Commits

Ruslan Osmanov committed 3e9136c

Fix: Segmentation fault caused by direct access to the zend object properties' hash table

Comments (0)

Files changed (4)

     <email>osmanov@php.net</email>
     <active>yes</active>
   </lead>
-  <date>2013-08-10</date>
+  <date>2013-08-14</date>
   <!--{{{ Current version -->
   <version>
-    <release>1.7.3</release>
+    <release>1.7.4</release>
     <api>1.7.0</api>
   </version>
   <stability>
   </stability>
   <license uri="http://www.php.net/license">PHP</license>
   <notes><![CDATA[
-  Fix: in php_event.c write_property function was non-static
-  Fix: absence of get_gc property handler caused segfaults with gc_collect_cycles()
+  Fix: Segmentation fault caused by direct access to the zend object properties' hash table
   ]]></notes>
   <!--}}}-->
   <!--{{{ Contents -->
         <file role="src" name="09-gc-cycles.phpt"/>
         <file role="src" name="10-event-data-dtor.phpt"/>
         <file role="src" name="11-gc-cycles.phpt"/>
+        <file role="src" name="12-serialization.phpt"/>
       </dir>
     </dir>
   </contents>
   </extsrcrelease>
   <!--{{{ changelog-->
   <changelog>
+    <!--{{{ 1.7.4 -->
+    <release>
+      <version>
+        <release>1.7.4</release>
+        <api>1.7.0</api>
+      </version>
+      <stability>
+        <release>stable</release>
+        <api>stable</api>
+      </stability>
+      <license uri="http://www.php.net/license">PHP</license>
+      <notes><![CDATA[
+  Fix: Segmentation fault caused by direct access to the zend object properties' hash table
+  ]]></notes>
+    </release>
+    <!--}}}-->
     <!--{{{ 1.7.3 -->
     <release>
       <version>
 	ulong                        num_key;
 
 	obj = (php_event_abstract_object_t *) zend_objects_get_address(object TSRMLS_CC);
-	/*props = zend_std_get_properties(object TSRMLS_CC);*/
-	props = obj->zo.properties;
+	/* Don't get obj->zo.properties; directly!
+	 * Otherwise serialization functions will cause SEGFAULTs */
+	props = zend_std_get_properties(object TSRMLS_CC);
 
 	if (obj->prop_handler) {
 		zend_hash_internal_pointer_reset_ex(obj->prop_handler, &pos);
 #ifndef PHP_EVENT_H
 #define PHP_EVENT_H
 
-#define PHP_EVENT_VERSION "1.7.3"
+#define PHP_EVENT_VERSION "1.7.4"
 
 #define PHP_EVENT_SUN_PREFIX "unix:"
 

tests/12-serialization.phpt

+--TEST--
+Check for SEGFAULT with serialization functions
+--FILE--
+<?php
+$base = new EventBase();
+$listener = new EventListener($base, function () { }, null, 0, -1, '0.0.0.0:12345');
+
+// The following caused segmentation faults
+serialize($listener);
+if (function_exists('json_encode')) {
+	json_encode($listener);
+}
+
+function a($a) { debug_backtrace(0, 3); }
+a($listener);
+echo "ok";
+?>
+--EXPECT--
+ok