mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-30 21:35:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix undef var exception handling in JMP_NULL

Browse Source 
We need to initialize the result variable in the exceptional
case as well.

Fixes oss-fuzz #25526.
This commit is contained in:
Nikita Popov 2020-09-15 15:43:31 +02:00
parent a009d370e9
commit 3c53732332
3 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Zend/tests/nullsafe_operator/039.phpt Normal file
View File

@ -0,0 +1,18 @@
--TEST--
Handling of undef variable exception in JMP_NULL
--FILE--
<?php
set_error_handler(function($_, $m) {
throw new Exception($m);
});
try {
$foo?->foo;
} catch (Exception $e) {
echo $e->getMessage(), "\n";
}
?>
--EXPECT--
Undefined variable $foo

3
Zend/zend_vm_def.h
View File

@ -7376,6 +7376,7 @@ ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMPVARCV, JMP_ADDR)
zval *result = EX_VAR(opline->result.var);
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
ZVAL_NULL(result);
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
SAVE_OPLINE();
ZVAL_UNDEFINED_OP1();
@ -7383,8 +7384,6 @@ ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMPVARCV, JMP_ADDR)
HANDLE_EXCEPTION();
}
}
ZVAL_NULL(result);
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
ZVAL_FALSE(result);
} else {

6
Zend/zend_vm_execute.h
View File

@ -5279,6 +5279,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_CON
zval *result = EX_VAR(opline->result.var);
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
ZVAL_NULL(result);
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
SAVE_OPLINE();
ZVAL_UNDEFINED_OP1();
@ -5286,8 +5287,6 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_CON
HANDLE_EXCEPTION();
}
}
ZVAL_NULL(result);
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
ZVAL_FALSE(result);
} else {
@ -12047,6 +12046,7 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_TMPV
zval *result = EX_VAR(opline->result.var);
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
ZVAL_NULL(result);
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
SAVE_OPLINE();
ZVAL_UNDEFINED_OP1();
@ -12054,8 +12054,6 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_TMPV
HANDLE_EXCEPTION();
}
}
ZVAL_NULL(result);
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
ZVAL_FALSE(result);
} else {