diff options
| author | Xinchen Hui <laruence@gmail.com> | 2017-02-26 12:05:56 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2017-02-26 12:05:56 +0800 |
| commit | 6a584cf318a9265a55df69930a64122fcde46948 (patch) | |
| tree | dbdeadaced3f33473b272337f191242705779a54 | |
| parent | 36fcc4cb5d92dabc8c8f6f0587c81093bcac878c (diff) | |
| download | php-git-6a584cf318a9265a55df69930a64122fcde46948.tar.gz | |
Fixed bug #74157 (Segfault with nested generators)
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | Zend/tests/generators/bug74157.phpt | 23 | ||||
| -rw-r--r-- | Zend/zend_vm_def.h | 2 | ||||
| -rw-r--r-- | Zend/zend_vm_execute.h | 2 |
4 files changed, 26 insertions, 2 deletions
@@ -3,6 +3,7 @@ PHP NEWS ?? ??? 2017, PHP 7.1.3 - Core: + . Fixed bug #74157 (Segfault with nested generators). (Laruence) . Fixed bug #74164 (PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg). (Laruence) . Fixed bug #74093 (Maximum execution time of n+2 seconds exceed not written diff --git a/Zend/tests/generators/bug74157.phpt b/Zend/tests/generators/bug74157.phpt new file mode 100644 index 0000000000..d5f0233aec --- /dev/null +++ b/Zend/tests/generators/bug74157.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #74157 (Segfault with nested generators) +--FILE-- +<?php + +function a() { + $a = $b = $c = 2; + foreach(range(1, 5) as $v) { + yield $v; + } + return; +} + +foreach (a(range(1, 3)) as $a) { + var_dump($a); +} +?> +--EXPECTF-- +int(1) +int(2) +int(3) +int(4) +int(5) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 80b06ff25a..00b1301948 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -4093,7 +4093,7 @@ ZEND_VM_HANDLER(41, ZEND_GENERATOR_CREATE, ANY, ANY) * is allocated on heap. */ num_args = EX_NUM_ARGS(); - if (EXPECTED(num_args <= EX(func)->op_array.last_var)) { + if (EXPECTED(num_args <= EX(func)->op_array.num_args)) { used_stack = (ZEND_CALL_FRAME_SLOT + EX(func)->op_array.last_var + EX(func)->op_array.T) * sizeof(zval); gen_execute_data = (zend_execute_data*)emalloc(used_stack); used_stack = (ZEND_CALL_FRAME_SLOT + EX(func)->op_array.last_var) * sizeof(zval); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 04f33ca12c..67107897f9 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -1179,7 +1179,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_GENERATOR_CREATE_SPEC_HANDLER( * is allocated on heap. */ num_args = EX_NUM_ARGS(); - if (EXPECTED(num_args <= EX(func)->op_array.last_var)) { + if (EXPECTED(num_args <= EX(func)->op_array.num_args)) { used_stack = (ZEND_CALL_FRAME_SLOT + EX(func)->op_array.last_var + EX(func)->op_array.T) * sizeof(zval); gen_execute_data = (zend_execute_data*)emalloc(used_stack); used_stack = (ZEND_CALL_FRAME_SLOT + EX(func)->op_array.last_var) * sizeof(zval); |