mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 02:15:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.0'

Browse Source
This commit is contained in:
Nikita Popov 2016-05-03 18:15:29 +02:00
commit d06431bf1b
3 changed files with 110 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Zend/tests/qm_assign_ref_unwrap_leak.phpt Normal file
View File

@ -0,0 +1,20 @@
--TEST--
Leak in QM_ASSIGN when unwrapping references (rc=1)
--FILE--
<?php
function &ref() {
$str = "str";
$str .= "str";
return $str;
}
var_dump(true ? ref() : ref());
var_dump(ref() ?: ref());
var_dump(ref() ?? ref());
?>
--EXPECT--
string(6) "strstr"
string(6) "strstr"
string(6) "strstr"

28
Zend/zend_vm_def.h
View File

@ -6696,9 +6696,10 @@ ZEND_VM_HANDLER(152, ZEND_JMP_SET, CONST|TMP|VAR|CV, JMP_ADDR)
} else if (OP1_TYPE == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -6736,9 +6737,10 @@ ZEND_VM_HANDLER(169, ZEND_COALESCE, CONST|TMP|VAR|CV, JMP_ADDR)
} else if (OP1_TYPE == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -6753,30 +6755,36 @@ ZEND_VM_HANDLER(22, ZEND_QM_ASSIGN, CONST|TMP|VAR|CV, ANY)
USE_OPLINE
zend_free_op free_op1;
zval *value;
zval *result = EX_VAR(opline->result.var);
value = GET_OP1_ZVAL_PTR_UNDEF(BP_VAR_R);
if (OP1_TYPE == IS_CV && UNEXPECTED(Z_TYPE_P(value) == IS_UNDEF)) {
SAVE_OPLINE();
GET_OP1_UNDEF_CV(value, BP_VAR_R);
ZVAL_NULL(EX_VAR(opline->result.var));
ZVAL_NULL(result);
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
}
if ((OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV) && Z_ISREF_P(value)) {
ZVAL_COPY(EX_VAR(opline->result.var), Z_REFVAL_P(value));
if (OP1_TYPE == IS_VAR) {
if (OP1_TYPE == IS_CV) {
ZVAL_DEREF(value);
ZVAL_COPY(result, value);
} else if (OP1_TYPE == IS_VAR) {
if (UNEXPECTED(Z_ISREF_P(value))) {
ZVAL_COPY_VALUE(result, Z_REFVAL_P(value));
if (UNEXPECTED(Z_DELREF_P(value) == 0)) {
efree_size(Z_REF_P(value), sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(result)) {
Z_ADDREF_P(result);
}
} else {
ZVAL_COPY_VALUE(result, value);
}
} else {
ZVAL_COPY_VALUE(EX_VAR(opline->result.var), value);
ZVAL_COPY_VALUE(result, value);
if (OP1_TYPE == IS_CONST) {
if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) {
zval_copy_ctor_func(EX_VAR(opline->result.var));
zval_copy_ctor_func(result);
}
} else if (OP1_TYPE == IS_CV) {
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
}
}
ZEND_VM_NEXT_OPCODE();

