mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
52cf7ab8a2
TMPVAR operands are destroyed using zval_ptr_dtor_nogc(), because they usually cannot contain cycles. However, there are some rare exceptions where this is possible, e.g. unserialize() return value. In such cases we rely on the producing code to root the value. If a GC run occurs between the rooting and consumption of the value, we would end up leaking it. To avoid this, root all live TMPVAR values after a GC run. Closes GH-7210.
18 lines
332 B
PHP
18 lines
332 B
PHP
--TEST--
|
|
Bug #80072: Cyclic unserialize in TMPVAR operand may leak
|
|
--FILE--
|
|
<?php
|
|
|
|
try {
|
|
$s = 'O:8:"stdClass":1:{s:1:"x";r:1;}';
|
|
unserialize($s) % gc_collect_cycles();
|
|
} catch (Error $e) {
|
|
echo $e->getMessage(), "\n";
|
|
}
|
|
|
|
$a[]=&$a == $a=&$b > gc_collect_cycles();
|
|
|
|
?>
|
|
--EXPECT--
|
|
Unsupported operand types: stdClass % int
|