Fix use after free on AST expressions in constant declarations

This commit is contained in:
Bob Weinand 2016-05-02 18:22:15 +02:00
parent 014fd895a1
commit 7c174b6197
2 changed files with 2 additions and 10 deletions

View File

@ -7170,17 +7170,13 @@ ZEND_VM_HANDLER(143, ZEND_DECLARE_CONST, CONST, CONST)
name = GET_OP1_ZVAL_PTR(BP_VAR_R);
val = GET_OP2_ZVAL_PTR(BP_VAR_R);
ZVAL_COPY_VALUE(&c.value, val);
ZVAL_COPY(&c.value, val);
if (Z_OPT_CONSTANT(c.value)) {
if (UNEXPECTED(zval_update_constant_ex(&c.value, EX(func)->op_array.scope) != SUCCESS)) {
FREE_OP1();
FREE_OP2();
HANDLE_EXCEPTION();
}
} else {
if (UNEXPECTED(Z_OPT_REFCOUNTED(c.value))) {
Z_ADDREF(c.value);
}
}
c.flags = CONST_CS; /* non persistent, case sensetive */
c.name = zend_string_dup(Z_STR_P(name), 0);

View File

@ -6083,17 +6083,13 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DECLARE_CONST_SPEC_CONST_CONST
name = EX_CONSTANT(opline->op1);
val = EX_CONSTANT(opline->op2);
ZVAL_COPY_VALUE(&c.value, val);
ZVAL_COPY(&c.value, val);
if (Z_OPT_CONSTANT(c.value)) {
if (UNEXPECTED(zval_update_constant_ex(&c.value, EX(func)->op_array.scope) != SUCCESS)) {
HANDLE_EXCEPTION();
}
} else {
if (UNEXPECTED(Z_OPT_REFCOUNTED(c.value))) {
Z_ADDREF(c.value);
}
}
c.flags = CONST_CS; /* non persistent, case sensetive */
c.name = zend_string_dup(Z_STR_P(name), 0);