Fixed bug #60598 (cli/apache sapi segfault on objects manipulation)

This commit is contained in:
Xinchen Hui 2013-08-30 11:20:24 +08:00
parent dfc6feb6e8
commit 7da6498342
3 changed files with 37 additions and 0 deletions

2
NEWS
View File

@ -3,6 +3,8 @@ PHP NEWS
?? ??? 2013, PHP 5.4.20
- Core:
. Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
(Laruence)
. Fixed bug #65579 (Using traits with get_class_methods causes segfault).
(Adam)
. Fixed bug #65490 (Duplicate calls to get lineno & filename for

30
Zend/tests/bug60598.phpt Normal file
View File

@ -0,0 +1,30 @@
--TEST--
Bug #60598 (cli/apache sapi segfault on objects manipulation)
--FILE--
<?php
define('OBJECT_COUNT', 10000);
$containers = array();
class Object {
protected $_guid = 0;
public function __construct() {
global $containers;
$this->guid = 1;
$containers[spl_object_hash($this)] = $this;
}
public function __destruct() {
global $containers;
$containers[spl_object_hash($this)] = NULL;
}
}
for ($i = 0; $i < OBJECT_COUNT; ++$i) {
new Object();
}
// You probably won't see this because of the "zend_mm_heap corrupted"
?>
If you see this, try to increase OBJECT_COUNT to 100,000
--EXPECT--
If you see this, try to increase OBJECT_COUNT to 100,000

View File

@ -57,6 +57,11 @@ ZEND_API void zend_objects_store_call_destructors(zend_objects_store *objects TS
obj->dtor(obj->object, i TSRMLS_CC);
obj = &objects->object_buckets[i].bucket.obj;
obj->refcount--;
if (obj->refcount == 0) {
/* in case gc_collect_cycle is triggered before free_storage */
GC_REMOVE_ZOBJ_FROM_BUFFER(obj);
}
}
}
}