Fix the bug in ZEND_ASSIGN_DIM (as nikic suggest)

author Xinchen Hui <laruence@gmail.com>

Fri, 9 Dec 2016 14:30:24 +0000 (22:30 +0800)

committer Xinchen Hui <laruence@gmail.com>

Fri, 9 Dec 2016 14:30:24 +0000 (22:30 +0800)
author Xinchen Hui <laruence@gmail.com>
Fri, 9 Dec 2016 14:30:24 +0000 (22:30 +0800)
committer Xinchen Hui <laruence@gmail.com>
Fri, 9 Dec 2016 14:30:24 +0000 (22:30 +0800)
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h

index 77f1e454dbc54f63bb006edc7cb604387569300e..756ed9443afd4197c582208dd57a43a8143d51fb 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2419,7 +2419,7 @@ ZEND_VM_C_LABEL(try_assign_dim_array):
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
-                       value = GET_OP_DATA_ZVAL_PTR(BP_VAR_R);
+                       value = GET_OP_DATA_ZVAL_PTR_DEREF(BP_VAR_R);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h

index 10570895c0bd8d0604979f5d23e8ba7cf712da3a..ea203c1ad04fa6a16a84653f21c7cdc080a85ad4 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -19582,7 +19582,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = EX_CONSTANT(opline->op2);
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -19674,7 +19674,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = EX_CONSTANT(opline->op2);
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -21531,7 +21531,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = NULL;
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -21623,7 +21623,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = NULL;
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -24371,7 +24371,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var);
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -24463,7 +24463,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var);
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -27321,7 +27321,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2);
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -27413,7 +27413,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2);
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -39313,7 +39313,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = EX_CONSTANT(opline->op2);
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -39405,7 +39405,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = EX_CONSTANT(opline->op2);
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -42457,7 +42457,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = NULL;
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -42549,7 +42549,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = NULL;
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -46237,7 +46237,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var);
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -46329,7 +46329,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var);
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -50314,7 +50314,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2);
-                       value = _get_zval_ptr_var((opline+1)->op1.var, execute_data, &free_op_data);
+                       value = _get_zval_ptr_var_deref((opline+1)->op1.var, execute_data, &free_op_data);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
@@ -50406,7 +50406,7 @@ try_assign_dim_array:
                 }
                 if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) {
                         dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2);
-                       value = _get_zval_ptr_cv_BP_VAR_R(execute_data, (opline+1)->op1.var);
+                       value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, (opline+1)->op1.var);
  
                         zend_assign_to_object_dim(object_ptr, dim, value);
  
diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c

index d3fbb95991262ea9b8bd38423c44bbf50fc24e3b..bddf64ee57e59148ded8e559fcc32070e142deb1 100644 (file)
--- a/ext/spl/spl_array.c
+++ b/ext/spl/spl_array.c
@@ -473,11 +473,6 @@ static void spl_array_write_dimension_ex(int check_inherited, zval *object, zval
                 return;
         }
  
-       if (UNEXPECTED(Z_ISREF_P(value) &&
-               Z_REFCOUNTED_P(value) == 1)) {
-               ZVAL_UNREF(value);
-       }
-
         if (Z_REFCOUNTED_P(value)) {
                 Z_ADDREF_P(value);
         }
author	Xinchen Hui <laruence@gmail.com>
	Fri, 9 Dec 2016 14:30:24 +0000 (22:30 +0800)
committer	Xinchen Hui <laruence@gmail.com>
	Fri, 9 Dec 2016 14:30:24 +0000 (22:30 +0800)
Zend/zend_vm_def.h		patch \| blob \| history
Zend/zend_vm_execute.h		patch \| blob \| history
ext/spl/spl_array.c		patch \| blob \| history