Skip to content

Commit

Permalink
Fixed bug #74954 (null deref and segfault in zend_generator_resume())
Browse files Browse the repository at this point in the history
  • Loading branch information
bwoebi committed Jul 22, 2017
1 parent e405ff5 commit bad5d0d
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 4 deletions.
1 change: 1 addition & 0 deletions NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ PHP NEWS

- Core:
. Fixed bug #74947 (Segfault in scanner on INF number). (Laruence)
. Fixed bug #74954 (null deref and segfault in zend_generator_resume()). (Bob)

- SimpleXML:
. Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
Expand Down
45 changes: 45 additions & 0 deletions Zend/tests/generators/bug74954.phpt
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
--TEST--
Bug #74954 (crash after update of generator yielding from finished generator)
--FILE--
<?php

function from() {
yield 1;
throw new Exception();
}

function gen($gen) {
try {
var_dump(yield from $gen);
} catch (Exception $e) { print "Caught exception!\n$e\n"; }
}

$gen = from();
$gens[] = gen($gen);
$gens[] = gen($gen);

foreach ($gens as $g) {
$g->current();
}

do {
foreach ($gens as $i => $g) {
$g->next();
}
} while($gens[0]->valid());

?>
--EXPECTF--
Caught exception!
Exception in %s:%d
Stack trace:
#0 %s(%d): from()
#1 [internal function]: gen(Object(Generator))
#2 %s(%d): Generator->next()
#3 {main}
Caught exception!
ClosedGeneratorException: Generator yielded from aborted, no return value available in %s:%d
Stack trace:
#0 [internal function]: gen(Object(Generator))
#1 %s(%d): Generator->next()
#2 {main}
6 changes: 2 additions & 4 deletions Zend/zend_generators.c
Original file line number Diff line number Diff line change
Expand Up @@ -644,15 +644,13 @@ exception: {

ZEND_API void zend_generator_resume(zend_generator *orig_generator) /* {{{ */
{
zend_generator *generator;
zend_generator *generator = zend_generator_get_current(orig_generator);

/* The generator is already closed, thus can't resume */
if (UNEXPECTED(!orig_generator->execute_data)) {
if (UNEXPECTED(!generator->execute_data)) {
return;
}

generator = zend_generator_get_current(orig_generator);

try_again:
if (generator->flags & ZEND_GENERATOR_CURRENTLY_RUNNING) {
zend_throw_error(NULL, "Cannot resume an already running generator");
Expand Down

0 comments on commit bad5d0d

Please sign in to comment.