Bug #62991 [Asn]: Segfault with generator and closure.
Edit report at https://bugs.php.net/bug.php?id=62991&edit=1 ID: 62991 Updated by: larue...@php.net Reported by:softwareelves at gmail dot com Summary:Segfault with generator and closure. Status: Assigned Type: Bug Package:Reproducible crash Operating System: Mac OSx 10.8.1 PHP Version:master-Git-2012-09-02 (Git) Assigned To:nikic Block user comment: N Private report: N New Comment: the static variable table should also be copied, and this func will be copied once / per closure called (create a new genartor). maybe add a new ACC flag is much more simple... which we have discussed before( I also discussed that with nikic :)) Previous Comments: [2012-09-04 06:57:58] dmi...@php.net I've added a much simpler patch. Please take a look. [2012-09-02 11:50:39] larue...@php.net The following patch has been added/updated: Patch Name: bug62991.phpt Revision: 1346586639 URL: https://bugs.php.net/patch-display.php?bug=62991&patch=bug62991.phpt&revision=1346586639 [2012-09-02 11:46:56] larue...@php.net a new patch has been attached, fixed the memleak issue, but the way is a little tricky, used the op_array->reserved fields. so I attached it here instead of ci it, wait for if we can find a better way [2012-09-02 11:45:06] larue...@php.net The following patch has been added/updated: Patch Name: bug62991.patch Revision: 1346586306 URL: https://bugs.php.net/patch-display.php?bug=62991&patch=bug62991.patch&revision=1346586306 [2012-09-02 11:24:00] larue...@php.net okey, but is there a way to find out that whether a generator has been run once? leaks reporting if the closure didn't run. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62991 -- Edit this bug report at https://bugs.php.net/bug.php?id=62991&edit=1
Bug #62991 [Asn]: Segfault with generator and closure.
Edit report at https://bugs.php.net/bug.php?id=62991&edit=1 ID: 62991 Updated by: dmi...@php.net Reported by:softwareelves at gmail dot com Summary:Segfault with generator and closure. Status: Assigned Type: Bug Package:Reproducible crash Operating System: Mac OSx 10.8.1 PHP Version:master-Git-2012-09-02 (Git) Assigned To:nikic Block user comment: N Private report: N New Comment: I've added a much simpler patch. Please take a look. Previous Comments: [2012-09-02 11:50:39] larue...@php.net The following patch has been added/updated: Patch Name: bug62991.phpt Revision: 1346586639 URL: https://bugs.php.net/patch-display.php?bug=62991&patch=bug62991.phpt&revision=1346586639 [2012-09-02 11:46:56] larue...@php.net a new patch has been attached, fixed the memleak issue, but the way is a little tricky, used the op_array->reserved fields. so I attached it here instead of ci it, wait for if we can find a better way [2012-09-02 11:45:06] larue...@php.net The following patch has been added/updated: Patch Name: bug62991.patch Revision: 1346586306 URL: https://bugs.php.net/patch-display.php?bug=62991&patch=bug62991.patch&revision=1346586306 [2012-09-02 11:24:00] larue...@php.net okey, but is there a way to find out that whether a generator has been run once? leaks reporting if the closure didn't run. [2012-09-02 10:26:03] ni...@php.net Oh, and also, I think it would be a little bit nicer if this: + if (execute_data->op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(execute_data->op_array); + efree(execute_data->op_array); + } would be written as: + if (op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(op_array); + efree(op_array); + } There already is a local op_array variable for execute_data->op_array, so it's a bit shorter to use ;) The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62991 -- Edit this bug report at https://bugs.php.net/bug.php?id=62991&edit=1
Bug #62991 [Asn]: Segfault with generator and closure.
Edit report at https://bugs.php.net/bug.php?id=62991&edit=1 ID: 62991 Updated by: larue...@php.net Reported by:softwareelves at gmail dot com Summary:Segfault with generator and closure. Status: Assigned Type: Bug Package:Reproducible crash Operating System: Mac OSx 10.8.1 PHP Version:master-Git-2012-09-02 (Git) Assigned To:nikic Block user comment: N Private report: N New Comment: a new patch has been attached, fixed the memleak issue, but the way is a little tricky, used the op_array->reserved fields. so I attached it here instead of ci it, wait for if we can find a better way Previous Comments: [2012-09-02 11:45:06] larue...@php.net The following patch has been added/updated: Patch Name: bug62991.patch Revision: 1346586306 URL: https://bugs.php.net/patch-display.php?bug=62991&patch=bug62991.patch&revision=1346586306 [2012-09-02 11:24:00] larue...@php.net okey, but is there a way to find out that whether a generator has been run once? leaks reporting if the closure didn't run. [2012-09-02 10:26:03] ni...@php.net Oh, and also, I think it would be a little bit nicer if this: + if (execute_data->op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(execute_data->op_array); + efree(execute_data->op_array); + } would be written as: + if (op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(op_array); + efree(op_array); + } There already is a local op_array variable for execute_data->op_array, so it's a bit shorter to use ;) [2012-09-02 10:23:04] ni...@php.net @laruence: The patch looks fine for me. The only thing that looks strange are these whitespace changes: -ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bindto, 0, 0, 1) + ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bindto, 0, 0, 1) ZEND_ARG_INFO(0, newthis) ZEND_ARG_INFO(0, newscope) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bind, 0, 0, 2) + ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bind, 0, 0, 2) ZEND_ARG_INFO(0, closure) ZEND_ARG_INFO(0, newthis) ZEND_ARG_INFO(0, newscope) ZEND_END_ARG_INFO() -static const zend_function_entry closure_functions[] = { - ZEND_ME(Closure, __construct, NULL, ZEND_ACC_PRIVATE) - ZEND_ME(Closure, bind, arginfo_closure_bind, ZEND_ACC_PUBLIC|ZEND_ACC_STATIC) - ZEND_MALIAS(Closure, bindTo, bind, arginfo_closure_bindto, ZEND_ACC_PUBLIC) - {NULL, NULL, NULL} -}; + static const zend_function_entry closure_functions[] = { + ZEND_ME(Closure, __construct, NULL, ZEND_ACC_PRIVATE) + ZEND_ME(Closure, bind, arginfo_closure_bind, ZEND_ACC_PUBLIC|ZEND_ACC_STATIC) + ZEND_MALIAS(Closure, bindTo, bind, arginfo_closure_bindto, ZEND_ACC_PUBLIC) + {NULL, NULL, NULL} + }; Looks like the indentation is slightly off there :) [2012-09-02 09:58:39] larue...@php.net update patch, fix tabs The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62991 -- Edit this bug report at https://bugs.php.net/bug.php?id=62991&edit=1
Bug #62991 [Asn]: Segfault with generator and closure.
