From 3c87945c95c9c31986e690bb046c70e58c8d8896 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Wed, 5 Jun 2013 17:25:00 +0800 Subject: [PATCH] Fixed bug #64960 (Segfault in gc_zval_possible_root) --- NEWS | 2 ++ Zend/tests/bug64960.phpt | 40 ++++++++++++++++++++++++++++++++++++++++ Zend/zend_execute_API.c | 6 ++---- 3 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 Zend/tests/bug64960.phpt diff --git a/Zend/tests/bug64960.phpt b/Zend/tests/bug64960.phpt new file mode 100644 index 0000000..b31cca3 --- /dev/null +++ b/Zend/tests/bug64960.phpt @@ -0,0 +1,40 @@ +--TEST-- +Bug #64960 (Segfault in gc_zval_possible_root) +--FILE-- +_trace = debug_backtrace(); + + throw $e; +}); + +// trigger error handler +$a['waa']; +?> +--EXPECTF-- +Notice: ob_end_flush(): failed to delete and flush buffer. No buffer to delete or flush in %sbug64960.php on line 3 + +Fatal error: Uncaught exception 'Exception' in %sbug64960.php:19 +Stack trace: +#0 [internal function]: {closure}(8, 'ob_end_clean():...', '%s', 9, Array) +#1 %sbug64960.php(9): ob_end_clean() +#2 [internal function]: ExceptionHandler->__invoke(Object(Exception)) +#3 {main} + thrown in %sbug64960.php on line 19 diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 9781889..687520d 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -263,15 +263,13 @@ void shutdown_executor(TSRMLS_D) /* {{{ */ if (EG(user_error_handler)) { zeh = EG(user_error_handler); EG(user_error_handler) = NULL; - zval_dtor(zeh); - FREE_ZVAL(zeh); + zval_ptr_dtor(&zeh); } if (EG(user_exception_handler)) { zeh = EG(user_exception_handler); EG(user_exception_handler) = NULL; - zval_dtor(zeh); - FREE_ZVAL(zeh); + zval_ptr_dtor(&zeh); } zend_stack_destroy(&EG(user_error_handlers_error_reporting)); -- 1.7.11.5