diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2019-08-09 15:58:33 +0300 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2019-08-09 15:58:33 +0300 |
| commit | 1456467cfe19379150a06592d9362091d443d255 (patch) | |
| tree | 4417f3e2f260c9b3b212e0f5c767f4c4fff813f7 /Zend/zend_gc.c | |
| parent | b2044cd93eb32ea44c4283e56b87ca71a8e81306 (diff) | |
| parent | 22d23e08c927f07b0bc7ed72dbfc3d8ea79bed7c (diff) | |
| download | php-git-1456467cfe19379150a06592d9362091d443d255.tar.gz | |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fixed second part of the bug #78379 (Cast to object confuses GC, causes crash)
Diffstat (limited to 'Zend/zend_gc.c')
| -rw-r--r-- | Zend/zend_gc.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/Zend/zend_gc.c b/Zend/zend_gc.c index fcab58b1f5..97a7edaac2 100644 --- a/Zend/zend_gc.c +++ b/Zend/zend_gc.c @@ -701,11 +701,14 @@ tail_call: ZVAL_OBJ(&tmp, obj); ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { if (zv == end) goto next; } + } else { + GC_REF_SET_BLACK(ht); } while (zv != end) { if (Z_REFCOUNTED_P(zv)) { @@ -818,11 +821,14 @@ static void gc_mark_grey(zend_refcounted *ref, gc_stack *stack) ZVAL_OBJ(&tmp, obj); ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_GREY))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { if (zv == end) goto next; } + } else { + GC_REF_SET_COLOR(ht, GC_GREY); } while (zv != end) { if (Z_REFCOUNTED_P(zv)) { @@ -1006,11 +1012,14 @@ tail_call: ZVAL_OBJ(&tmp, obj); ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(!GC_REF_CHECK_COLOR(ht, GC_GREY))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { if (zv == end) goto next; } + } else { + GC_REF_SET_COLOR(ht, GC_WHITE); } while (zv != end) { if (Z_REFCOUNTED_P(zv)) { @@ -1175,7 +1184,8 @@ static int gc_collect_white(zend_refcounted *ref, uint32_t *flags, gc_stack *sta ZVAL_OBJ(&tmp, obj); ht = obj->handlers->get_gc(&tmp, &zv, &n); end = zv + n; - if (EXPECTED(!ht)) { + if (EXPECTED(!ht) || UNEXPECTED(GC_REF_CHECK_COLOR(ht, GC_BLACK))) { + ht = NULL; if (!n) goto next; while (!Z_REFCOUNTED_P(--end)) { /* count non-refcounted for compatibility ??? */ @@ -1184,6 +1194,8 @@ static int gc_collect_white(zend_refcounted *ref, uint32_t *flags, gc_stack *sta } if (zv == end) goto next; } + } else { + GC_REF_SET_BLACK(ht); } while (zv != end) { if (Z_REFCOUNTED_P(zv)) { |