in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline calling
the function hast a pointer to the very same struct in it's cache_slot. when
this opcode is called againg, the cache is used and it crashes.
my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does solve the
problem and makes sense to me logically. it is also possible to not free it
and let it be re-used from cache_slot.
my pacth is attached.
Hi!
in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline calling
the function hast a pointer to the very same struct in it's cache_slot. when
this opcode is called againg, the cache is used and it crashes.
How this can be reproduced?
my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does solve the
problem and makes sense to me logically. it is also possible to not free it
and let it be re-used from cache_slot.my pacth is attached.
The patch should be to zend_vm_def.h since vm_execute is generated.
Dmitry, what do you think about this?
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
Hi,
Hi!
in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
calling
the function hast a pointer to the very same struct in it's
cache_slot. when
this opcode is called againg, the cache is used and it crashes.How this can be reproduced?
I would like to see the test case too as well. Is it related to
ext/com_dotnet? It's the only extension that uses overloaded functions
in php distribution.
my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
solve the
problem and makes sense to me logically. it is also possible to not
free it
and let it be re-used from cache_slot.my pacth is attached.
The patch should be to zend_vm_def.h since vm_execute is generated.
Dmitry, what do you think about this?
From the first look the patch makes sense. Of course it should be
applied to zend_vm_def.h.
It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE
in extensions, but the patch looks more robust.
Thanks. Dmitry.
We have the crash in Zend JavaBridge, but yes it will probably occur in .com
eather.
ther scenario is quite simple, you just call a method in a loop. in the
second interation, it will crash.
here is a stenario with JavaBridge :
<?php
java_require(dirname(FILE) . DIRECTORY_SEPARATOR . 'Persons.jar');
java_set_encoding('UTF-8');
$employeeClass = 'Employee';
$person = new java($employeeClass, "Gadi","Goldbarg",28,"male",3000,10);
for ($i =0; $i< 2; $i++) {
try {
$person->xxx();
} catch (Exception $e) {
}
}
?>
Hi,
Hi!
in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
calling
the function hast a pointer to the very same struct in it's
cache_slot. when
this opcode is called againg, the cache is used and it crashes.How this can be reproduced?
I would like to see the test case too as well. Is it related to
ext/com_dotnet? It's the only extension that uses overloaded functions
in php distribution.my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
solve the
problem and makes sense to me logically. it is also possible to not
free it
and let it be re-used from cache_slot.my pacth is attached.
The patch should be to zend_vm_def.h since vm_execute is generated.
Dmitry, what do you think about this?From the first look the patch makes sense. Of course it should be
applied to zend_vm_def.h.It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE
in extensions, but the patch looks more robust.Thanks. Dmitry.
Thanks. I'll commit the patch later today.
Thanks. Dmitry.
We have the crash in Zend JavaBridge, but yes it will probably occur in .com
eather.
ther scenario is quite simple, you just call a method in a loop. in the
second interation, it will crash.
here is a stenario with JavaBridge :
<?phpjava_require(dirname(FILE) .
DIRECTORY_SEPARATOR. 'Persons.jar');
java_set_encoding('UTF-8');$employeeClass = 'Employee';
$person = new java($employeeClass, "Gadi","Goldbarg",28,"male",3000,10);
for ($i =0; $i< 2; $i++) {
try {
$person->xxx();
} catch (Exception $e) {
}
}?>
Hi,
Hi!
in zend_vm_execute.h:701 PHP free's the function struct in case of
ZEND_OVERLOADED_FUNCTION. the problem is that in PHP 5.4, the opline
calling
the function hast a pointer to the very same struct in it's
cache_slot. when
this opcode is called againg, the cache is used and it crashes.How this can be reproduced?
I would like to see the test case too as well. Is it related to
ext/com_dotnet? It's the only extension that uses overloaded functions
in php distribution.my suggested fix is not to cache ZEND_OVERLOADED_FUNCTION, it does
solve the
problem and makes sense to me logically. it is also possible to not
free it
and let it be re-used from cache_slot.my pacth is attached.
The patch should be to zend_vm_def.h since vm_execute is generated.
Dmitry, what do you think about this?From the first look the patch makes sense. Of course it should be
applied to zend_vm_def.h.It's possible to workaround the problem by setting ZEND_ACC_NEVER_CACHE
in extensions, but the patch looks more robust.Thanks. Dmitry.