mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 18:34:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug #60825 (Segfault when running symfony 2 tests)

Browse Source
This commit is contained in:
Xinchen Hui 2012-01-26 01:21:35 +00:00
parent bfccc4ed58
commit 1207451239
4 changed files with 132 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -9,6 +9,8 @@ PHP NEWS
$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
. Fixed bug #60809 (TRAITS - PHPDoc Comment Style Bug). (Dmitry)
. Fixed bug #60768 (Output buffer not discarded) (Mike)
. Fixed bug #60825 (Segfault when running symfony 2 tests).
(Dmitry, Laruence)
- Hash
. Fixed bug #60221 (Tiger hash output byte order) (Mike)

19
Zend/tests/bug60825.phpt Normal file
View File

@ -0,0 +1,19 @@
--TEST--
Bug #60825 (Segfault when running symfony 2 tests)
--DESCRIPTION--
run this with valgrind
--FILE--
<?php
class test {
public static $x;
public function __toString() {
self::$x = $this;
return __FILE__;
}
}
$a = new test;
require_once $a;
debug_zval_dump(test::$x);
?>
--EXPECTF--
string(%d) "%sbug60825.php" refcount(2)

37
Zend/zend_vm_def.h
View File

@ -2391,7 +2391,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV)
CHECK_EXCEPTION();
ZEND_VM_NEXT_OPCODE();
} else if (OP2_TYPE != IS_CONST &&
EXPECTED(Z_TYPE_P(function_name) == IS_ARRAY) &&
EXPECTED(Z_TYPE_P(function_name) == IS_ARRAY) &&
zend_hash_num_elements(Z_ARRVAL_P(function_name)) == 2) {
zend_class_entry *ce;
zval **method = NULL;
@ -2399,15 +2399,15 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV)
zend_hash_index_find(Z_ARRVAL_P(function_name), 0, (void **) &obj);
zend_hash_index_find(Z_ARRVAL_P(function_name), 1, (void **) &method);
if (Z_TYPE_PP(obj) != IS_STRING && Z_TYPE_PP(obj) != IS_OBJECT) {
zend_error_noreturn(E_ERROR, "First array member is not a valid class name or object");
}
if (Z_TYPE_PP(method) != IS_STRING) {
zend_error_noreturn(E_ERROR, "Second array member is not a valid method");
}
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
@ -2415,7 +2415,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV)
}
EX(called_scope) = ce;
EX(object) = NULL;
if (ce->get_static_method) {
EX(fbc) = ce->get_static_method(ce, Z_STRVAL_PP(method), Z_STRLEN_PP(method) TSRMLS_CC);
} else {
@ -2429,7 +2429,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV)
if (UNEXPECTED(EX(fbc) == NULL)) {
zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", Z_OBJ_CLASS_NAME_P(EX(object)), Z_STRVAL_PP(method));
}
if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) {
EX(object) = NULL;
} else {
@ -3693,17 +3693,18 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY)
zend_op_array *new_op_array=NULL;
zend_free_op free_op1;
zval *inc_filename;
zval tmp_inc_filename;
zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R);
if (inc_filename->type!=IS_STRING) {
ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename);
zval_copy_ctor(&tmp_inc_filename);
convert_to_string(&tmp_inc_filename);
inc_filename = &tmp_inc_filename;
MAKE_STD_ZVAL(tmp_inc_filename);
ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
zval_copy_ctor(tmp_inc_filename);
convert_to_string(tmp_inc_filename);
inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@ -3767,8 +3768,8 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY)
EMPTY_SWITCH_DEFAULT_CASE()
}
}
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
if (tmp_inc_filename) {
zval_ptr_dtor(&tmp_inc_filename);
}
FREE_OP1();
if (UNEXPECTED(EG(exception) != NULL)) {
@ -4510,14 +4511,14 @@ ZEND_VM_C_LABEL(num_index_prop):
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {

