summaryrefslogtreecommitdiff
path: root/Zend
diff options
context:
space:
mode:
authorDmitry Stogov <dmitry@zend.com>2015-04-08 21:20:35 +0300
committerDmitry Stogov <dmitry@zend.com>2015-04-08 21:20:35 +0300
commit174b9ee6347b551c1d99a41189c9d1410e6cdd47 (patch)
tree4285052a444cec200effb9bda214d3ba4bbe5891 /Zend
parent923102230b02db4bd9c216a9694da5a822369caa (diff)
downloadphp-git-174b9ee6347b551c1d99a41189c9d1410e6cdd47.tar.gz
Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer)
Diffstat (limited to 'Zend')
-rw-r--r--Zend/tests/bug67314.phpt22
-rw-r--r--Zend/zend_execute_API.c4
2 files changed, 26 insertions, 0 deletions
diff --git a/Zend/tests/bug67314.phpt b/Zend/tests/bug67314.phpt
new file mode 100644
index 0000000000..c5b6a1293d
--- /dev/null
+++ b/Zend/tests/bug67314.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #67314 (Segmentation fault in gc_remove_zval_from_buffer)
+--FILE--
+<?php
+function crash()
+{
+ $notDefined[$i] = 'test';
+}
+
+function error_handler() { return false; }
+
+set_error_handler('error_handler');
+crash();
+echo "made it once\n";
+crash();
+echo "ok\n";
+--EXPECTF--
+Notice: Undefined variable: i in %sbug67314.php on line 4
+made it once
+
+Notice: Undefined variable: i in %sbug67314.php on line 4
+ok
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index a3fd45a99c..f3045c7b2c 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -1690,6 +1690,10 @@ ZEND_API void zend_rebuild_symbol_table(TSRMLS_D) /* {{{ */
ex->symbol_table = EG(active_symbol_table);
for (i = 0; i < ex->op_array->last_var; i++) {
if (*EX_CV_NUM(ex, i)) {
+ if (UNEXPECTED(**EX_CV_NUM(ex, i) == &EG(uninitialized_zval))) {
+ Z_DELREF(EG(uninitialized_zval));
+ ALLOC_INIT_ZVAL(**EX_CV_NUM(ex, i));
+ }
zend_hash_quick_update(EG(active_symbol_table),
ex->op_array->vars[i].name,
ex->op_array->vars[i].name_len + 1,
View Lorry Controller Status