mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
This commit is contained in:
parent
bc6e920ebc
commit
4d8503a212
2
NEWS
2
NEWS
@ -37,6 +37,8 @@
|
||||
expected). (Stas)
|
||||
- Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
|
||||
mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
|
||||
- Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset
|
||||
can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
|
||||
- Fixed bug #52849 (GNU MP invalid version match). (Adam)
|
||||
- Fixed bug #52843 (Segfault when optional parameters are not passed in to
|
||||
mssql_connect). (Felipe)
|
||||
|
16
Zend/tests/bug52879.phpt
Normal file
16
Zend/tests/bug52879.phpt
Normal file
@ -0,0 +1,16 @@
|
||||
--TEST--
|
||||
Bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early)
|
||||
--FILE--
|
||||
<?php
|
||||
class MyClass {
|
||||
public $myRef;
|
||||
public function __set($property,$value) {
|
||||
$this->myRef = $value;
|
||||
}
|
||||
}
|
||||
$myGlobal=new MyClass($myGlobal);
|
||||
$myGlobal->myRef=&$myGlobal;
|
||||
$myGlobal->myNonExistentProperty="ok\n";
|
||||
echo $myGlobal;
|
||||
--EXPECT--
|
||||
ok
|
@ -347,6 +347,9 @@ zval *zend_std_read_property(zval *object, zval *member, int type TSRMLS_DC) /*
|
||||
!guard->in_get) {
|
||||
/* have getter - try with it! */
|
||||
Z_ADDREF_P(object);
|
||||
if (PZVAL_IS_REF(object)) {
|
||||
SEPARATE_ZVAL(&object);
|
||||
}
|
||||
guard->in_get = 1; /* prevent circular getting */
|
||||
rv = zend_std_call_getter(object, member TSRMLS_CC);
|
||||
guard->in_get = 0;
|
||||
@ -445,22 +448,22 @@ static void zend_std_write_property(zval *object, zval *member, zval *value TSRM
|
||||
}
|
||||
}
|
||||
} else {
|
||||
int setter_done = 0;
|
||||
zend_guard *guard = NULL;
|
||||
|
||||
if (zobj->ce->__set &&
|
||||
zend_get_property_guard(zobj, property_info, member, &guard) == SUCCESS &&
|
||||
!guard->in_set) {
|
||||
Z_ADDREF_P(object);
|
||||
if (PZVAL_IS_REF(object)) {
|
||||
SEPARATE_ZVAL(&object);
|
||||
}
|
||||
guard->in_set = 1; /* prevent circular setting */
|
||||
if (zend_std_call_setter(object, member, value TSRMLS_CC) != SUCCESS) {
|
||||
/* for now, just ignore it - __set should take care of warnings, etc. */
|
||||
}
|
||||
setter_done = 1;
|
||||
guard->in_set = 0;
|
||||
zval_ptr_dtor(&object);
|
||||
}
|
||||
if (!setter_done && property_info) {
|
||||
} else if (property_info) {
|
||||
zval **foo;
|
||||
|
||||
/* if we assign referenced variable, we should separate it */
|
||||
@ -643,6 +646,9 @@ static void zend_std_unset_property(zval *object, zval *member TSRMLS_DC) /* {{{
|
||||
!guard->in_unset) {
|
||||
/* have unseter - try with it! */
|
||||
Z_ADDREF_P(object);
|
||||
if (PZVAL_IS_REF(object)) {
|
||||
SEPARATE_ZVAL(&object);
|
||||
}
|
||||
guard->in_unset = 1; /* prevent circular unsetting */
|
||||
zend_std_call_unsetter(object, member TSRMLS_CC);
|
||||
guard->in_unset = 0;
|
||||
@ -1169,6 +1175,9 @@ static int zend_std_has_property(zval *object, zval *member, int has_set_exists
|
||||
|
||||
/* have issetter - try with it! */
|
||||
Z_ADDREF_P(object);
|
||||
if (PZVAL_IS_REF(object)) {
|
||||
SEPARATE_ZVAL(&object);
|
||||
}
|
||||
guard->in_isset = 1; /* prevent circular getting */
|
||||
rv = zend_std_call_issetter(object, member TSRMLS_CC);
|
||||
if (rv) {
|
||||
|
Loading…
Reference in New Issue
Block a user