php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Return to Bug #62991
Patch bug62991.patch revision 2012-09-04 06:56 UTC by dmitry at zend dot com
revision 2012-09-02 11:45 UTC by laruence@php.net
revision 2012-09-02 09:58 UTC by laruence@php.net
revision 2012-09-02 09:54 UTC by laruence@php.net
Patch bug62991.phpt revision 2012-09-02 11:50 UTC by laruence@php.net

Patch bug62991.patch for Reproducible crash Bug #62991

Patch version 2012-09-02 09:54 UTC

Return to Bug #62991 | Download this patch
This patch is obsolete

Obsoleted by patches:

Patch Revisions: 2012-09-04 06:56 UTC | 2012-09-02 11:45 UTC | 2012-09-02 09:58 UTC | 2012-09-02 09:54 UTC

Developer: laruence@php.net



  diff --git a/Zend/zend_closures.c b/Zend/zend_closures.c
 index c7527b4..2e2e5cb 100644
 index c7527b4..bfc9857 100644
  --- a/Zend/zend_closures.c
  +++ b/Zend/zend_closures.c
  @@ -36,7 +36,7 @@
   


  +	return closure->func;
   }
   /* }}} */
   
 @@ -240,15 +240,19 @@ static void zend_closure_free_storage(void *object TSRMLS_DC) /* {{{ */
 @@ -240,15 +240,18 @@ static void zend_closure_free_storage(void *object TSRMLS_DC) /* {{{ */
   
   	zend_object_std_dtor(&closure->std TSRMLS_CC);
   
  -	if (closure->func.type == ZEND_USER_FUNCTION) {
Line 77 (now 77), was 17 lines, now 16 lines

   			}
   			ex = ex->prev_execute_data;
   		}
  -		destroy_op_array(&closure->func.op_array TSRMLS_CC);
 +		if (!(closure->func->common.fn_flags & ZEND_ACC_GENERATOR)
 +                || !closure->func->op_array.reserved[0]) {
 +			destroy_op_array(&closure->func->op_array TSRMLS_CC);
 +			efree(closure->func);
 +		}
 +        if (!(closure->func->common.fn_flags & ZEND_ACC_GENERATOR)) {
 +            destroy_op_array(&closure->func->op_array TSRMLS_CC);
 +            efree(closure->func);
 +        }
   	}
   
   	if (closure->debug_info != NULL) {
 @@ -286,12 +290,11 @@ static zend_object_value zend_closure_clone(zval *zobject TSRMLS_DC) /* {{{ */
 @@ -286,12 +289,11 @@ static zend_object_value zend_closure_clone(zval *zobject TSRMLS_DC) /* {{{ */
   	zend_closure *closure = (zend_closure *)zend_object_store_get_object(zobject TSRMLS_CC);
   	zval result;
   
  -	zend_create_closure(&result, &closure->func, closure->func.common.scope, closure->this_ptr TSRMLS_CC);


  -
   int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zval **zobj_ptr TSRMLS_DC) /* {{{ */
   {
   	zend_closure *closure;
 @@ -301,7 +304,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function
 @@ -301,7 +303,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function
   	}
   
   	closure = (zend_closure *)zend_object_store_get_object(obj TSRMLS_CC);
  -	*fptr_ptr = &closure->func;
  +	*fptr_ptr = closure->func;
   
   	if (closure->this_ptr) {
   		if (zobj_ptr) {
 @@ -312,7 +315,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function
 @@ -312,7 +314,7 @@ int zend_closure_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function
   		if (zobj_ptr) {
   			*zobj_ptr = NULL;
   		}
  -		*ce_ptr = closure->func.common.scope;
  +		*ce_ptr = closure->func->common.scope;
   	}
   	return SUCCESS;
   }
 @@ -322,7 +325,7 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_
 @@ -322,7 +324,7 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_
   {
   	zend_closure *closure = (zend_closure *)zend_object_store_get_object(object TSRMLS_CC);
   	zval *val;
  -	struct _zend_arg_info *arg_info = closure->func.common.arg_info;
  +	struct _zend_arg_info *arg_info = closure->func->common.arg_info;
   
   	*is_temp = 0;
   
 @@ -331,8 +334,8 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_
 @@ -331,8 +333,8 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_
   		zend_hash_init(closure->debug_info, 1, NULL, ZVAL_PTR_DTOR, 0);
   	}
   	if (closure->debug_info->nApplyCount == 0) {
  -		if (closure->func.type == ZEND_USER_FUNCTION && closure->func.op_array.static_variables) {


  +			HashTable *static_variables = closure->func->op_array.static_variables;
   			MAKE_STD_ZVAL(val);
   			array_init(val);
   			zend_hash_copy(Z_ARRVAL_P(val), static_variables, (copy_ctor_func_t)zval_add_ref, NULL, sizeof(zval*));
 @@ -345,25 +348,25 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_
 @@ -345,12 +347,12 @@ static HashTable *zend_closure_get_debug_info(zval *object, int *is_temp TSRMLS_
   		}
   
   		if (arg_info) {
  -			zend_uint i, required = closure->func.common.required_num_args;
Line 152 (now 151), was 27 lines, now 9 lines