180
Zend/zend_vm_execute.h
View File

@ -2522,17 +2522,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA
zend_op_array *new_op_array=NULL;
zval *inc_filename;
zval tmp_inc_filename;
zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = opline->op1.zv;
if (inc_filename->type!=IS_STRING) {
ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename);
zval_copy_ctor(&tmp_inc_filename);
convert_to_string(&tmp_inc_filename);
inc_filename = &tmp_inc_filename;
MAKE_STD_ZVAL(tmp_inc_filename);
ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
zval_copy_ctor(tmp_inc_filename);
convert_to_string(tmp_inc_filename);
inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@ -2596,8 +2597,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA
EMPTY_SWITCH_DEFAULT_CASE()
}
}
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
if (tmp_inc_filename) {
zval_ptr_dtor(&tmp_inc_filename);
}
if (UNEXPECTED(EG(exception) != NULL)) {
@ -6852,17 +6853,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND
zend_op_array *new_op_array=NULL;
zend_free_op free_op1;
zval *inc_filename;
zval tmp_inc_filename;
zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = _get_zval_ptr_tmp(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
if (inc_filename->type!=IS_STRING) {
ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename);
zval_copy_ctor(&tmp_inc_filename);
convert_to_string(&tmp_inc_filename);
inc_filename = &tmp_inc_filename;
MAKE_STD_ZVAL(tmp_inc_filename);
ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
zval_copy_ctor(tmp_inc_filename);
convert_to_string(tmp_inc_filename);
inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@ -6926,8 +6928,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND
EMPTY_SWITCH_DEFAULT_CASE()
}
}
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
if (tmp_inc_filename) {
zval_ptr_dtor(&tmp_inc_filename);
}
zval_dtor(free_op1.var);
if (UNEXPECTED(EG(exception) != NULL)) {
@ -11209,17 +11211,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND
zend_op_array *new_op_array=NULL;
zend_free_op free_op1;
zval *inc_filename;
zval tmp_inc_filename;
zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = _get_zval_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
if (inc_filename->type!=IS_STRING) {
ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename);
zval_copy_ctor(&tmp_inc_filename);
convert_to_string(&tmp_inc_filename);
inc_filename = &tmp_inc_filename;
MAKE_STD_ZVAL(tmp_inc_filename);
ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
zval_copy_ctor(tmp_inc_filename);
convert_to_string(tmp_inc_filename);
inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@ -11283,8 +11286,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND
EMPTY_SWITCH_DEFAULT_CASE()
}
}
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
if (tmp_inc_filename) {
zval_ptr_dtor(&tmp_inc_filename);
}
if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
if (UNEXPECTED(EG(exception) != NULL)) {
@ -14038,14 +14041,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -15951,14 +15954,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -18222,14 +18225,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -21143,14 +21146,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -22477,14 +22480,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -23634,14 +23637,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -24791,14 +24794,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -26214,14 +26217,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -27061,17 +27064,18 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL
zend_op_array *new_op_array=NULL;
zval *inc_filename;
zval tmp_inc_filename;
zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = _get_zval_ptr_cv_BP_VAR_R(EX_CVs(), opline->op1.var TSRMLS_CC);
if (inc_filename->type!=IS_STRING) {
ZVAL_COPY_VALUE(&tmp_inc_filename, inc_filename);
zval_copy_ctor(&tmp_inc_filename);
convert_to_string(&tmp_inc_filename);
inc_filename = &tmp_inc_filename;
MAKE_STD_ZVAL(tmp_inc_filename);
ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
zval_copy_ctor(tmp_inc_filename);
convert_to_string(tmp_inc_filename);
inc_filename = tmp_inc_filename;
}
if (opline->extended_value != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@ -27135,8 +27139,8 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL
EMPTY_SWITCH_DEFAULT_CASE()
}
}
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
if (tmp_inc_filename) {
zval_ptr_dtor(&tmp_inc_filename);
}
if (UNEXPECTED(EG(exception) != NULL)) {
@ -29529,14 +29533,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -31316,14 +31320,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -33460,14 +33464,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {
@ -36118,14 +36122,14 @@ num_index_prop:
if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
&& IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
ZVAL_COPY_VALUE(&tmp, offset);
zval_copy_ctor(&tmp);
convert_to_long(&tmp);
offset = &tmp;
} else {
/* can not be converted to proper offset, return "not set" */
result = 0;
}
}
}
if (Z_TYPE_P(offset) == IS_LONG) {
if (opline->extended_value & ZEND_ISSET) {