ID: 47930 Updated by: s...@php.net Reported By: stas at zend dot com Status: Assigned Bug Type: Reproducible crash Operating System: * PHP Version: 5.*, 6CVS (2009-04-25) Assigned To: derick New Comment:
fixed for 5.3/HEAD, 5.2 fix still required, since 5.3+ fix changes binary API Previous Comments: ------------------------------------------------------------------------ [2009-04-08 23:01:04] stas at zend dot com Description: ------------ 1. If one of the modules startup bails out, that leads to aborting the startup sequence and PG(modules_activated) be 0. This, in turn, precludes running RSHUTDOWN functions on modules. 2. ext/filter allocates IF_G(get_array), etc. in the course of the request startup, and if RSHUTDOWN is not called, they are not cleaned up. 3. Since ext/filter does not initialize IF_G arrays, on the next request uncleaned value will be used. Since these arrays are no longer pointing to a valid memory (which was cleaned on the end of the previous request), this will result in a crash. Reproduce code: --------------- 1. Create extension that uses zend_bailout in RINIT. 2. Run two requests while ext/filter is present and turned on 3. Crash! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47930&edit=1