Hi Nikita, Nikita Popov wrote:
We have recently been reviewing the interaction between ReflectionFunctionAbstract::getClosure(), a mechanism which converts an ordinary function or method into a "fake" closure, and closure rebinding using Closure::bindTo() and Closure::call(). It turns out that this combination has not yet received testing and multiple crashes and leaks were found and fixed [1] [2] [3] [4].
In hindsight, it is probably my fault that this wasn't spotted sooner. I should've considered the case of ::getClosure() when I wrote Closure::call().
We have one last outstanding changeset [5] waiting to land, which we want to check back with internals first, as it constitutes a BC break late in the PHP 7.0 release cycle. This changeset forbids rebinding the *scope* of closures returned by getClosure() completely.
This sounds like a reasonable approach to dealing with the problem. We already have some restrictions with internal function Closures anyway, I don't think this will hurt much, especially since cases where you need to rebind methods into different scopes are quite rare.
So, +1 from me. Thanks. -- Andrea Faulds http://ajf.me/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
