Hi,
I think, I found the root problem of https://bugs.php.net/bug.php?id=70805
unset($a) or unser($GLOBAL["a"]) triggered GC and destructors calls that
tried to release the same global variable $a once again. As result it's
reference counter was decremented twice and this caused use-after-free,
double-free, etc.
The proposed cumulative fix for all related problems:
https://gist.github.com/dstogov/7aa9d24876e2b3fce8c5
Xinchen, could you please review and verify this once again,
then add necessary tests and commit.
Thanks. Dmitry.
Hey:
Hi,
I think, I found the root problem of https://bugs.php.net/bug.php?id=70805
unset($a) or unser($GLOBAL["a"]) triggered GC and destructors calls that
tried to release the same global variable $a once again. As result it's
reference counter was decremented twice and this caused use-after-free,
double-free, etc.The proposed cumulative fix for all related problems:
https://gist.github.com/dstogov/7aa9d24876e2b3fce8c5
Xinchen, could you please review and verify this once again,
then add necessary tests and commit.
No problem, all issues we met are resovled , thanks :)
tested and committed.
and aslo thanks the fabian who provides us ssh access to a reproducible box
(it's really hard to reproduce locally)
thanks!
Thanks. Dmitry.
--
Xinchen Hui
@Laruence
http://www.laruence.com/
Hey,
Looking at the patch, the changes to zend_vm_def.h and zend_vm_execute.h
are duplicated in 10 locations. I'm wondering if we can consolidate this
into maintainable function/macro to handle this?
Hey:
Hi,
I think, I found the root problem of
https://bugs.php.net/bug.php?id=70805unset($a) or unser($GLOBAL["a"]) triggered GC and destructors calls that
tried to release the same global variable $a once again. As result it's
reference counter was decremented twice and this caused use-after-free,
double-free, etc.The proposed cumulative fix for all related problems:
https://gist.github.com/dstogov/7aa9d24876e2b3fce8c5
Xinchen, could you please review and verify this once again,
then add necessary tests and commit.No problem, all issues we met are resovled , thanks :)
tested and committed.
and aslo thanks the fabian who provides us ssh access to a reproducible box
(it's really hard to reproduce locally)thanks!
Thanks. Dmitry.
--
Xinchen Hui
@Laruence
http://www.laruence.com/
Hey,
zend_vm_execute.h is an auto-generated file, via zend_vm_gen.php. In reality the patch only fixes the code in exactly one location (zend_vm_def.h) and then regenerated zend_vm_execute.h.
Bob
Am 04.11.2015 um 03:10 schrieb Paul Dragoonis dragoonis@gmail.com:
Hey,
Looking at the patch, the changes to zend_vm_def.h and zend_vm_execute.h
are duplicated in 10 locations. I'm wondering if we can consolidate this
into maintainable function/macro to handle this?Hey:
Hi,
I think, I found the root problem of
https://bugs.php.net/bug.php?id=70805unset($a) or unser($GLOBAL["a"]) triggered GC and destructors calls that
tried to release the same global variable $a once again. As result it's
reference counter was decremented twice and this caused use-after-free,
double-free, etc.The proposed cumulative fix for all related problems:
https://gist.github.com/dstogov/7aa9d24876e2b3fce8c5
Xinchen, could you please review and verify this once again,
then add necessary tests and commit.No problem, all issues we met are resovled , thanks :)
tested and committed.
and aslo thanks the fabian who provides us ssh access to a reproducible box
(it's really hard to reproduce locally)thanks!
Thanks. Dmitry.
--
Xinchen Hui
@Laruence
http://www.laruence.com/
Hey Bob,
Thanks, it was 2am and quite sleepy so wasn't considering the gen'd files.
Thanks for clarifying!
Hey,
zend_vm_execute.h is an auto-generated file, via zend_vm_gen.php. In
reality the patch only fixes the code in exactly one location
(zend_vm_def.h) and then regenerated zend_vm_execute.h.Bob
Am 04.11.2015 um 03:10 schrieb Paul Dragoonis dragoonis@gmail.com:
Hey,
Looking at the patch, the changes to zend_vm_def.h and zend_vm_execute.h
are duplicated in 10 locations. I'm wondering if we can consolidate this
into maintainable function/macro to handle this?Hey:
Hi,
I think, I found the root problem of
https://bugs.php.net/bug.php?id=70805unset($a) or unser($GLOBAL["a"]) triggered GC and destructors calls
that
tried to release the same global variable $a once again. As result
it's
reference counter was decremented twice and this caused use-after-free,
double-free, etc.The proposed cumulative fix for all related problems:
https://gist.github.com/dstogov/7aa9d24876e2b3fce8c5
Xinchen, could you please review and verify this once again,
then add necessary tests and commit.No problem, all issues we met are resovled , thanks :)
tested and committed.
and aslo thanks the fabian who provides us ssh access to a reproducible
box
(it's really hard to reproduce locally)thanks!
Thanks. Dmitry.
--
Xinchen Hui
@Laruence
http://www.laruence.com/