From c3132781ecb7b6ff9ca4c8ccb64847fdeb26d2f4 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 27 Jun 2019 12:46:06 +0200 Subject: Fix phpdbg shutdown order In particular, make sure that everything using zmm is released before zmm is shut down. phpdbg currently gets away with this, because either a) its custom handlers are used and no auto-free happens or b) the system allocator is used and no auto-free happens. With the tracking allocator for asan this no longer works. --- sapi/phpdbg/phpdbg.c | 49 +++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) (limited to 'sapi/phpdbg/phpdbg.c') diff --git a/sapi/phpdbg/phpdbg.c b/sapi/phpdbg/phpdbg.c index d334870f7e..4a8ab1c5a4 100644 --- a/sapi/phpdbg/phpdbg.c +++ b/sapi/phpdbg/phpdbg.c @@ -218,18 +218,6 @@ static PHP_MINIT_FUNCTION(phpdbg) /* {{{ */ static PHP_MSHUTDOWN_FUNCTION(phpdbg) /* {{{ */ { - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_PENDING]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_SYM]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FUNCTION_OPLINE]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD_OPLINE]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPCODE]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_COND]); - zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP]); - zend_hash_destroy(&PHPDBG_G(seek)); zend_hash_destroy(&PHPDBG_G(registered)); phpdbg_destroy_watchpoints(); @@ -258,12 +246,6 @@ static PHP_MSHUTDOWN_FUNCTION(phpdbg) /* {{{ */ PHPDBG_G(oplog) = NULL; } - if (PHPDBG_G(ops)) { - destroy_op_array(PHPDBG_G(ops)); - efree(PHPDBG_G(ops)); - PHPDBG_G(ops) = NULL; - } - if (PHPDBG_G(oplog_list)) { phpdbg_oplog_list *cur = PHPDBG_G(oplog_list); do { @@ -902,6 +884,27 @@ static int php_sapi_phpdbg_activate(void) /* {{{ */ static int php_sapi_phpdbg_deactivate(void) /* {{{ */ { + /* Everything using ZMM should be freed here... */ + zend_hash_destroy(&PHPDBG_G(file_sources)); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_PENDING]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_SYM]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FUNCTION_OPLINE]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD_OPLINE]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPCODE]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_COND]); + zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP]); + zend_hash_destroy(&PHPDBG_G(seek)); + + if (PHPDBG_G(ops)) { + destroy_op_array(PHPDBG_G(ops)); + efree(PHPDBG_G(ops)); + PHPDBG_G(ops) = NULL; + } + return SUCCESS; } @@ -2095,10 +2098,6 @@ phpdbg_out: zend_objects_store_mark_destructed(&EG(objects_store)); } - zend_try { - php_request_shutdown(NULL); - } zend_end_try(); - if (PHPDBG_G(exec) && strcmp("Standard input code", PHPDBG_G(exec)) == SUCCESS) { /* i.e. execution context has been read from stdin - back it up */ phpdbg_file_source *data = zend_hash_str_find_ptr(&PHPDBG_G(file_sources), PHPDBG_G(exec), PHPDBG_G(exec_len)); backup_phpdbg_compile = zend_string_alloc(data->len + 2, 1); @@ -2106,6 +2105,10 @@ phpdbg_out: sprintf(ZSTR_VAL(backup_phpdbg_compile), "?>%.*s", (int) data->len, data->buf); } + zend_try { + php_request_shutdown(NULL); + } zend_end_try(); + /* backup globals when cleaning */ if ((cleaning > 0 || remote) && !quit_immediately) { settings = calloc(1, sizeof(zend_phpdbg_globals)); @@ -2158,8 +2161,6 @@ phpdbg_out: Z_PTR_P(zv) = (void*)PHPDBG_G(orig_url_wrap_php); } - zend_hash_destroy(&PHPDBG_G(file_sources)); - php_module_shutdown(); #ifndef _WIN32 -- cgit v1.2.1