Hi!

in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline calling
the function hast a pointer to the very same struct in it's cache_slot. when
this opcode is called againg, the cache is used and it crashes.

How this can be reproduced?

my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does solve the
problem and makes sense to me logically. it is also possible to not free it
and let it be re-used from cache_slot.

my pacth is attached.

The patch should be to zend_vm_def.h since vm_execute is generated. Dmitry, what do you think about this?
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to