Edit report at https://bugs.php.net/bug.php?id=62991&edit=1 ID: 62991 Updated by: larue...@php.net Reported by:softwareelves at gmail dot com Summary:Segfault with generator and closure. Status: Assigned Type: Bug Package:Reproducible crash Operating System: Mac OSx 10.8.1 PHP Version:master-Git-2012-09-02 (Git) Assigned To:nikic Block user comment: N Private report: N New Comment: okey, but is there a way to find out that whether a generator has been run once? leaks reporting if the closure didn't run. Previous Comments: [2012-09-02 10:26:03] ni...@php.net Oh, and also, I think it would be a little bit nicer if this: + if (execute_data->op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(execute_data->op_array); + efree(execute_data->op_array); + } would be written as: + if (op_array->fn_flags & ZEND_ACC_CLOSURE) { + destroy_op_array(op_array); + efree(op_array); + } There already is a local op_array variable for execute_data->op_array, so it's a bit shorter to use ;) [2012-09-02 10:23:04] ni...@php.net @laruence: The patch looks fine for me. The only thing that looks strange are these whitespace changes: -ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bindto, 0, 0, 1) + ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bindto, 0, 0, 1) ZEND_ARG_INFO(0, newthis) ZEND_ARG_INFO(0, newscope) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bind, 0, 0, 2) + ZEND_BEGIN_ARG_INFO_EX(arginfo_closure_bind, 0, 0, 2) ZEND_ARG_INFO(0, closure) ZEND_ARG_INFO(0, newthis) ZEND_ARG_INFO(0, newscope) ZEND_END_ARG_INFO() -static const zend_function_entry closure_functions[] = { - ZEND_ME(Closure, __construct, NULL, ZEND_ACC_PRIVATE) - ZEND_ME(Closure, bind, arginfo_closure_bind, ZEND_ACC_PUBLIC|ZEND_ACC_STATIC) - ZEND_MALIAS(Closure, bindTo, bind, arginfo_closure_bindto, ZEND_ACC_PUBLIC) - {NULL, NULL, NULL} -}; + static const zend_function_entry closure_functions[] = { + ZEND_ME(Closure, __construct, NULL, ZEND_ACC_PRIVATE) + ZEND_ME(Closure, bind, arginfo_closure_bind, ZEND_ACC_PUBLIC|ZEND_ACC_STATIC) + ZEND_MALIAS(Closure, bindTo, bind, arginfo_closure_bindto, ZEND_ACC_PUBLIC) + {NULL, NULL, NULL} + }; Looks like the indentation is slightly off there :) [2012-09-02 09:58:39] larue...@php.net update patch, fix tabs [2012-09-02 09:58:16] larue...@php.net The following patch has been added/updated: Patch Name: bug62991.patch Revision: 1346579896 URL: https://bugs.php.net/patch-display.php?bug=62991&patch=bug62991.patch&revision=1346579896 [2012-09-02 09:55:35] larue...@php.net I got a fix for this. nikic, could you please review this? thanks The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62991 -- Edit this bug report at https://bugs.php.net/bug.php?id=62991&edit=1
Bug #62991 [Asn]: Segfault with generator and closure.
Edit report at https://bugs.php.net/bug.php?id=62991&edit=1 ID: 62991 Updated by: larue...@php.net Reported by:softwareelves at gmail dot com Summary:Segfault with generator and closure. Status: Assigned Type: Bug Package:Reproducible crash Operating System: Mac OSx 10.8.1 PHP Version:master-Git-2012-09-02 (Git) Assigned To:nikic Block user comment: N Private report: N New Comment: seems the closure has been released after it was executed while destruct the outter scope.. Previous Comments: [2012-09-02 01:58:12] softwareelves at gmail dot com Description: If you create a generator-closure inside of a function and call that function before returning it, it'll cause memory corruption causing a segfault. Test script: --- int(1) [1]=> int(2) [2]=> int(3) } Actual result: -- Segmentation fault: 11 -- Edit this bug report at https://bugs.php.net/bug.php?id=62991&edit=1