Hey:
recently we found a problem, that is "usage zval_dtor on a recursive
array while gc enabled" has chance to result a segfault.
a reproduce script could be found here:
https://github.com/php/php-src/blob/8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e/ext/pcre/tests/bug63055.phpt
the preg_match used to call zval_dtor on the third argument. which
result a segfault, reported at #63055
the segfault backtrace will looks like: http://pastebin.com/uPWBgrTZ
thanks to dmitry, we got a simple solution, that is: instead of
directly call to zval_dtor, please use following codes instead:
"
zval garbage = *subpats;
array_init(subpats);
zval_dtor(&garbage);
"
thanks
--
Laruence Xinchen Hui
http://www.laruence.com/
hi Dmitry, Laruence!
Hey:
recently we found a problem, that is "usage zval_dtor on a recursive
array while gc enabled" has chance to result a segfault.a reproduce script could be found here:
https://github.com/php/php-src/blob/8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e/ext/pcre/tests/bug63055.phptthe preg_match used to call zval_dtor on the third argument. which
result a segfault, reported at #63055the segfault backtrace will looks like: http://pastebin.com/uPWBgrTZ
thanks to dmitry, we got a simple solution, that is: instead of
directly call to zval_dtor, please use following codes instead:
"
zval garbage = *subpats;
array_init(subpats);
zval_dtor(&garbage);
"
Nice catch!
We could add a macro? As it looks like many will forget to do that :)
Cheers,
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
hi Dmitry, Laruence!
Hey:
recently we found a problem, that is "usage zval_dtor on a recursive
array while gc enabled" has chance to result a segfault.a reproduce script could be found here:
https://github.com/php/php-src/blob/8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e/ext/pcre/tests/bug63055.phptthe preg_match used to call zval_dtor on the third argument. which
result a segfault, reported at #63055the segfault backtrace will looks like: http://pastebin.com/uPWBgrTZ
thanks to dmitry, we got a simple solution, that is: instead of
directly call to zval_dtor, please use following codes instead:
"
zval garbage = *subpats;
array_init(subpats);
zval_dtor(&garbage);
"
Nice catch!We could add a macro? As it looks like many will forget to do that :)
maybe a seris macro:
ZVAL_REPLACE_LONG()
ZVAL_REPLACE_STRING{L}()
ZVAL_REPLACE_ZVAL()
etc;
thanks , will do it later, only for trunk I think
thanks
Cheers,
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--
Laruence Xinchen Hui
http://www.laruence.com/
I think, I've found a more simple fix (attached) that don't require
extension patching and even allow to optimize ZE a bit.
Laruence, can you please verify it.
Sorry, I'm quite busy with other tasks.
Thanks. Dmitry.
hi Dmitry, Laruence!
Hey:
recently we found a problem, that is "usage zval_dtor on a recursive
array while gc enabled" has chance to result a segfault.a reproduce script could be found here:
https://github.com/php/php-src/blob/8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e/ext/pcre/tests/bug63055.phptthe preg_match used to call zval_dtor on the third argument. which
result a segfault, reported at #63055the segfault backtrace will looks like: http://pastebin.com/uPWBgrTZ
thanks to dmitry, we got a simple solution, that is: instead of
directly call to zval_dtor, please use following codes instead:
"
zval garbage = *subpats;
array_init(subpats);
zval_dtor(&garbage);
"
Nice catch!We could add a macro? As it looks like many will forget to do that :)
maybe a seris macro:ZVAL_REPLACE_LONG()
ZVAL_REPLACE_STRING{L}()
ZVAL_REPLACE_ZVAL()etc;
thanks , will do it later, only for trunk I think
thanks
Cheers,
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Hi:
it's great, I tested, and committed. :)
thanks
I think, I've found a more simple fix (attached) that don't require
extension patching and even allow to optimize ZE a bit.Laruence, can you please verify it.
Sorry, I'm quite busy with other tasks.Thanks. Dmitry.
hi Dmitry, Laruence!
Hey:
recently we found a problem, that is "usage zval_dtor on a recursive
array while gc enabled" has chance to result a segfault.a reproduce script could be found here:
the preg_match used to call zval_dtor on the third argument. which
result a segfault, reported at #63055the segfault backtrace will looks like: http://pastebin.com/uPWBgrTZ
thanks to dmitry, we got a simple solution, that is: instead of
directly call to zval_dtor, please use following codes instead:
"
zval garbage = *subpats;
array_init(subpats);
zval_dtor(&garbage);
"Nice catch!
We could add a macro? As it looks like many will forget to do that :)
maybe a seris macro:
ZVAL_REPLACE_LONG()
ZVAL_REPLACE_STRING{L}()
ZVAL_REPLACE_ZVAL()etc;
thanks , will do it later, only for trunk I think
thanks
Cheers,
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--
Laruence Xinchen Hui
http://www.laruence.com/