112
Zend/zend_vm_execute.h
View File

@ -3728,9 +3728,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_SET_SPEC_CONST_HANDLER(ZEN
} else if (IS_CONST == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -3767,9 +3768,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_COALESCE_SPEC_CONST_HANDLER(ZE
} else if (IS_CONST == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -3783,30 +3785,36 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_QM_ASSIGN_SPEC_CONST_HANDLER(Z
USE_OPLINE
zval *value;
zval *result = EX_VAR(opline->result.var);
value = EX_CONSTANT(opline->op1);
if (IS_CONST == IS_CV && UNEXPECTED(Z_TYPE_P(value) == IS_UNDEF)) {
SAVE_OPLINE();
GET_OP1_UNDEF_CV(value, BP_VAR_R);
ZVAL_NULL(EX_VAR(opline->result.var));
ZVAL_NULL(result);
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
}
if ((IS_CONST == IS_VAR || IS_CONST == IS_CV) && Z_ISREF_P(value)) {
ZVAL_COPY(EX_VAR(opline->result.var), Z_REFVAL_P(value));
if (IS_CONST == IS_VAR) {
if (IS_CONST == IS_CV) {
ZVAL_DEREF(value);
ZVAL_COPY(result, value);
} else if (IS_CONST == IS_VAR) {
if (UNEXPECTED(Z_ISREF_P(value))) {
ZVAL_COPY_VALUE(result, Z_REFVAL_P(value));
if (UNEXPECTED(Z_DELREF_P(value) == 0)) {
efree_size(Z_REF_P(value), sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(result)) {
Z_ADDREF_P(result);
}
} else {
ZVAL_COPY_VALUE(result, value);
}
} else {
ZVAL_COPY_VALUE(EX_VAR(opline->result.var), value);
ZVAL_COPY_VALUE(result, value);
if (IS_CONST == IS_CONST) {
if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) {
zval_copy_ctor_func(EX_VAR(opline->result.var));
zval_copy_ctor_func(result);
}
} else if (IS_CONST == IS_CV) {
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
}
}
ZEND_VM_NEXT_OPCODE();
@ -12580,9 +12588,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_SET_SPEC_TMP_HANDLER(ZEND_
} else if (IS_TMP_VAR == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -12620,9 +12629,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_COALESCE_SPEC_TMP_HANDLER(ZEND
} else if (IS_TMP_VAR == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -12637,30 +12647,36 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_QM_ASSIGN_SPEC_TMP_HANDLER(ZEN
USE_OPLINE
zend_free_op free_op1;
zval *value;
zval *result = EX_VAR(opline->result.var);
value = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1);
if (IS_TMP_VAR == IS_CV && UNEXPECTED(Z_TYPE_P(value) == IS_UNDEF)) {
SAVE_OPLINE();
GET_OP1_UNDEF_CV(value, BP_VAR_R);
ZVAL_NULL(EX_VAR(opline->result.var));
ZVAL_NULL(result);
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
}
if ((IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) && Z_ISREF_P(value)) {
ZVAL_COPY(EX_VAR(opline->result.var), Z_REFVAL_P(value));
if (IS_TMP_VAR == IS_VAR) {
if (IS_TMP_VAR == IS_CV) {
ZVAL_DEREF(value);
ZVAL_COPY(result, value);
} else if (IS_TMP_VAR == IS_VAR) {
if (UNEXPECTED(Z_ISREF_P(value))) {
ZVAL_COPY_VALUE(result, Z_REFVAL_P(value));
if (UNEXPECTED(Z_DELREF_P(value) == 0)) {
efree_size(Z_REF_P(value), sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(result)) {
Z_ADDREF_P(result);
}
} else {
ZVAL_COPY_VALUE(result, value);
}
} else {
ZVAL_COPY_VALUE(EX_VAR(opline->result.var), value);
ZVAL_COPY_VALUE(result, value);
if (IS_TMP_VAR == IS_CONST) {
if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) {
zval_copy_ctor_func(EX_VAR(opline->result.var));
zval_copy_ctor_func(result);
}
} else if (IS_TMP_VAR == IS_CV) {
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
}
}
ZEND_VM_NEXT_OPCODE();
@ -16446,9 +16462,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_SET_SPEC_VAR_HANDLER(ZEND_
