Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89067
Return-Path: <dragoonis@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29314 invoked from network); 4 Nov 2015 10:27:53 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Nov 2015 10:27:53 -0000
Authentication-Results: pb1.pair.com smtp.mail=dragoonis@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=dragoonis@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.41 as permitted sender)
X-PHP-List-Original-Sender: dragoonis@gmail.com
X-Host-Fingerprint: 74.125.82.41 mail-wm0-f41.google.com  
Received: from [74.125.82.41] ([74.125.82.41:33856] helo=mail-wm0-f41.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 31/6D-13519-6ADD9365 for <internals@lists.php.net>; Wed, 04 Nov 2015 05:27:51 -0500
Received: by wmff134 with SMTP id f134so106427692wmf.1
        for <internals@lists.php.net>; Wed, 04 Nov 2015 02:27:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=yvk+k0b4AIZ44CeezhZYQZ7LYE+lFX8ugnNkJiHOFbA=;
        b=he62zJXL4tQ8uLqLRmawLK5OjQjp3OHEijrKwuXqkkSJMt6Mj7IQ5p8aOBvJA2L4SJ
         uT2QkfP/mO56D3ADWhzg+6DKKA0BtE5HD1BwnooNKVw0Tut/Pznlr32g59EHgZxHZUTi
         FUh6KzltY8wlLFU/5b3PwDgOLdO9iQ0xse7Bd0L0Z5KTr2IMSBnERavEXXQHobuwPQxF
         aQ+KhU/r0YoUjQlTQgQwxzl/UA0zI/30imIkdoXv4wrYup8ZQCHauuxwbB/wo79mb4cE
         tWNXG2IeTXliNxodzKfqDKFK9TNShrY+dONXntqYu7GEbZbzWu4D+q+DukNOVtJuAsXa
         llsg==
MIME-Version: 1.0
X-Received: by 10.28.143.8 with SMTP id r8mr26713952wmd.3.1446632867765; Wed,
 04 Nov 2015 02:27:47 -0800 (PST)
Received: by 10.27.129.67 with HTTP; Wed, 4 Nov 2015 02:27:47 -0800 (PST)
In-Reply-To: <BLU437-SMTP100E555EB0491562F135578E22A0@phx.gbl>
References: <CA+9eiLvPy_bp6djdw902i=cfaLq94-9-KDQVBWhgCYoWeWX1JA@mail.gmail.com>
	<CABBJUpfUQSoA2JK927vJanDoUPD2_0XoJVfoTXZGs8nQxxNBug@mail.gmail.com>
	<CAKxcST_w2Bqp6ppUp=1QraNec6=ZUYdp_Fj0+3rHGtwY5yyK5g@mail.gmail.com>
	<BLU437-SMTP100E555EB0491562F135578E22A0@phx.gbl>
Date: Wed, 4 Nov 2015 10:27:47 +0000
Message-ID: <CAKxcST8cpjXfcf6=YgTvLYBK8mwd2Md-ALxF8fcCcVnO-P_6Qw@mail.gmail.com>
To: Bob Weinand <bobwei9@hotmail.com>
Cc: Xinchen Hui <xinchen.h@zend.com>, Dmitry Stogov <dmitry@zend.com>, fabian@tag1consulting.com, 
	Anatol Belski <ab@php.net>, Nikita Popov <nikita.ppv@gmail.com>, 
	PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1145aa5c3425aa0523b476bc
Subject: Re: [PHP-DEV] Bug #70805 (Segmentation faults whilst running Drupal 8
 test suite)
From: dragoonis@gmail.com (Paul Dragoonis)

--001a1145aa5c3425aa0523b476bc
Content-Type: text/plain; charset=UTF-8

Hey Bob,

Thanks, it was 2am and quite sleepy so wasn't considering the gen'd files.

Thanks for clarifying!

On Wed, Nov 4, 2015 at 2:26 AM, Bob Weinand <bobwei9@hotmail.com> wrote:

> Hey,
>
> zend_vm_execute.h is an auto-generated file, via zend_vm_gen.php. In
> reality the patch only fixes the code in exactly one location
> (zend_vm_def.h) and then regenerated zend_vm_execute.h.
>
> Bob
>
> > Am 04.11.2015 um 03:10 schrieb Paul Dragoonis <dragoonis@gmail.com>:
> >
> > Hey,
> >
> > Looking at the patch, the changes to zend_vm_def.h and zend_vm_execute.h
> > are duplicated in 10 locations. I'm wondering if we can consolidate this
> > into maintainable function/macro to handle this?
> >
> > On Wed, Nov 4, 2015 at 1:58 AM, Xinchen Hui <xinchen.h@zend.com> wrote:
> >
> >> Hey:
> >>
> >>
> >>
> >> On Wed, Nov 4, 2015 at 3:58 AM, Dmitry Stogov <dmitry@zend.com> wrote:
> >>
> >>> Hi,
> >>>
> >>> I think, I found the root problem of
> >> https://bugs.php.net/bug.php?id=70805
> >>>
> >>> unset($a) or unser($GLOBAL["a"]) triggered GC and destructors calls
> that
> >>> tried to release the same global variable $a  once again. As result
> it's
> >>> reference counter was decremented twice and this caused use-after-free,
> >>> double-free, etc.
> >>>
> >>> The proposed cumulative fix for all related problems:
> >>>
> >>> https://gist.github.com/dstogov/7aa9d24876e2b3fce8c5
> >>>
> >>> Xinchen, could you please review and verify this once again,
> >>> then add necessary tests and commit.
> >>>
> >> No problem, all issues we met are resovled , thanks :)
> >>
> >> tested and committed.
> >>
> >> and aslo thanks the fabian who provides us ssh access to a reproducible
> box
> >> (it's really hard to reproduce locally)
> >>
> >> thanks!
> >>
> >>>
> >>> Thanks. Dmitry.
> >>>
> >>
> >>
> >>
> >> --
> >> Xinchen Hui
> >> @Laruence
> >> http://www.laruence.com/
> >>
>
>

--001a1145aa5c3425aa0523b476bc--