Hi,

On 01/30/2012 03:52 AM, Stas Malyshev wrote:
Hi!

in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
calling
the function hast a pointer to the very same struct in it's
cache_slot. when
this opcode is called againg, the cache is used and it crashes.

How this can be reproduced?

I would like to see the test case too as well. Is it related to ext/com_dotnet? It's the only extension that uses overloaded functions in php distribution.

my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
solve the
problem and makes sense to me logically. it is also possible to not
free it
and let it be re-used from cache_slot.

my pacth is attached.

The patch should be to zend_vm_def.h since vm_execute is generated.
Dmitry, what do you think about this?

From the first look the patch makes sense. Of course it should be applied to zend_vm_def.h.

It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE in extensions, but the patch looks more robust.

Thanks. Dmitry.

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to