Hi,
On 01/30/2012 03:52 AM, Stas Malyshev wrote:
Hi!
in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
calling
the function hast a pointer to the very same struct in it's
cache_slot. when
this opcode is called againg, the cache is used and it crashes.
How this can be reproduced?
I would like to see the test case too as well. Is it related to
ext/com_dotnet? It's the only extension that uses overloaded functions
in php distribution.
my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
solve the
problem and makes sense to me logically. it is also possible to not
free it
and let it be re-used from cache_slot.
my pacth is attached.
The patch should be to zend_vm_def.h since vm_execute is generated.
Dmitry, what do you think about this?
From the first look the patch makes sense. Of course it should be
applied to zend_vm_def.h.
It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE
in extensions, but the patch looks more robust.
Thanks. Dmitry.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
