diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2014-07-01 00:13:34 +0400 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2014-07-01 00:13:34 +0400 |
| commit | 2330be5641c907b7edd7cffdd3074e85d0091df5 (patch) | |
| tree | e32e6f42ba3d0c80f88e092359351a3cdb482692 | |
| parent | 023d53fea5109aef3a1fc9ec7864b02ea1ec054c (diff) | |
| download | php-git-2330be5641c907b7edd7cffdd3074e85d0091df5.tar.gz | |
Fixed possible crash because of race conditions on modifying constants in shared memory
| -rw-r--r-- | Zend/zend_execute.c | 20 | ||||
| -rw-r--r-- | Zend/zend_vm_def.h | 7 | ||||
| -rw-r--r-- | Zend/zend_vm_execute.h | 7 |
3 files changed, 34 insertions, 0 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index ad92c5fb6f..6ada04e1cb 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -943,6 +943,26 @@ copy_value: } } +static void zval_deep_copy(zval **p) +{ + zval *value; + + ALLOC_ZVAL(value); + *value = **p; + if (Z_TYPE_P(value) == IS_ARRAY) { + HashTable *ht; + + ALLOC_HASHTABLE(ht); + zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(value)), NULL, ZVAL_PTR_DTOR, 0); + zend_hash_copy(ht, Z_ARRVAL_P(value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *)); + Z_ARRVAL_P(value) = ht; + } else { + zval_copy_ctor(value); + } + INIT_PZVAL(value); + *p = value; +} + /* Utility Functions for Extensions */ static void zend_extension_statement_handler(const zend_extension *extension, zend_op_array *op_array TSRMLS_DC) { diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index cd7dbf498d..c3fb86ddd3 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -3422,6 +3422,13 @@ ZEND_VM_HANDLER(64, ZEND_RECV_INIT, ANY, CONST) if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) { Z_SET_REFCOUNT_P(assignment_value, 1); zval_update_constant(&assignment_value, 0 TSRMLS_CC); + } else if (Z_TYPE_P(assignment_value) == IS_ARRAY) { + HashTable *ht; + + ALLOC_HASHTABLE(ht); + zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0); + zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *)); + Z_ARRVAL_P(assignment_value) = ht; } else { zval_copy_ctor(assignment_value); } diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 29a8c0c80f..3fa94d12af 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -1624,6 +1624,13 @@ static int ZEND_FASTCALL ZEND_RECV_INIT_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) { Z_SET_REFCOUNT_P(assignment_value, 1); zval_update_constant(&assignment_value, 0 TSRMLS_CC); + } else if (Z_TYPE_P(assignment_value) == IS_ARRAY) { + HashTable *ht; + + ALLOC_HASHTABLE(ht); + zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0); + zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *)); + Z_ARRVAL_P(assignment_value) = ht; } else { zval_copy_ctor(assignment_value); } |