} else if (IS_VAR == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -16486,9 +16503,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_COALESCE_SPEC_VAR_HANDLER(ZEND
} else if (IS_VAR == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -16503,30 +16521,36 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_QM_ASSIGN_SPEC_VAR_HANDLER(ZEN
USE_OPLINE
zend_free_op free_op1;
zval *value;
zval *result = EX_VAR(opline->result.var);
value = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1);
if (IS_VAR == IS_CV && UNEXPECTED(Z_TYPE_P(value) == IS_UNDEF)) {
SAVE_OPLINE();
GET_OP1_UNDEF_CV(value, BP_VAR_R);
ZVAL_NULL(EX_VAR(opline->result.var));
ZVAL_NULL(result);
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
}
if ((IS_VAR == IS_VAR || IS_VAR == IS_CV) && Z_ISREF_P(value)) {
ZVAL_COPY(EX_VAR(opline->result.var), Z_REFVAL_P(value));
if (IS_VAR == IS_VAR) {
if (IS_VAR == IS_CV) {
ZVAL_DEREF(value);
ZVAL_COPY(result, value);
} else if (IS_VAR == IS_VAR) {
if (UNEXPECTED(Z_ISREF_P(value))) {
ZVAL_COPY_VALUE(result, Z_REFVAL_P(value));
if (UNEXPECTED(Z_DELREF_P(value) == 0)) {
efree_size(Z_REF_P(value), sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(result)) {
Z_ADDREF_P(result);
}
} else {
ZVAL_COPY_VALUE(result, value);
}
} else {
ZVAL_COPY_VALUE(EX_VAR(opline->result.var), value);
ZVAL_COPY_VALUE(result, value);
if (IS_VAR == IS_CONST) {
if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) {
zval_copy_ctor_func(EX_VAR(opline->result.var));
zval_copy_ctor_func(result);
}
} else if (IS_VAR == IS_CV) {
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
}
}
ZEND_VM_NEXT_OPCODE();
@ -35797,9 +35821,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_SET_SPEC_CV_HANDLER(ZEND_O
} else if (IS_CV == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -35836,9 +35861,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_COALESCE_SPEC_CV_HANDLER(ZEND_
} else if (IS_CV == IS_VAR && ref) {
zend_reference *r = Z_REF_P(ref);
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
if (UNEXPECTED(--GC_REFCOUNT(r) == 0)) {
efree_size(r, sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(value)) {
Z_ADDREF_P(value);
}
}
ZEND_VM_JMP(OP_JMP_ADDR(opline, opline->op2));
@ -35852,30 +35878,36 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_QM_ASSIGN_SPEC_CV_HANDLER(ZEND
USE_OPLINE
zval *value;
zval *result = EX_VAR(opline->result.var);
value = _get_zval_ptr_cv_undef(execute_data, opline->op1.var);
if (IS_CV == IS_CV && UNEXPECTED(Z_TYPE_P(value) == IS_UNDEF)) {
SAVE_OPLINE();
GET_OP1_UNDEF_CV(value, BP_VAR_R);
ZVAL_NULL(EX_VAR(opline->result.var));
ZVAL_NULL(result);
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
}
if ((IS_CV == IS_VAR || IS_CV == IS_CV) && Z_ISREF_P(value)) {
ZVAL_COPY(EX_VAR(opline->result.var), Z_REFVAL_P(value));
if (IS_CV == IS_VAR) {
if (IS_CV == IS_CV) {
ZVAL_DEREF(value);
ZVAL_COPY(result, value);
} else if (IS_CV == IS_VAR) {
if (UNEXPECTED(Z_ISREF_P(value))) {
ZVAL_COPY_VALUE(result, Z_REFVAL_P(value));
if (UNEXPECTED(Z_DELREF_P(value) == 0)) {
efree_size(Z_REF_P(value), sizeof(zend_reference));
} else if (Z_OPT_REFCOUNTED_P(result)) {
Z_ADDREF_P(result);
}
} else {
ZVAL_COPY_VALUE(result, value);
}
} else {
ZVAL_COPY_VALUE(EX_VAR(opline->result.var), value);
ZVAL_COPY_VALUE(result, value);
if (IS_CV == IS_CONST) {
if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) {
zval_copy_ctor_func(EX_VAR(opline->result.var));
zval_copy_ctor_func(result);
}
} else if (IS_CV == IS_CV) {
if (Z_OPT_REFCOUNTED_P(value)) Z_ADDREF_P(value);
}
}
ZEND_VM_NEXT_OPCODE();