summaryrefslogtreecommitdiff
path: root/Zend
diff options
context:
space:
mode:
authorStanislav Malyshev <stas@php.net>2010-04-01 22:54:03 (GMT)
committerStanislav Malyshev <stas@php.net>2010-04-01 22:54:03 (GMT)
commitde363cf818917f2fa99d07748374eb340fa9758d (patch)
tree697d26552c4727a20e7b7134d3902d3fd094505c /Zend
parentcf4ea31bff28d0a3683a1dceb81047111ab32ca8 (diff)
downloadphp-de363cf818917f2fa99d07748374eb340fa9758d.tar.gz
fix #49192 - crash in GC when get_properties handler returns null
Diffstat (limited to 'Zend')
-rw-r--r--Zend/zend_gc.c48
1 files changed, 40 insertions, 8 deletions
diff --git a/Zend/zend_gc.c b/Zend/zend_gc.c
index ab1e12a..db04652 100644
--- a/Zend/zend_gc.c
+++ b/Zend/zend_gc.c
@@ -282,7 +282,11 @@ tail_call:
GC_SET_BLACK(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else if (Z_TYPE_P(pz) == IS_ARRAY) {
@@ -313,7 +317,11 @@ static void zobj_scan_black(struct _store_object *obj, zval *pz TSRMLS_DC)
GC_SET_BLACK(obj->buffered);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
@@ -346,7 +354,11 @@ tail_call:
GC_SET_COLOR(obj->buffered, GC_GREY);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else if (Z_TYPE_P(pz) == IS_ARRAY) {
@@ -380,7 +392,11 @@ static void zobj_mark_grey(struct _store_object *obj, zval *pz TSRMLS_DC)
GC_SET_COLOR(obj->buffered, GC_GREY);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {
@@ -445,7 +461,11 @@ tail_call:
GC_SET_COLOR(obj->buffered, GC_WHITE);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return 0;
+ }
+ p = props->pListHead;
}
}
}
@@ -484,7 +504,11 @@ static void zobj_scan(zval *pz TSRMLS_DC)
GC_SET_COLOR(obj->buffered, GC_WHITE);
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
zval_scan(*(zval**)p->pData TSRMLS_CC);
p = p->pListNext;
@@ -531,7 +555,11 @@ tail_call:
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
}
}
} else {
@@ -572,7 +600,11 @@ static void zobj_collect_white(zval *pz TSRMLS_DC)
if (EXPECTED(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(pz)].valid &&
Z_OBJ_HANDLER_P(pz, get_properties) != NULL)) {
- p = Z_OBJPROP_P(pz)->pListHead;
+ HashTable *props = Z_OBJPROP_P(pz);
+ if(!props) {
+ return;
+ }
+ p = props->pListHead;
while (p != NULL) {
pz = *(zval**)p->pData;
if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) != &EG(symbol_table)) {