mirror of
https://github.com/php/php-src.git
synced 2026-03-24 00:02:20 +01:00
8d2df86b06
* fix segfault in `ZEND_BIND_STATIC` In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full, the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as the opline might be a dangling pointer. * add missing test * `assert()`ing seems easier than trying to make the compiler to not optimize * moved from function call to INI setting, so we can use this in other places as well * make `assert()` work no NDEBUG builds * document magic number * fix segfault in `ZEND_FUNC_GET_ARGS` In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash, as the opline might be a dangling pointer. --------- Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>
37 lines
480 B
PHP
37 lines
480 B
PHP
--TEST--
|
|
possible segfault in `ZEND_FUNC_GET_ARGS`
|
|
--DESCRIPTION--
|
|
--EXTENSIONS--
|
|
zend_test
|
|
--INI--
|
|
zend_test.observe_opline_in_zendmm=1
|
|
--FILE--
|
|
<?php
|
|
|
|
function ref() {
|
|
return func_get_args();
|
|
}
|
|
|
|
class Foo {
|
|
public static int $i;
|
|
public static string $s = "x";
|
|
}
|
|
|
|
var_dump(Foo::$i = "1");
|
|
var_dump(Foo::$s, Foo::$i);
|
|
var_dump(ref('string', 0));
|
|
|
|
echo 'Done.';
|
|
?>
|
|
--EXPECT--
|
|
int(1)
|
|
string(1) "x"
|
|
int(1)
|
|
array(2) {
|
|
[0]=>
|
|
string(6) "string"
|
|
[1]=>
|
|
int(0)
|
|
}
|
|
Done.
|