Merge branch 'PHP-5.3' into PHP-5.4

* PHP-5.3:
  Fixed bug #63635 (Segfault in gc_collect_cycles)

Conflicts:
	NEWS
This commit is contained in:
Dmitry Stogov 2012-11-29 12:38:34 +04:00
commit f877d7fee6
3 changed files with 63 additions and 2 deletions

1
NEWS
View file

@ -3,6 +3,7 @@ PHP NEWS
?? ??? 2012, PHP 5.4.10 ?? ??? 2012, PHP 5.4.10
- Core: - Core:
. Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry)
. Fixed bug #63468 (wrong called method as callback with inheritance). . Fixed bug #63468 (wrong called method as callback with inheritance).
(Laruence) (Laruence)
. Fixed bug #61272 (ob_start callback gets passed empty string). . Fixed bug #61272 (ob_start callback gets passed empty string).

58
Zend/tests/bug63635.phpt Normal file
View file

@ -0,0 +1,58 @@
--TEST--
Bug #63635 (Segfault in gc_collect_cycles)
--FILE--
<?php
class Node {
public $parent = NULL;
public $childs = array();
function __construct(Node $parent=NULL) {
if ($parent) {
$parent->childs[] = $this;
}
$this->childs[] = $this;
}
function __destruct() {
$this->childs = NULL;
}
}
define("MAX", 16);
for ($n = 0; $n < 20; $n++) {
$top = new Node();
for ($i=0 ; $i<MAX ; $i++) {
$ci = new Node($top);
for ($j=0 ; $j<MAX ; $j++) {
$cj = new Node($ci);
for ($k=0 ; $k<MAX ; $k++) {
$ck = new Node($cj);
}
}
}
echo "$n\n";
}
echo "ok\n";
--EXPECT--
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
ok

View file

@ -644,7 +644,8 @@ tail_call:
struct _store_object *obj = &EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].bucket.obj; struct _store_object *obj = &EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].bucket.obj;
if (obj->buffered == (gc_root_buffer*)GC_WHITE) { if (obj->buffered == (gc_root_buffer*)GC_WHITE) {
GC_SET_BLACK(obj->buffered); /* PURPLE instead of BLACK to prevent buffering in nested gc calls */
GC_SET_PURPLE(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid && if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
(get_gc = Z_OBJ_HANDLER_P(pz, get_gc)) != NULL)) { (get_gc = Z_OBJ_HANDLER_P(pz, get_gc)) != NULL)) {
@ -715,7 +716,8 @@ static void zobj_collect_white(zval *pz TSRMLS_DC)
struct _store_object *obj = &EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].bucket.obj; struct _store_object *obj = &EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].bucket.obj;
if (obj->buffered == (gc_root_buffer*)GC_WHITE) { if (obj->buffered == (gc_root_buffer*)GC_WHITE) {
GC_SET_BLACK(obj->buffered); /* PURPLE instead of BLACK to prevent buffering in nested gc calls */
GC_SET_PURPLE(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid && if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
(get_gc = Z_OBJ_HANDLER_P(pz, get_gc)) != NULL)) { (get_gc = Z_OBJ_HANDLER_P(pz, get_gc)) != NULL)) {