- Fix bug #31436 (isset() incorrectly returns true in dereference of a wrong type)

This commit is contained in:
Moriyoshi Koizumi 2005-01-11 21:53:11 +00:00
parent 87ddc9d06b
commit 9b77de63ed
2 changed files with 272 additions and 221 deletions

25
Zend/tests/bug31436.phpt Normal file
View File

@ -0,0 +1,25 @@
--TEST--
Bug #31436 (isset incorrectly returning true when passed a bad type)
--FILE--
<?php
$a = '';
var_dump(isset($a->b));
$a = 'a';
var_dump(isset($a->b));
$a = '0';
var_dump(isset($a->b));
$a = '';
var_dump(isset($a{'b'}));
$a = 'a';
var_dump(isset($a{'b'}));
$a = '0';
var_dump(isset($a{'b'}));
?>
--EXPECTF--
bool(false)
bool(false)
bool(false)
bool(false)
bool(true)
bool(true)

View File

@ -9013,23 +9013,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_CONST(int prop_dim,
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -10326,23 +10328,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_TMP(int prop_dim, ZE
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -11660,23 +11664,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_VAR(int prop_dim, ZE
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -13124,23 +13130,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_CV(int prop_dim, ZEN
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -14188,23 +14196,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_CONST(int prop_di
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -15135,23 +15145,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_TMP(int prop_dim,
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -16082,23 +16094,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_VAR(int prop_dim,
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -17148,23 +17162,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_CV(int prop_dim,
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -19631,23 +19647,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_CONST(int prop_dim, Z
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -20944,23 +20962,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_TMP(int prop_dim, ZEN
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -22278,23 +22298,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_VAR(int prop_dim, ZEN
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -23742,23 +23764,25 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_CV(int prop_dim, ZEND
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}
@ -30806,23 +30830,25 @@ static int zend_isset_isempty_dim_prop_obj_handler(int prop_dim, ZEND_OPCODE_HAN
} else if ((*container)->type == IS_STRING) { /* string offsets */
zval tmp_offset;
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
if (!prop_dim) {
if (Z_TYPE_P(offset) != IS_LONG) {
tmp_offset = *offset;
zval_copy_ctor(&tmp_offset);
convert_to_long(&tmp_offset);
offset = &tmp_offset;
}
switch (opline->extended_value) {
case ZEND_ISSET:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
}
}
}
}