Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57566 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 74038 invoked from network); 30 Jan 2012 09:34:23 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 Jan 2012 09:34:23 -0000 Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.199.177.89 as permitted sender) X-PHP-List-Original-Sender: dmitry@zend.com X-Host-Fingerprint: 212.199.177.89 il-mr1.zend.com Received: from [212.199.177.89] ([212.199.177.89:51366] helo=il-mr1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 48/C1-53934-D14662F4 for ; Mon, 30 Jan 2012 04:34:22 -0500 Received: from il-gw1.zend.com (unknown [10.1.1.22]) by il-mr1.zend.com (Postfix) with ESMTP id 22639607BC; Mon, 30 Jan 2012 11:32:47 +0200 (IST) Received: from tpl2.home (10.1.10.8) by il-ex2.zend.net (10.1.1.22) with Microsoft SMTP Server id 14.1.255.0; Mon, 30 Jan 2012 11:33:39 +0200 Message-ID: <4F266418.6060909@zend.com> Date: Mon, 30 Jan 2012 13:34:16 +0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0 MIME-Version: 1.0 To: yoram bar haim CC: Stas Malyshev , PHP Internals , Zeev Suraski , Lior Kaplan References: <201201291807.52092.yoram.b@zend.com> <4F25DBC8.9000308@sugarcrm.com> <4F2645AE.80606@zend.com> <201201301118.46459.yoram.b@zend.com> In-Reply-To: <201201301118.46459.yoram.b@zend.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.1.10.8] Subject: Re: One more crash in PHP 5.4 From: dmitry@zend.com (Dmitry Stogov) Thanks. I'll commit the patch later today. Thanks. Dmitry. On 01/30/2012 01:18 PM, yoram bar haim wrote: > We have the crash in Zend JavaBridge, but yes it will probably occur in .com > eather. > ther scenario is quite simple, you just call a method in a loop. in the > second interation, it will crash. > here is a stenario with JavaBridge : > > java_require(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'Persons.jar'); > java_set_encoding('UTF-8'); > > $employeeClass = 'Employee'; > > $person = new java($employeeClass, "Gadi","Goldbarg",28,"male",3000,10); > > for ($i =0; $i< 2; $i++) { > try { > $person->xxx(); > } catch (Exception $e) { > } > } > > ?> > > On Monday, January 30, 2012 09:24:30 AM Dmitry Stogov wrote: >> Hi, >> >> On 01/30/2012 03:52 AM, Stas Malyshev wrote: >>> Hi! >>> >>>> in zend_vm_execute.h:701 PHP free's the function struct in case of >>>> ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline >>>> calling >>>> the function hast a pointer to the very same struct in it's >>>> cache_slot. when >>>> this opcode is called againg, the cache is used and it crashes. >>> >>> How this can be reproduced? >> >> I would like to see the test case too as well. Is it related to >> ext/com_dotnet? It's the only extension that uses overloaded functions >> in php distribution. >> >>>> my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does >>>> solve the >>>> problem and makes sense to me logically. it is also possible to not >>>> free it >>>> and let it be re-used from cache_slot. >>>> >>>> my pacth is attached. >>> >>> The patch should be to zend_vm_def.h since vm_execute is generated. >>> Dmitry, what do you think about this? >> >> From the first look the patch makes sense. Of course it should be >> applied to zend_vm_def.h. >> >> It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE >> in extensions, but the patch looks more robust. >> >> Thanks. Dmitry.