From b28254c8f2086f608b928c1cb6c609e388b1111d Mon Sep 17 00:00:00 2001
From: Mark Williams <mwilliams@fb.com>
Date: Fri, 19 Apr 2013 14:25:49 -0700
Subject: [PATCH] Fix a crash if an exception is thrown in a constructor's
 surprise check

The unwinder assumed that if the actrec's constructor flag
was set, then there must be a $this. But the $this is cleared during
the return sequence.
---
 hphp/runtime/vm/bytecode.cpp                 |  3 +--
 hphp/test/quick/constructor_throw.php        | 21 ++++++++++++++++++++
 hphp/test/quick/constructor_throw.php.expect |  1 +
 3 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 hphp/test/quick/constructor_throw.php
 create mode 100644 hphp/test/quick/constructor_throw.php.expect

diff --git a/hphp/runtime/vm/bytecode.cpp b/hphp/runtime/vm/bytecode.cpp
index 42d6de2bc..ab283e8a9 100644
--- a/hphp/runtime/vm/bytecode.cpp
+++ b/hphp/runtime/vm/bytecode.cpp
@@ -982,8 +982,7 @@ UnwindStatus Stack::unwindFrag(ActRec* fp, int offset,
   // count starts over for the caller frame.
   fault.m_handledCount = 0;
 
-  if (fp->isFromFPushCtor()) {
-    assert(fp->hasThis());
+  if (fp->isFromFPushCtor() && fp->hasThis()) {
     fp->getThis()->setNoDestruct();
   }
 
diff --git a/hphp/test/quick/constructor_throw.php b/hphp/test/quick/constructor_throw.php
new file mode 100644
index 000000000..2dca1f908
--- /dev/null
+++ b/hphp/test/quick/constructor_throw.php
@@ -0,0 +1,21 @@
+<?php
+
+class X {
+  function __construct() {
+  }
+}
+
+function handler($kind, $name) {
+  if ($kind == 'exit' && $name == 'X::__construct') throw new Exception;
+}
+
+function test() {
+  fb_setprofile('handler');
+  try {
+    new X;
+  } catch (Exception $e) {
+    echo "ok\n";
+  }
+}
+
+test();
diff --git a/hphp/test/quick/constructor_throw.php.expect b/hphp/test/quick/constructor_throw.php.expect
new file mode 100644
index 000000000..9766475a4
--- /dev/null
+++ b/hphp/test/quick/constructor_throw.php.expect
@@ -0,0 +1 @@
+ok