diff options
| author | Xinchen Hui <laruence@gmail.com> | 2016-01-22 11:22:37 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2016-01-22 11:22:37 +0800 |
| commit | 9b61479166d8fa05f2fc2668d317cf21bd37354b (patch) | |
| tree | 963491384979d88cf88084f2adc01de28429d751 | |
| parent | af255c67ebe4bdd0b990ab23310969817d05188d (diff) | |
| download | php-git-9b61479166d8fa05f2fc2668d317cf21bd37354b.tar.gz | |
We don't need to dup zend_class_constant here.
quote why the internal class is still using duplication:
```
for internal classes, the zend_class_constant is malloc-ed. we need to
free it.
if (const->ce == ce) {
zval_ptr_dtor(&const->value);
free(const)
}
so, if two classes share one const, and it(parent class) was freed
before, this read(in child class, const->ce) is invalid..
and destroy_zend_class is called via zend_hash_destroy(class_table).
which is not in reverse order... so, parent classes are dtor first.
if we want this work, we should change that order.
```
| -rw-r--r-- | Zend/zend_inheritance.c | 20 | ||||
| -rw-r--r-- | Zend/zend_opcode.c | 8 |
2 files changed, 15 insertions, 13 deletions
diff --git a/Zend/zend_inheritance.c b/Zend/zend_inheritance.c index 2226f6013d..e3ef6a6991 100644 --- a/Zend/zend_inheritance.c +++ b/Zend/zend_inheritance.c @@ -724,15 +724,15 @@ static void do_inherit_class_constant(zend_string *name, zend_class_constant *pa if (Z_CONSTANT(parent_const->value)) { ce->ce_flags &= ~ZEND_ACC_CONSTANTS_UPDATED; } - if (Z_REFCOUNTED(parent_const->value)) { - Z_ADDREF(parent_const->value); - } if (ce->type & ZEND_INTERNAL_CLASS) { + if (Z_REFCOUNTED(parent_const->value)) { + Z_ADDREF(parent_const->value); + } c = pemalloc(sizeof(zend_class_constant), 1); + memcpy(c, parent_const, sizeof(zend_class_constant)); } else { - c = zend_arena_alloc(&CG(arena), sizeof(zend_class_constant)); + c = parent_const; } - memcpy(c, parent_const, sizeof(zend_class_constant)); _zend_hash_append_ptr(&ce->constants_table, name, c); } } @@ -934,18 +934,18 @@ static void do_inherit_iface_constant(zend_string *name, zend_class_constant *c, { if (do_inherit_constant_check(&ce->constants_table, c, name, iface)) { zend_class_constant *ct; - if (Z_REFCOUNTED(c->value)) { - Z_ADDREF(c->value); - } if (Z_CONSTANT(c->value)) { ce->ce_flags &= ~ZEND_ACC_CONSTANTS_UPDATED; } if (ce->type & ZEND_INTERNAL_CLASS) { + if (Z_REFCOUNTED(c->value)) { + Z_ADDREF(c->value); + } ct = pemalloc(sizeof(zend_class_constant), 1); + memcpy(ct, c, sizeof(zend_class_constant)); } else { - ct = zend_arena_alloc(&CG(arena), sizeof(zend_class_constant)); + ct = c; } - memcpy(ct, c, sizeof(zend_class_constant)); zend_hash_update_ptr(&ce->constants_table, name, ct); } } diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c index cff294854c..8b55037794 100644 --- a/Zend/zend_opcode.c +++ b/Zend/zend_opcode.c @@ -291,9 +291,11 @@ ZEND_API void destroy_zend_class(zval *zv) zend_class_constant *c; ZEND_HASH_FOREACH_PTR(&ce->constants_table, c) { - zval_ptr_dtor(&c->value); - if (c->doc_comment && c->ce == ce) { - zend_string_release(c->doc_comment); + if (c->ce == ce) { + zval_ptr_dtor(&c->value); + if (c->doc_comment) { + zend_string_release(c->doc_comment); + } } } ZEND_HASH_FOREACH_END(); zend_hash_destroy(&ce->constants_table); |