| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Use the general zend_generator_throw_exception() helper for this.
Otherwise we don't handle the off-by-one opline correctly (should
we maybe just stop doing that?)
This is a followup to ad750c3bb6e7b48384c6265eb9d3bcf5b4000652,
which fixed a different yield from exception handling problem that
happened to show up in the same test case from oss-fuzz #25321.
Now both issues should be fixed.
|
| |
|
|
| |
Fixes oss-fuzz #25296.
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes a use-after-free encountered in Symfony's SecurityBundle.
I don't have a reproducer for this, and believe the issue can only
occur if we leak an iterator (the leak is a separate issue).
We should not free the generator iterator here, because we do not
own it. The code that fetched the iterator is responsible for
releasing it. In the rare case where we do hit this code-path,
we cause a use-after-free.
|
| |
|
|
|
|
|
| |
Finally blocks in generators may be invoked during shutdown, in
which case we don't have a stack frame. Similar to what
zend_call_function does, we still need to rethrow these exceptions,
otherwise they will be hidden (and leak).
|
| |\
| |
| |
| |
| | |
* PHP-7.2:
Fix bug #78752
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
NULL out the execute_data before destroying it, otherwise GC may
trigger while the execute_data is partially destroyed, resulting
in double-frees.
The handling of call stack unfreezing is a bit awkward because it's
a ZEND_API function, so we can't change the signature.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| | |
$this should only be included in the generator GC buffer, if it
will be released on destruction.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This might happen if OBJ_RELEASE is used on an object that was already
released by GC. Specific cases of this issue were previously fixed in
ffaee27478a9cb338e40edeb5acf233f9cb67111 and
72104d2b6ecbbabd18de15f10739be5ce3dc9ce0, however the issue still
affects 3rd-party extensions using OBJ_RELEASE.
The whole GC type NULL + OBJ_IS_VALID + IS_FREE_CALLED system seems
overly complicated and can probably be simplified in 7.4.
|
| |\ \
| |/ |
|
| | |\ |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
|
| | | |
| | |
| | |
| | | |
consumption and avoid race condition during resolving/caching of user iterator functions of internal classes in ZTS build.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
there are two parts to make this problem visible , the first is
our new gc new freeing zvals in an opposite direction(compare to 7.2)
the second is zend_object_store_del doesn't check IS_VALID since 7.3
(using assertion instead)
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
__construct, __destruct, __wakeup does not have return types defined.
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Parents may be unlinked while another generator sharing part of the
chain is running. As such, we cannot assume that the parent chain
goes all the way to the root. Instead walk backwards from root to
leaf, like we also do during destruction.
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure we always update root and parent references before
releasing the old root object.
This fixes some crashes under aggressive cycle collection, so
hopefully this will also fix bug #75351.
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Do not run finally blocks in generators on unclean shutdown (e.g.
caused by exit). This is consistent with how finally blocks outside
of generators behave.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove special handling for 2-4 children. Now the three possible
cases are no children, one child, or many children (HT).
The non-linear (many children) case is extremely rare, so there is
no point in trying to optimize it.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
object through address calculation, instead of op_array->prototype reuse. (reapply 781e1573afdc7c336b3577ceabc9c65cafea17e8, now it should be OK).
|
| | | |
| | |
| | |
| | |
| | |
| | | |
closure object through address calculation, instead of op_array->prototype reuse." (this patch is incomplete or wrong)
This reverts commit 781e1573afdc7c336b3577ceabc9c65cafea17e8.
|
| | | |
| | |
| | |
| | | |
object through address calculation, instead of op_array->prototype reuse.
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| | |
Prohibit direct update of GC_REFCOUNT(), GC_SET_REFCOUNT(), GC_ADDREF() and GC_DELREF() shoukf be instead.
Added mactros to validate reference-counting (disabled for now).
These macros are going to be used to eliminate race-condintions during reference-counting on data shared between threads.
|
| |\ \
| |/ |
|
| | |\ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | | |
Thanks to Nikita for pointing out the error source.
|
| | | | |
|
| | | | |
|
