diff options
author | Xinchen Hui <laruence@gmail.com> | 2016-05-05 15:18:24 +0800 |
---|---|---|
committer | Xinchen Hui <laruence@gmail.com> | 2016-05-05 15:18:24 +0800 |
commit | 5eecd61b89f3c573e29317b1939b98dfc80ec574 (patch) | |
tree | d64b54e0940d9546c49f0d887546ace33ce36937 /ext | |
parent | 768bdc132a730b74e217cd8d45ba0d879efb02e1 (diff) | |
parent | c15b6134f612948af39c9889b599a8c57e6bdad6 (diff) | |
download | php-git-5eecd61b89f3c573e29317b1939b98dfc80ec574.tar.gz |
Merge branch 'PHP-7.0'
* PHP-7.0:
Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite)
Diffstat (limited to 'ext')
-rw-r--r-- | ext/pcntl/pcntl.c | 21 | ||||
-rw-r--r-- | ext/pcntl/tests/bug72154.phpt | 21 |
2 files changed, 32 insertions, 10 deletions
diff --git a/ext/pcntl/pcntl.c b/ext/pcntl/pcntl.c index 230cdf443c..ef3c7fbe3d 100644 --- a/ext/pcntl/pcntl.c +++ b/ext/pcntl/pcntl.c @@ -624,12 +624,11 @@ PHP_FUNCTION(pcntl_waitpid) struct rusage rusage; #endif - if (zend_parse_parameters(ZEND_NUM_ARGS(), "lz/|lz/", &pid, &z_status, &options, &z_rusage) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS(), "lz/|lz/", &pid, &z_status, &options, &z_rusage) == FAILURE) { return; + } - convert_to_long_ex(z_status); - - status = Z_LVAL_P(z_status); + status = zval_get_long(z_status); #ifdef HAVE_WAIT4 if (z_rusage) { @@ -659,7 +658,8 @@ PHP_FUNCTION(pcntl_waitpid) } #endif - Z_LVAL_P(z_status) = status; + zval_dtor(z_status); + ZVAL_LONG(z_status, status); RETURN_LONG((zend_long) child_id); } @@ -677,12 +677,11 @@ PHP_FUNCTION(pcntl_wait) struct rusage rusage; #endif - if (zend_parse_parameters(ZEND_NUM_ARGS(), "z/|lz/", &z_status, &options, &z_rusage) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS(), "z/|lz/", &z_status, &options, &z_rusage) == FAILURE) { return; + } - convert_to_long_ex(z_status); - - status = Z_LVAL_P(z_status); + status = zval_get_long(z_status); #ifdef HAVE_WAIT3 if (z_rusage) { if (Z_TYPE_P(z_rusage) != IS_ARRAY) { @@ -711,7 +710,9 @@ PHP_FUNCTION(pcntl_wait) PHP_RUSAGE_TO_ARRAY(rusage, z_rusage); } #endif - Z_LVAL_P(z_status) = status; + + zval_dtor(z_status); + ZVAL_LONG(z_status, status); RETURN_LONG((zend_long) child_id); } diff --git a/ext/pcntl/tests/bug72154.phpt b/ext/pcntl/tests/bug72154.phpt new file mode 100644 index 0000000000..6bbbd4c5f0 --- /dev/null +++ b/ext/pcntl/tests/bug72154.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite) +--SKIPIF-- +<?php if (!extension_loaded("pcntl")) print "skip"; ?> +--FILE-- +<?php +$b = 666; +var_dump($b); +$c = &$b; +$var5 = pcntl_wait($b,0,$c); +unset($b); + +$b = 666; +var_dump($b); +$c = &$b; +$var5 = pcntl_waitpid(0,$b,0,$c); +unset($b); +?> +--EXPECT-- +int(666) +int(666) |