mirror of
https://github.com/php/php-src.git
synced 2025-08-16 05:58:45 +02:00
Fixed second part of the bug #78379 (Cast to object confuses GC, causes crash)
This commit is contained in:
Dmitry Stogov
parent
2e2cd65d73
commit
6b1cc1252e
2 changed files with 35 additions and 4 deletions
19
Zend/tests/bug78379_2.phpt
Normal file
19
Zend/tests/bug78379_2.phpt
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
--TEST--
|
||||
Bug #78379.2 (Cast to object confuses GC, causes crash)
|
||||
--FILE--
|
||||
<?php
|
||||
class E {}
|
||||
function f() {
|
||||
$e1 = new E;
|
||||
$e2 = new E;
|
||||
$a = ['e2' => $e2];
|
||||
$e1->a = (object)$a;
|
||||
$e2->e1 = $e1;
|
||||
$e2->a = (object)$a;
|
||||
}
|
||||
f();
|
||||
gc_collect_cycles();
|
||||
echo "End\n";
|
||||
?>
|
||||
--EXPECT--
|
||||
End
|
||||
|
|
@ -388,11 +388,14 @@ tail_call:
|
|||
ZVAL_OBJ(&tmp, obj);
|
||||
ht = get_gc(&tmp, &zv, &n);
|
||||
end = zv + n;
|
||||
if (EXPECTED(!ht)) {
|
||||
if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) == GC_BLACK)) {
|
||||
ht = NULL;
|
||||
if (!n) return;
|
||||
while (!Z_REFCOUNTED_P(--end)) {
|
||||
if (zv == end) return;
|
||||
}
|
||||
} else {
|
||||
GC_REF_SET_BLACK(ht);
|
||||
}
|
||||
while (zv != end) {
|
||||
if (Z_REFCOUNTED_P(zv)) {
|
||||
|
|
@ -498,11 +501,14 @@ tail_call:
|
|||
ZVAL_OBJ(&tmp, obj);
|
||||
ht = get_gc(&tmp, &zv, &n);
|
||||
end = zv + n;
|
||||
if (EXPECTED(!ht)) {
|
||||
if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) == GC_GREY)) {
|
||||
ht = NULL;
|
||||
if (!n) return;
|
||||
while (!Z_REFCOUNTED_P(--end)) {
|
||||
if (zv == end) return;
|
||||
}
|
||||
} else {
|
||||
GC_REF_SET_COLOR(ht, GC_GREY);
|
||||
}
|
||||
while (zv != end) {
|
||||
if (Z_REFCOUNTED_P(zv)) {
|
||||
|
|
@ -616,11 +622,14 @@ tail_call:
|
|||
ZVAL_OBJ(&tmp, obj);
|
||||
ht = get_gc(&tmp, &zv, &n);
|
||||
end = zv + n;
|
||||
if (EXPECTED(!ht)) {
|
||||
if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) != GC_GREY)) {
|
||||
ht = NULL;
|
||||
if (!n) return;
|
||||
while (!Z_REFCOUNTED_P(--end)) {
|
||||
if (zv == end) return;
|
||||
}
|
||||
} else {
|
||||
GC_REF_SET_COLOR(ht, GC_WHITE);
|
||||
}
|
||||
while (zv != end) {
|
||||
if (Z_REFCOUNTED_P(zv)) {
|
||||
|
|
@ -791,7 +800,8 @@ tail_call:
|
|||
ZVAL_OBJ(&tmp, obj);
|
||||
ht = get_gc(&tmp, &zv, &n);
|
||||
end = zv + n;
|
||||
if (EXPECTED(!ht)) {
|
||||
if (EXPECTED(!ht) || UNEXPECTED(GC_REF_GET_COLOR(ht) == GC_BLACK)) {
|
||||
ht = NULL;
|
||||
if (!n) return count;
|
||||
while (!Z_REFCOUNTED_P(--end)) {
|
||||
/* count non-refcounted for compatibility ??? */
|
||||
|
|
@ -800,6 +810,8 @@ tail_call:
|
|||
}
|
||||
if (zv == end) return count;
|
||||
}
|
||||
} else {
|
||||
GC_REF_SET_BLACK(ht);
|
||||
}
|
||||
while (zv != end) {
|
||||
if (Z_REFCOUNTED_P(zv)) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue