSRMLS_DC @@ -382,8 +384,8 @@ static HashTable *zend_closure_get_gc(zval *obj, zval ***table, int *n TSRMLS_DC *table = closure->this_ptr ? &closure->this_ptr : NULL; *n = closure->this_ptr ? 1 : 0; - return (closure->func.type == ZEND_USER_FUNCTION) ? + closure->func->op_array.static_variables : NULL; } /* }}} */ @@ -448,8 +451,9 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent @@ -448,8 +450,9 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent closure = (zend_closure *)zend_object_store_get_object(res TSRMLS_CC); - closure->func = *func; - closure->func.common.prototype = NULL; + closure->func = emalloc(sizeof(zend_function)); + *closure->func = *func; + *closure->func = *func; + closure->func->common.prototype = NULL; if ((scope == NULL) && (this_ptr != NULL)) { /* use dummy scope if we're binding an object without specifying a scope */ @@ -457,16 +461,16 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent @@ -457,16 +460,16 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent scope = zend_ce_closure; } - if (closure->func.type == ZEND_USER_FUNCTION) { + (*closure->func->op_array.refcount)++; } else { /* verify that we aren't binding internal function to a wrong scope */ if(func->common.scope != NULL) { @@ -475,7 +479,7 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent @@ -475,7 +478,7 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent scope = NULL; } if(scope && this_ptr && (func->common.fn_flags & ZEND_ACC_STATIC) == 0 && - !instanceof_function(Z_OBJCE_P(this_ptr), closure->func.common.scope TSRMLS_CC)) { + !instanceof_function(Z_OBJCE_P(this_ptr), closure->func->common.scope TSRMLS_CC)) { zend_error(E_WARNING, "Cannot bind function %s::%s to object of class %s", func->common.scope->name, func->common.function_name, Z_OBJCE_P(this_ptr)->name); scope = NULL; this_ptr = NULL; @@ -490,14 +494,14 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent @@ -490,14 +493,14 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent /* Invariants: * If the closure is unscoped, it has no bound object. * The the closure is scoped, it's either static or it's bound */ - closure->func.common.scope = scope; Line 247 (now 228), was 30 lines, now 18 lines closure->this_ptr = NULL; } } else { diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c index c22d745..be1ed5e 100644 index c22d745..bcd19b2 100644 --- a/Zend/zend_generators.c +++ b/Zend/zend_generators.c @@ -154,6 +154,10 @@ void zend_generator_close(zend_generator *generator, zend_bool finished_executio efree(prev_execute_data); } + if (op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(op_array); + efree(op_array); + } + if (execute_data->op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(execute_data->op_array); + efree(execute_data->op_array); + } efree(execute_data); generator->execute_data = NULL; } @@ -396,6 +400,11 @@ zval *zend_generator_create_zval(zend_op_array *op_array TSRMLS_DC) /* {{{ */ execute_data->prev_execute_data->function_state.arguments = NULL; } + if (op_array->fn_flags & ZEND_ACC_CLOSURE) { + /* hack way to tell the closure destructor doesn't release this */ + op_array->reserved[0] = (void *)generator; + } + return return_value; } /* }}} */ |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Tue May 14 08:01:31 2024 UTC |