1
Subject: Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early).
2
Author: mail_ben_schmidt at yahoo dot com dot au
3
Origin: http://svn.php.net/viewvc?view=revision&revision=303913
4
Bug: http://bugs.php.net/52879
8
Patch is modified from upstream commit to remove edits to the NEWS file,
9
to reduce conflicts when applying patches and backported to apply to
10
earlier releases of php.
12
Index: Zend/zend_object_handlers.c
13
===================================================================
14
--- Zend/zend_object_handlers.c (revision 303912)
15
+++ Zend/zend_object_handlers.c (revision 303913)
18
/* have getter - try with it! */
20
+ if (PZVAL_IS_REF(object)) {
21
+ SEPARATE_ZVAL(&object);
23
guard->in_get = 1; /* prevent circular getting */
24
rv = zend_std_call_getter(object, member TSRMLS_CC);
30
- int setter_done = 0;
33
if (zobj->ce->__set &&
34
zend_get_property_guard(zobj, property_info, member, &guard) == SUCCESS &&
37
+ if (PZVAL_IS_REF(object)) {
38
+ SEPARATE_ZVAL(&object);
40
guard->in_set = 1; /* prevent circular setting */
41
if (zend_std_call_setter(object, member, value TSRMLS_CC) != SUCCESS) {
42
/* for now, just ignore it - __set should take care of warnings, etc. */
46
zval_ptr_dtor(&object);
48
- if (!setter_done && property_info) {
49
+ } else if (property_info) {
52
/* if we assign referenced variable, we should separate it */
55
/* have unseter - try with it! */
57
+ if (PZVAL_IS_REF(object)) {
58
+ SEPARATE_ZVAL(&object);
60
guard->in_unset = 1; /* prevent circular unsetting */
61
zend_std_call_unsetter(object, member TSRMLS_CC);
65
/* have issetter - try with it! */
67
+ if (PZVAL_IS_REF(object)) {
68
+ SEPARATE_ZVAL(&object);
70
guard->in_isset = 1; /* prevent circular getting */
71
rv = zend_std_call_issetter(object, member TSRMLS_CC);
73
Index: Zend/tests/bug52879.phpt
74
===================================================================
75
--- Zend/tests/bug52879.phpt (revision 0)
76
+++ Zend/tests/bug52879.phpt (revision 303913)
79
+Bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early)
84
+ public function __set($property,$value) {
85
+ $this->myRef = $value;
88
+$myGlobal=new MyClass($myGlobal);
89
+$myGlobal->myRef=&$myGlobal;
90
+$myGlobal->myNonExistentProperty="ok\n";