mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
7b7d99839c
We need to first clean the symtable and then check whether a cache slot is available for it. Otherwise, it may happen that a destructor runs while cleaning the table and uses up all the remaining slots in the cache. This is particularly insidious because once we overflow the cache, the first pointer we modify is symtable_cache_ptr, making it hard to understand what happened after the fact. Fixes oss-fuzz #30815.
20 lines
321 B
PHP
20 lines
321 B
PHP
--TEST--
|
|
Symtable cache slots may be acquired while cleaning symtable
|
|
--FILE--
|
|
<?php
|
|
class A {
|
|
// Must be larger than the symtable cache.
|
|
static $max = 40;
|
|
function __destruct() {
|
|
if (self::$max-- < 0) return;
|
|
$x = 'y';
|
|
$$x = new a;
|
|
}
|
|
}
|
|
new A;
|
|
|
|
?>
|
|
===DONE===
|
|
--EXPECT--
|
|
===DONE===
|