mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 18:04:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed oss-fuzz #62294: Unsetting variable after ++/-- on string variable warning

Browse Source 
Closes GH-12202
This commit is contained in:
George Peter Banyard 2023-09-13 15:15:15 +01:00
parent 673babed24
commit 0b614a6c2b
No known key found for this signature in database
GPG Key ID: 3306078E3194AEBD
4 changed files with 51 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -5,6 +5,8 @@ PHP NEWS
- Core:
. Fixed bug GH-12189 (#[Override] attribute in trait does not check for
parent class implementations). (timwolla)
. Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable
warning). (Girgias)
- Filter:
. Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)

2
Zend/tests/in-de-crement/oss-fuzz-60709_globals.phpt → Zend/tests/in-de-crement/oss-fuzz-60709_globals_unset_after_undef_warning.phpt
View File

@ -1,5 +1,5 @@
--TEST--
oss-fuzz #60709: Test
oss-fuzz #60709: Unsetting variable after undefined variable warning in ++/--
--FILE--
<?php
set_error_handler(function($_, $m) {

38
Zend/tests/in-de-crement/oss-fuzz-62294_globals_unset_after_string_warning.phpt Normal file
View File

@ -0,0 +1,38 @@
--TEST--
oss-fuzz #62294: Unsetting variable after ++/-- on string variable warning
--FILE--
<?php
set_error_handler(function($_, $m) {
echo "$m\n";
unset($GLOBALS['x']);
});
$x=" ";
echo "POST DEC\n";
var_dump($x--);
$x=" ";
echo "PRE DEC\n";
var_dump(--$x);
$x=" ";
echo "POST INC\n";
var_dump($x++);
$x=" ";
echo "PRE INC\n";
var_dump(++$x);
?>
--EXPECT--
POST DEC
Decrement on non-numeric string has no effect and is deprecated
string(1) " "
PRE DEC
Decrement on non-numeric string has no effect and is deprecated
string(1) " "
POST INC
Increment on non-alphanumeric string is deprecated
string(1) " "
PRE INC
Increment on non-alphanumeric string is deprecated
string(1) " "

16
Zend/zend_operators.c
View File

@ -2528,13 +2528,10 @@ static bool ZEND_FASTCALL increment_string(zval *str) /* {{{ */
if (UNEXPECTED(!zend_string_only_has_ascii_alphanumeric(Z_STR_P(str)))) {
zend_string *zstr = Z_STR_P(str);
GC_TRY_ADDREF(zstr);
zend_string_addref(zstr);
zend_error(E_DEPRECATED, "Increment on non-alphanumeric string is deprecated");
if (EG(exception)) {
GC_TRY_DELREF(zstr);
if (!GC_REFCOUNT(zstr)) {
efree(zstr);
}
zend_string_release(zstr);
return false;
}
zval_ptr_dtor(str);
@ -2737,11 +2734,18 @@ try_again:
zval_ptr_dtor_str(op1);
ZVAL_DOUBLE(op1, dval - 1);
break;
default:
default: {
/* Error handler can unset the variable */
zend_string *zstr = Z_STR_P(op1);
zend_string_addref(zstr);
zend_error(E_DEPRECATED, "Decrement on non-numeric string has no effect and is deprecated");
if (EG(exception)) {
zend_string_release(zstr);
return FAILURE;
}
zval_ptr_dtor(op1);
ZVAL_STR(op1, zstr);
}
}
break;
case IS_NULL: {