diff options
| author | Christopher Jones <sixd@php.net> | 2013-08-30 05:40:44 -0700 |
|---|---|---|
| committer | Christopher Jones <sixd@php.net> | 2013-08-30 05:40:44 -0700 |
| commit | faddd409a44f1b0b991951361ccdc8487a003bd5 (patch) | |
| tree | f9f0f47c45e25076f0cd2f1385215c722c34dea0 | |
| parent | 598466e6d3b38151914569860e3db8d7b862a3fa (diff) | |
| parent | 9e17094cf4dde60432569246a9a59e48783530bb (diff) | |
| download | php-git-faddd409a44f1b0b991951361ccdc8487a003bd5.tar.gz | |
Merge branch 'master' of https://git.php.net/repository/php-src
* 'master' of https://git.php.net/repository/php-src:
Fixed bug #65564 stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer
Fixed Bug #65564 stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer
Update NEWS
Fixed bug #60598 (cli/apache sapi segfault on objects manipulation)
Remove ini dependency in test
| -rw-r--r-- | Zend/tests/bug60598.phpt | 30 | ||||
| -rw-r--r-- | Zend/zend_objects_API.c | 5 | ||||
| -rw-r--r-- | ext/date/php_date.c | 14 | ||||
| -rw-r--r-- | ext/session/tests/session_hash_function_basic.phpt | 2 |
4 files changed, 44 insertions, 7 deletions
diff --git a/Zend/tests/bug60598.phpt b/Zend/tests/bug60598.phpt new file mode 100644 index 0000000000..eeee75a19d --- /dev/null +++ b/Zend/tests/bug60598.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #60598 (cli/apache sapi segfault on objects manipulation) +--FILE-- +<?php +define('OBJECT_COUNT', 10000); + +$containers = array(); + +class Object { + protected $_guid = 0; + public function __construct() { + global $containers; + $this->guid = 1; + $containers[spl_object_hash($this)] = $this; + } + public function __destruct() { + global $containers; + $containers[spl_object_hash($this)] = NULL; + } +} + +for ($i = 0; $i < OBJECT_COUNT; ++$i) { + new Object(); +} + +// You probably won't see this because of the "zend_mm_heap corrupted" +?> +If you see this, try to increase OBJECT_COUNT to 100,000 +--EXPECT-- +If you see this, try to increase OBJECT_COUNT to 100,000 diff --git a/Zend/zend_objects_API.c b/Zend/zend_objects_API.c index 1fe5d0c199..b5dd48f798 100644 --- a/Zend/zend_objects_API.c +++ b/Zend/zend_objects_API.c @@ -57,6 +57,11 @@ ZEND_API void zend_objects_store_call_destructors(zend_objects_store *objects TS obj->dtor(obj->object, i TSRMLS_CC); obj = &objects->object_buckets[i].bucket.obj; obj->refcount--; + + if (obj->refcount == 0) { + /* in case gc_collect_cycle is triggered before free_storage */ + GC_REMOVE_ZOBJ_FROM_BUFFER(obj); + } } } } diff --git a/ext/date/php_date.c b/ext/date/php_date.c index 8afe47fbcc..95c68f1a78 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -2198,13 +2198,13 @@ static HashTable *date_object_get_properties(zval *object TSRMLS_DC) /* first we add the date and time in ISO format */ MAKE_STD_ZVAL(zv); ZVAL_STRING(zv, date_format("Y-m-d H:i:s", 12, dateobj->time, 1), 0); - zend_hash_update(props, "date", 5, &zv, sizeof(zval), NULL); + zend_hash_update(props, "date", 5, &zv, sizeof(zv), NULL); /* then we add the timezone name (or similar) */ if (dateobj->time->is_localtime) { MAKE_STD_ZVAL(zv); ZVAL_LONG(zv, dateobj->time->zone_type); - zend_hash_update(props, "timezone_type", 14, &zv, sizeof(zval), NULL); + zend_hash_update(props, "timezone_type", 14, &zv, sizeof(zv), NULL); MAKE_STD_ZVAL(zv); switch (dateobj->time->zone_type) { @@ -2227,7 +2227,7 @@ static HashTable *date_object_get_properties(zval *object TSRMLS_DC) ZVAL_STRING(zv, dateobj->time->tz_abbr, 1); break; } - zend_hash_update(props, "timezone", 9, &zv, sizeof(zval), NULL); + zend_hash_update(props, "timezone", 9, &zv, sizeof(zv), NULL); } return props; @@ -2305,7 +2305,7 @@ static HashTable *date_object_get_properties_timezone(zval *object TSRMLS_DC) MAKE_STD_ZVAL(zv); ZVAL_LONG(zv, tzobj->type); - zend_hash_update(props, "timezone_type", 14, &zv, sizeof(zval), NULL); + zend_hash_update(props, "timezone_type", 14, &zv, sizeof(zv), NULL); MAKE_STD_ZVAL(zv); switch (tzobj->type) { @@ -2327,7 +2327,7 @@ static HashTable *date_object_get_properties_timezone(zval *object TSRMLS_DC) ZVAL_STRING(zv, tzobj->tzi.z.abbr, 1); break; } - zend_hash_update(props, "timezone", 9, &zv, sizeof(zval), NULL); + zend_hash_update(props, "timezone", 9, &zv, sizeof(zv), NULL); return props; } @@ -2394,7 +2394,7 @@ static HashTable *date_object_get_properties_interval(zval *object TSRMLS_DC) #define PHP_DATE_INTERVAL_ADD_PROPERTY(n,f) \ MAKE_STD_ZVAL(zv); \ ZVAL_LONG(zv, (long)intervalobj->diff->f); \ - zend_hash_update(props, n, strlen(n) + 1, &zv, sizeof(zval), NULL); + zend_hash_update(props, n, strlen(n) + 1, &zv, sizeof(zv), NULL); PHP_DATE_INTERVAL_ADD_PROPERTY("y", y); PHP_DATE_INTERVAL_ADD_PROPERTY("m", m); @@ -2411,7 +2411,7 @@ static HashTable *date_object_get_properties_interval(zval *object TSRMLS_DC) } else { MAKE_STD_ZVAL(zv); ZVAL_FALSE(zv); - zend_hash_update(props, "days", 5, &zv, sizeof(zval), NULL); + zend_hash_update(props, "days", 5, &zv, sizeof(zv), NULL); } PHP_DATE_INTERVAL_ADD_PROPERTY("special_type", special.type); PHP_DATE_INTERVAL_ADD_PROPERTY("special_amount", special.amount); diff --git a/ext/session/tests/session_hash_function_basic.phpt b/ext/session/tests/session_hash_function_basic.phpt index 45b8bc0710..663852d9d1 100644 --- a/ext/session/tests/session_hash_function_basic.phpt +++ b/ext/session/tests/session_hash_function_basic.phpt @@ -2,6 +2,8 @@ Test session.hash_function ini setting : basic functionality --SKIPIF-- <?php include('skipif.inc'); ?> +--INI-- +session.hash_bits_per_character=4 --FILE-- <?php |