diff options
author | Xinchen Hui <laruence@php.net> | 2012-10-18 17:31:27 +0800 |
---|---|---|
committer | Xinchen Hui <laruence@php.net> | 2012-10-18 17:31:27 +0800 |
commit | 8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e (patch) | |
tree | 42a1e48505740843e862bf36088e7faabd9046a7 | |
parent | 3899adb46feb7a2dbd8f976ee02218b994c9f9ad (diff) | |
download | php-git-8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e.tar.gz |
Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite)
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | ext/pcre/php_pcre.c | 3 | ||||
-rw-r--r-- | ext/pcre/tests/bug63055.phpt | 23 |
3 files changed, 30 insertions, 2 deletions
@@ -2,9 +2,13 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2012, PHP 5.3.19 -- mysql: +- MySQL: . Fixed compilation failure on mixed 32/64 bit systems. (Andrey) +- PCRE: + . Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite). + (Dmitry, Laruence) + - PDO: . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec). (Martin Osvald, Remi) diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index b1b9e66e9a..1af8151251 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -547,8 +547,9 @@ PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, char *subject, int subjec /* Overwrite the passed-in value for subpatterns with an empty array. */ if (subpats != NULL) { - zval_dtor(subpats); + zval garbage = *subpats; array_init(subpats); + zval_dtor(&garbage); } subpats_order = global ? PREG_PATTERN_ORDER : 0; diff --git a/ext/pcre/tests/bug63055.phpt b/ext/pcre/tests/bug63055.phpt new file mode 100644 index 0000000000..16c50b54e5 --- /dev/null +++ b/ext/pcre/tests/bug63055.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #63055 (Segfault in zend_gc with SF2 testsuite) +--FILE-- +<?php +/* the default gc root size is 10,000 */ +for ($i=0; $i<9998; $i++) { + $array = array(); + $array[0] = &$array; + unset($array); +} + +$matches = array("foo" => "bar"); /* this bucket will trigger the segfault */ +$dummy = array("dummy"); /* used to trigger gc_collect_cycles */ +$dummy[1] = &$dummy; + +$matches[1] = &$matches; +$matches[2] = $dummy; + +preg_match_all("/(\d)+/", "foo123456bar", $matches); +echo "okey"; +?> +--EXPECTF-- +okey |