Fix segfault in pcntl_signal_handler (bug #73939)

2024-11-23 18:04:36 +08:00 · 2017-01-14 21:51:33 -05:00 · 2017-01-14 21:51:33 -05:00 · 3e274018f8
commit 3e274018f8
parent 959c8975a9
2 changed files with 4 additions and 13 deletions
--- a/ext/pcntl/pcntl.c
+++ b/ext/pcntl/pcntl.c
@ -560,11 +560,6 @@ PHP_RSHUTDOWN_FUNCTION(pcntl)
 	while (PCNTL_G(head)) {
 		sig = PCNTL_G(head);
 		PCNTL_G(head) = sig->next;
-#ifdef HAVE_STRUCT_SIGINFO_T
-		if (sig->siginfo) {
-			zend_array_destroy(sig->siginfo);
-		}
-#endif
 		efree(sig);
 	}
 	while (PCNTL_G(spares)) {
@ -1379,11 +1374,7 @@ static void pcntl_signal_handler(int signo)
 	psig->next = NULL;

 #ifdef HAVE_STRUCT_SIGINFO_T
-	zval user_siginfo;
-	array_init(&user_siginfo);
-	pcntl_siginfo_to_zval(signo, siginfo, &user_siginfo);
-	psig->siginfo = zend_array_dup(Z_ARRVAL(user_siginfo));
-	zval_ptr_dtor(&user_siginfo);
+	psig->siginfo = *siginfo;
 #endif

 	/* the head check is important, as the tick handler cannot atomically clear both
@ -1428,14 +1419,14 @@ void pcntl_signal_dispatch()
 	PCNTL_G(head) = NULL; /* simple stores are atomic */

 	/* Allocate */
-
 	while (queue) {
 		if ((handle = zend_hash_index_find(&PCNTL_G(php_signal_table), queue->signo)) != NULL) {
 			if (Z_TYPE_P(handle) != IS_LONG) {
 				ZVAL_NULL(&retval);
 				ZVAL_LONG(&params[0], queue->signo);
 #ifdef HAVE_STRUCT_SIGINFO_T
-				ZVAL_ARR(&params[1], queue->siginfo);
+				array_init(&params[1]);
+				pcntl_siginfo_to_zval(queue->signo, &queue->siginfo, &params[1]);
 #else
 				ZVAL_NULL(&params[1]);
 #endif
--- a/ext/pcntl/php_pcntl.h
+++ b/ext/pcntl/php_pcntl.h
@ -77,7 +77,7 @@ struct php_pcntl_pending_signal {
 	struct php_pcntl_pending_signal *next;
 	zend_long signo;
 #ifdef HAVE_STRUCT_SIGINFO_T
-	zend_array *siginfo;
+	siginfo_t siginfo;
 #endif
 };