mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 18:04:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.4'

Browse Source 
* PHP-7.4:
  Fixed bug #79947
This commit is contained in:
Nikita Popov 2020-08-10 10:12:49 +02:00
commit 74c4381806
4 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Zend/tests/bug79947.phpt Normal file
View File

@ -0,0 +1,17 @@
--TEST--
Bug #79947: Memory leak on invalid offset type in compound assignment
--FILE--
<?php
$array = [];
$key = [];
try {
$array[$key] += [$key];
} catch (TypeError $e) {
echo $e->getMessage(), "\n";
}
var_dump($array);
?>
--EXPECT--
Illegal offset type
array(0) {
}

1
Zend/zend_execute.c
View File

@ -2002,7 +2002,6 @@ static ZEND_COLD void zend_binary_assign_op_dim_slow(zval *container, zval *dim
} else {
zend_use_scalar_as_array();
}
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
}
static zend_never_inline zend_uchar slow_index_convert(HashTable *ht, const zval *dim, zend_value *value EXECUTE_DATA_DC)

1
Zend/zend_vm_def.h
View File

@ -1215,6 +1215,7 @@ ZEND_VM_C_LABEL(assign_dim_op_new_array):
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
ZEND_VM_C_LABEL(assign_dim_op_ret_null):
FREE_OP_DATA();
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}

8
Zend/zend_vm_execute.h
View File

@ -21431,6 +21431,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}
@ -23976,6 +23977,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}
@ -26201,6 +26203,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}
@ -27911,6 +27914,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}
@ -38602,6 +38606,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}
@ -42214,6 +42219,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}
@ -45003,6 +45009,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}
@ -47251,6 +47258,7 @@ assign_dim_op_new_array:
} else {
zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
assign_dim_op_ret_null:
FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
ZVAL_NULL(EX_VAR(opline->result.var));
}