Finally!!! Fixed segfault in GC

this must not be the final fix, but let's stop the segfault first and use this to indicate where the problem is. reproduced by phpspec
bof · Sep 12, 2014 · 78ce255 · 78ce255
1 parent 4db2181
commit 78ce255
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/Zend/zend_gc.c b/Zend/zend_gc.c
@@ -492,8 +492,11 @@ static int gc_collect_white(zend_refcounted *ref TSRMLS_DC)
 			} else if (GC_G(first_unused) != GC_G(last_unused)) {
 				buf = GC_G(first_unused);
 				GC_G(first_unused)++;
+			} else {
+				/* TODO: find a perfect way to handle such case */
+				GC_G(gc_full) = 1;
 			}
-			/* TODO: what should we do if we don't have room ??? */
+
 			if (buf) {
 				buf->ref = ref;
 				buf->next = GC_G(roots).next;
@@ -609,6 +612,18 @@ static int gc_collect_roots(TSRMLS_D)
 		}
 		current = current->next;
 	}
+
+	if (GC_G(gc_full) == 1) {
+		current = GC_G(roots).next;
+		while (current != &GC_G(roots)) {
+			GC_SET_ADDRESS(GC_INFO(current->ref), 0);
+			GC_SET_BLACK(GC_INFO(current->ref));
+			current = current->next;
+		}
+		gc_reset(TSRMLS_CC);
+		return 0;
+	}
+
 	/* relink remaining roots into list to free */
 	if (GC_G(roots).next != &GC_G(roots)) {
 		if (GC_G(to_free).next == &GC_G(to_free)) {

diff --git a/Zend/zend_gc.h b/Zend/zend_gc.h
@@ -83,6 +83,7 @@ typedef struct _gc_root_buffer {
 typedef struct _zend_gc_globals {
 	zend_bool         gc_enabled;
 	zend_bool         gc_active;
+	zend_bool         gc_full;
 
 	gc_root_buffer   *buf;				/* preallocated arrays of buffers   */
 	gc_root_buffer    roots;			/* list of possible roots of cycles */