cvs: ZendEngine2(PHP_5_2) / zend_objects_API.c
tony2001 Wed Feb 11 09:58:33 2009 UTC
Modified files: (Branch: PHP_5_2)
/ZendEngine2 zend_objects_API.c
Log:
MFH: fix bug #47353 (crash when creating a lot of objects in object destructor)
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_objects_API.c?r1=1.47.2.6.2.8&r2=1.47.2.6.2.9&diff_format=u
Index: ZendEngine2/zend_objects_API.c
diff -u ZendEngine2/zend_objects_API.c:1.47.2.6.2.8 ZendEngine2/zend_objects_API.c:1.47.2.6.2.9
--- ZendEngine2/zend_objects_API.c:1.47.2.6.2.8 Wed Dec 31 11:17:33 2008
+++ ZendEngine2/zend_objects_API.c Wed Feb 11 09:58:33 2009
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: zend_objects_API.c,v 1.47.2.6.2.8 2008/12/31 11:17:33 sebastian Exp $ */
+/* $Id: zend_objects_API.c,v 1.47.2.6.2.9 2009/02/11 09:58:33 tony2001 Exp $ */
#include "zend.h"
#include "zend_globals.h"
@@ -55,6 +55,7 @@
if (obj->dtor && obj->object) {
obj->refcount++;
obj->dtor(obj->object, i TSRMLS_CC);
+ obj = &objects->object_buckets[i].bucket.obj;
obj->refcount--;
}
}
@@ -200,6 +201,10 @@
} zend_end_try();
}
}
+
+ /* re-read the object from the object store as the store might have been reallocated in the dtor */
+ obj = &EG(objects_store).object_buckets[handle].bucket.obj;
+
if (obj->refcount == 1) {
if (obj->free_storage) {
zend_try {
@@ -241,6 +246,7 @@
}
obj->clone(obj->object, &new_object TSRMLS_CC);
+ obj = &EG(objects_store).object_buckets[handle].bucket.obj;
retval.handle = zend_objects_store_put(new_object, obj->dtor, obj->free_storage, obj->clone TSRMLS_CC);
retval.handlers = Z_OBJ_HT_P(zobject);