diff options
| -rw-r--r-- | Zend/tests/bug60598.phpt | 30 | ||||
| -rw-r--r-- | Zend/zend_objects_API.c | 5 |
2 files changed, 35 insertions, 0 deletions
diff --git a/Zend/tests/bug60598.phpt b/Zend/tests/bug60598.phpt new file mode 100644 index 0000000000..eeee75a19d --- /dev/null +++ b/Zend/tests/bug60598.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #60598 (cli/apache sapi segfault on objects manipulation) +--FILE-- +<?php +define('OBJECT_COUNT', 10000); + +$containers = array(); + +class Object { + protected $_guid = 0; + public function __construct() { + global $containers; + $this->guid = 1; + $containers[spl_object_hash($this)] = $this; + } + public function __destruct() { + global $containers; + $containers[spl_object_hash($this)] = NULL; + } +} + +for ($i = 0; $i < OBJECT_COUNT; ++$i) { + new Object(); +} + +// You probably won't see this because of the "zend_mm_heap corrupted" +?> +If you see this, try to increase OBJECT_COUNT to 100,000 +--EXPECT-- +If you see this, try to increase OBJECT_COUNT to 100,000 diff --git a/Zend/zend_objects_API.c b/Zend/zend_objects_API.c index 1fe5d0c199..b5dd48f798 100644 --- a/Zend/zend_objects_API.c +++ b/Zend/zend_objects_API.c @@ -57,6 +57,11 @@ ZEND_API void zend_objects_store_call_destructors(zend_objects_store *objects TS obj->dtor(obj->object, i TSRMLS_CC); obj = &objects->object_buckets[i].bucket.obj; obj->refcount--; + + if (obj->refcount == 0) { + /* in case gc_collect_cycle is triggered before free_storage */ + GC_REMOVE_ZOBJ_FROM_BUFFER(obj); + } } } } |