Newsgroups: php.internals,php.pecl.dev
Path: news.php.net
Xref: news.php.net php.internals:63522 php.pecl.dev:9906
Return-Path: <laruence@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 57718 invoked from network); 18 Oct 2012 09:47:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Oct 2012 09:47:10 -0000
Authentication-Results: pb1.pair.com smtp.mail=laruence@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=laruence@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.170 as permitted sender)
X-PHP-List-Original-Sender: laruence@gmail.com
X-Host-Fingerprint: 209.85.220.170 mail-vc0-f170.google.com  
Received: from [209.85.220.170] ([209.85.220.170:40836] helo=mail-vc0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3E/67-30095-B10DF705 for <internals@lists.php.net>; Thu, 18 Oct 2012 05:47:08 -0400
Received: by mail-vc0-f170.google.com with SMTP id fo14so9822324vcb.29
        for <multiple recipients>; Thu, 18 Oct 2012 02:47:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:from:date:x-google-sender-auth:message-id
         :subject:to:cc:content-type;
        bh=yyPXrpTCArV0po+PbwLBRMMHjrjc9dzFHlUWLd4yeuc=;
        b=MACDg7KKCRaRYWSU6l4UmiKaBDWn8ChZM6pczYyWLIT02XpYcxmbAWFQYmxCmBNvTB
         c7CVDdB/VEYynQI/YmTd7DCFlP7dQAV/EqV+1KRfvpj7cSDhIgsaVqgH/yxTYbMlGgKa
         KY9he1Dh2qQS8NZdVC427bbn74ME+tKLy6BIH2do+WD4TspVi04nkbpLn256X+H1rvQt
         zTjMzriWRjpYKFf7/oa4m6I8+epUd5c1lEksIlk8yPK1nY97XoVugYiVuGAaEYwRtwUp
         QA0hoNTWgqozWLYi61gg9VSuSHMMK3syV6f9G2hhaAoJ1Qk0li9YY8alErqohWPxgy+2
         /SIA==
Received: by 10.52.70.115 with SMTP id l19mr7952725vdu.127.1350553625214; Thu,
 18 Oct 2012 02:47:05 -0700 (PDT)
MIME-Version: 1.0
Sender: laruence@gmail.com
Received: by 10.221.12.8 with HTTP; Thu, 18 Oct 2012 02:46:44 -0700 (PDT)
Date: Thu, 18 Oct 2012 17:46:44 +0800
X-Google-Sender-Auth: s1Ofb4AiwT_U37SIlhtvhyI8noY
Message-ID: <CABBJUpcMfjQGWFjwrX0U8B1xoHfjR4Xs=54kodkSw9R+u0b-AQ@mail.gmail.com>
To: PHP Internals <internals@lists.php.net>, PECL Announce <pecl-dev@lists.php.net>
Cc: Dmitry Stogov <dmitry@zend.com>, Dmitry Stogov <dmitry@php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Please do not call zval_dtor on recursive array
From: laruence@php.net (Laruence)

Hey:

  recently we found a problem, that is "usage zval_dtor on a recursive
array while gc enabled"  has chance to result a segfault.

  a reproduce script could be found here:
https://github.com/php/php-src/blob/8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e/ext/pcre/tests/bug63055.phpt

  the preg_match used to call zval_dtor on the third argument. which
result a segfault, reported at #63055

  the segfault backtrace will looks like: http://pastebin.com/uPWBgrTZ

  thanks to dmitry,  we got a simple solution,  that is:  instead of
directly call to zval_dtor, please use following codes instead:
  "
    zval garbage = *subpats;
    array_init(subpats);
    zval_dtor(&garbage);
   "


 thanks

-- 
Laruence  Xinchen Hui
http://www.laruence.com/