diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2015-04-08 21:24:24 +0300 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2015-04-08 21:24:24 +0300 |
| commit | 1f5f78d4aa873ac16b8165a1614f5e0c54a3198b (patch) | |
| tree | 62d32deca7e04f09620aaaa896940ef42971de55 | |
| parent | f5c8a79fa511fddbfd5499e24399d6e8348dd3ce (diff) | |
| parent | 741c5e4c0c4d666469215d21de8a743a6b292fa2 (diff) | |
| download | php-git-1f5f78d4aa873ac16b8165a1614f5e0c54a3198b.tar.gz | |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer)
Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer)
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | Zend/tests/bug67314.phpt | 22 | ||||
| -rw-r--r-- | Zend/zend_execute_API.c | 4 |
3 files changed, 28 insertions, 0 deletions
@@ -5,6 +5,8 @@ PHP NEWS - Core: . Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita) + . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). + (Dmitry) . Fixed bug #68652 (segmentation fault in destructor). (Dmitry) - ODBC: diff --git a/Zend/tests/bug67314.phpt b/Zend/tests/bug67314.phpt new file mode 100644 index 0000000000..c5b6a1293d --- /dev/null +++ b/Zend/tests/bug67314.phpt @@ -0,0 +1,22 @@ +--TEST-- +Bug #67314 (Segmentation fault in gc_remove_zval_from_buffer) +--FILE-- +<?php +function crash() +{ + $notDefined[$i] = 'test'; +} + +function error_handler() { return false; } + +set_error_handler('error_handler'); +crash(); +echo "made it once\n"; +crash(); +echo "ok\n"; +--EXPECTF-- +Notice: Undefined variable: i in %sbug67314.php on line 4 +made it once + +Notice: Undefined variable: i in %sbug67314.php on line 4 +ok diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index aeced8fb41..a230b9c270 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -1585,6 +1585,10 @@ ZEND_API void zend_rebuild_symbol_table(TSRMLS_D) /* {{{ */ ex->symbol_table = EG(active_symbol_table); for (i = 0; i < ex->op_array->last_var; i++) { if (*EX_CV_NUM(ex, i)) { + if (UNEXPECTED(**EX_CV_NUM(ex, i) == &EG(uninitialized_zval))) { + Z_DELREF(EG(uninitialized_zval)); + ALLOC_INIT_ZVAL(**EX_CV_NUM(ex, i)); + } zend_hash_quick_update(EG(active_symbol_table), ex->op_array->vars[i].name, ex->op_array->vars[i].name_len + 1, |