Don't try to clean up generator stack on unclean shutdown

This fixes bugs #65035 and #65161. In one of the bugs the issue is that function_state.arguments is NULL, but the arg count is pushed to the stack and the code tries to free it. In the other bug the stack of the generator is freed twice, once in generator_close and later during shutdown. It's rather hard (if at all possible) to do a proper stack cleanup on an unclean shutdown, so I'm just disabling it in this case.
13 years ago · 0f36224beb
4 changed files with 48 additions and 0 deletions
--- a/2
+++ b/2
@ -7,6 +7,8 @@ PHP                                                                        NEWS
    (Adam)
  . Fixed bug #65108 (is_callable() triggers Fatal Error). 
    (David Soria Parra, Laruence)
+  . Fixed bug #65035 (yield / exit segfault). (Nikita)
+  . Fixed bug #65161 (Generator + autoload + syntax error = segfault). (Nikita)

 - OPcache
  . Fixed bug #64827 (Segfault in zval_mark_grey (zend_gc.c)). (Laruence)
--- a/Zend/tests/generators/bug65035.phpt
+++ b/Zend/tests/generators/bug65035.phpt
@ -0,0 +1,20 @@
+--TEST--
+Bug #65035: yield / exit segfault
+--FILE--
+<?php
+
+function gen() {
+    fn();
+    yield;
+}
+
+function fn() {
+    exit('Done');
+}
+
+$gen = gen();
+$gen->current();
+
+?>
+--EXPECT--
+Done
--- a/Zend/tests/generators/bug65161.phpt
+++ b/Zend/tests/generators/bug65161.phpt
@ -0,0 +1,20 @@
+--TEST--
+Bug #65161: Generator + autoload + syntax error = segfault
+--FILE--
+<?php
+
+function autoload() {
+    foo();
+}
+spl_autoload_register('autoload');
+
+function testGenerator() {
+    new SyntaxError('param');
+    yield;
+}
+
+foreach (testGenerator() as $i);
+
+?>
+--EXPECTF--
+Fatal error: Call to undefined function foo() in %s on line %d
--- a/Zend/zend_generators.c
+++ b/Zend/zend_generators.c
@ -55,6 +55,12 @@ ZEND_API void zend_generator_close(zend_generator *generator, zend_bool finished
 			zval_ptr_dtor(&execute_data->current_this);
 		}

+		/* A fatal error / die occured during the generator execution. Trying to clean
+		 * up the stack may not be safe in this case. */
+		if (CG(unclean_shutdown)) {
+			return;
+		}
+
 		/* If the generator is closed before it can finish execution (reach
 		 * a return statement) we have to free loop variables manually, as
 		 * we don't know whether the SWITCH_FREE / FREE opcodes have run */