  +			for (i = 0; i < closure->func->common.num_args; i++) {
   				char *name, *info;
   				int name_len, info_len;
   				if (arg_info->name) {
  					name_len = zend_spprintf(&name, 0, "%s$%s",
 -									arg_info->pass_by_reference ? "&" : "",
 -									arg_info->name);
 +							arg_info->pass_by_reference ? "&" : "",
 +							arg_info->name);
  				} else {
  					name_len = zend_spprintf(&name, 0, "%s$param%d",
 -									arg_info->pass_by_reference ? "&" : "",
 -									i + 1);
 +							arg_info->pass_by_reference ? "&" : "",
 +							i + 1);
  				}
  				info_len = zend_spprintf(&info, 0, "%s",
 -								i >= required ? "<optional>" : "<required>");
 +						i >= required ? "<optional>" : "<required>");
  				add_assoc_stringl_ex(val, name, name_len + 1, info, info_len, 0);
  				efree(name);
  				arg_info++;
 @@ -382,8 +385,8 @@ static HashTable *zend_closure_get_gc(zval *obj, zval ***table, int *n TSRMLS_DC
 @@ -382,8 +384,8 @@ static HashTable *zend_closure_get_gc(zval *obj, zval ***table, int *n TSRMLS_DC
   
   	*table = closure->this_ptr ? &closure->this_ptr : NULL;
   	*n = closure->this_ptr ? 1 : 0;
  -	return (closure->func.type == ZEND_USER_FUNCTION) ?


  +		closure->func->op_array.static_variables : NULL;
   }
   /* }}} */
   
 @@ -448,8 +451,9 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
 @@ -448,8 +450,9 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
   
   	closure = (zend_closure *)zend_object_store_get_object(res TSRMLS_CC);
   
  -	closure->func = *func;
  -	closure->func.common.prototype = NULL;
  +	closure->func = emalloc(sizeof(zend_function));
 +	*closure->func = *func;
 +    *closure->func = *func;
  +	closure->func->common.prototype = NULL;
   
   	if ((scope == NULL) && (this_ptr != NULL)) {
   		/* use dummy scope if we're binding an object without specifying a scope */
 @@ -457,16 +461,16 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
 @@ -457,16 +460,16 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
   		scope = zend_ce_closure;
   	}
   
  -	if (closure->func.type == ZEND_USER_FUNCTION) {


  +		(*closure->func->op_array.refcount)++;
   	} else {
   		/* verify that we aren't binding internal function to a wrong scope */
   		if(func->common.scope != NULL) {
 @@ -475,7 +479,7 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
 @@ -475,7 +478,7 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
   				scope = NULL;
   			}
   			if(scope && this_ptr && (func->common.fn_flags & ZEND_ACC_STATIC) == 0 && 
  -					!instanceof_function(Z_OBJCE_P(this_ptr), closure->func.common.scope TSRMLS_CC)) {
  +					!instanceof_function(Z_OBJCE_P(this_ptr), closure->func->common.scope TSRMLS_CC)) {
   				zend_error(E_WARNING, "Cannot bind function %s::%s to object of class %s", func->common.scope->name, func->common.function_name, Z_OBJCE_P(this_ptr)->name);
   				scope = NULL;
   				this_ptr = NULL;
 @@ -490,14 +494,14 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
 @@ -490,14 +493,14 @@ ZEND_API void zend_create_closure(zval *res, zend_function *func, zend_class_ent
   	/* Invariants:
   	 * If the closure is unscoped, it has no bound object.
   	 * The the closure is scoped, it's either static or it's bound */
  -	closure->func.common.scope = scope;
Line 247 (now 228), was 30 lines, now 18 lines

   			closure->this_ptr = NULL;
   		}
   	} else {
  diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c
 index c22d745..be1ed5e 100644
 index c22d745..bcd19b2 100644
  --- a/Zend/zend_generators.c
  +++ b/Zend/zend_generators.c
  @@ -154,6 +154,10 @@ void zend_generator_close(zend_generator *generator, zend_bool finished_executio
   			efree(prev_execute_data);
   		}
   
 +		if (op_array->fn_flags & ZEND_ACC_CLOSURE) {
 +			destroy_op_array(op_array);
 +			efree(op_array);
 +		}
 +        if (execute_data->op_array->fn_flags & ZEND_ACC_CLOSURE) {
 +            destroy_op_array(execute_data->op_array);
 +            efree(execute_data->op_array);
 +        }
   		efree(execute_data);
   		generator->execute_data = NULL;
   	}
 @@ -396,6 +400,11 @@ zval *zend_generator_create_zval(zend_op_array *op_array TSRMLS_DC) /* {{{ */
  		execute_data->prev_execute_data->function_state.arguments = NULL;
  	}
  
 +	if (op_array->fn_flags & ZEND_ACC_CLOSURE) {
 +		/* hack way to tell the closure destructor doesn't release this */
 +		op_array->reserved[0] = (void *)generator;
 +	}
 +
  	return return_value;
  }
  /* }}} */
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue May 14 08:01:31 2024 UTC