Fixed incorrrecr zval_dtor() usage to replace value of argument passed by reference...

diff --git a/Zend/tests/gc_039.phpt b/Zend/tests/gc_039.phpt
new file mode 100644 (file)
index 0000000..0837e7e
--- /dev/null
+++ b/Zend/tests/gc_039.phpt
@@ -0,0 +1,15 @@
+--TEST--
+GC 039: Garbage created by replacing argument send by reference
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--INI--
+zend.enable_gc = 1
+--FILE--
+<?php
+$out = new stdClass;
+$out->x = $out;
+mb_parse_str("a=b", $out);
+var_dump(gc_collect_cycles());
+?>
+--EXPECT--
+int(1)

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 39100576153fa91bce1b001cf277c01038fe9e8e..45ded61a36b023f87a577846b8bd491386a22ccb 100644 (file)
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -4647,13 +4647,13 @@ PHP_FUNCTION(exif_thumbnail)
                if (!ImageInfo.Thumbnail.width || !ImageInfo.Thumbnail.height) {
                        exif_scan_thumbnail(&ImageInfo);
                }
-               zval_dtor(z_width);
-               zval_dtor(z_height);
+               zval_ptr_dtor(z_width);
+               zval_ptr_dtor(z_height);
                ZVAL_LONG(z_width,  ImageInfo.Thumbnail.width);
                ZVAL_LONG(z_height, ImageInfo.Thumbnail.height);
        }
        if (arg_c >= 4) {
-               zval_dtor(z_imagetype);
+               zval_ptr_dtor(z_imagetype);
                ZVAL_LONG(z_imagetype, ImageInfo.Thumbnail.filetype);
        }
 

diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c
index 21fe161631f4d786d41525ae501cef5345d8daf5..1ffca0bdac7b8803acf00a08a6d1851cff59411c 100644 (file)
--- a/ext/ftp/php_ftp.c
+++ b/ext/ftp/php_ftp.c
@@ -689,7 +689,7 @@ PHP_FUNCTION(ftp_alloc)
 
        ret = ftp_alloc(ftp, size, zresponse ? &response : NULL);
        if (response) {
-               zval_dtor(zresponse);
+               zval_ptr_dtor(zresponse);
                ZVAL_STR(zresponse, response);
        }
 

diff --git a/ext/intl/formatter/formatter_parse.c b/ext/intl/formatter/formatter_parse.c
index 73909f5b9ae215d52e76b1e874c762d0d203162f..347f929cbd5b3178ca308210b6681c4704dbf2d7 100644 (file)
--- a/ext/intl/formatter/formatter_parse.c
+++ b/ext/intl/formatter/formatter_parse.c
@@ -106,7 +106,7 @@ PHP_FUNCTION( numfmt_parse )
        efree(oldlocale);
 #endif
        if(zposition) {
-               zval_dtor(zposition);
+               zval_ptr_dtor(zposition);
                ZVAL_LONG(zposition, position);
        }
 
@@ -162,7 +162,7 @@ PHP_FUNCTION( numfmt_parse_currency )
 
        number = unum_parseDoubleCurrency(FORMATTER_OBJECT(nfo), sstr, sstr_len, position_p, currency, &INTL_DATA_ERROR_CODE(nfo));
        if(zposition) {
-               zval_dtor(zposition);
+               zval_ptr_dtor(zposition);
                ZVAL_LONG(zposition, position);
        }
        if (sstr) {
@@ -173,7 +173,7 @@ PHP_FUNCTION( numfmt_parse_currency )
        /* Convert parsed currency to UTF-8 and pass it back to caller. */
        u8str = intl_convert_utf16_to_utf8(currency, u_strlen(currency), &INTL_DATA_ERROR_CODE(nfo));
        INTL_METHOD_CHECK_STATUS( nfo, "Currency conversion to UTF-8 failed" );
-       zval_dtor( zcurrency );
+       zval_ptr_dtor( zcurrency );
        ZVAL_NEW_STR(zcurrency, u8str);
 
        RETVAL_DOUBLE( number );

diff --git a/ext/intl/idn/idn.c b/ext/intl/idn/idn.c
index 02e341fa3879ce6ac5a2be530300b755ed591cdf..96101e5a98b654bc6cb88ffac047ca1754158893 100644 (file)
--- a/ext/intl/idn/idn.c
+++ b/ext/intl/idn/idn.c
@@ -319,7 +319,7 @@ static void php_intl_idn_handoff(INTERNAL_FUNCTION_PARAMETERS, int mode)
                                "4 arguments were provided, but INTL_IDNA_VARIANT_2003 only "
                                "takes 3 - extra argument ignored");
                } else {
-                       zval_dtor(idna_info);
+                       zval_ptr_dtor(idna_info);
                        array_init(idna_info);
                }
        }

diff --git a/ext/intl/timezone/timezone_methods.cpp b/ext/intl/timezone/timezone_methods.cpp
index 5cf5afc934bce88233820ad17626fb01295b48a2..9dd2f6093921b7491e4ca308f0714576cd2cec0a 100644 (file)
--- a/ext/intl/timezone/timezone_methods.cpp
+++ b/ext/intl/timezone/timezone_methods.cpp
@@ -314,7 +314,7 @@ U_CFUNC PHP_FUNCTION(intltz_get_canonical_id)
 
        if (is_systemid) { /* by-ref argument passed */
                ZVAL_DEREF(is_systemid);
-               zval_dtor(is_systemid);
+               zval_ptr_dtor(is_systemid);
                ZVAL_BOOL(is_systemid, isSystemID);
        }
 }
@@ -465,11 +465,9 @@ U_CFUNC PHP_FUNCTION(intltz_get_offset)
 
        INTL_METHOD_CHECK_STATUS(to, "intltz_get_offset: error obtaining offset");
 
-       ZVAL_DEREF(rawOffsetArg);
-       zval_dtor(rawOffsetArg);
+       zval_ptr_dtor(rawOffsetArg);
        ZVAL_LONG(rawOffsetArg, rawOffset);
-       ZVAL_DEREF(dstOffsetArg);
-       zval_dtor(dstOffsetArg);
+       zval_ptr_dtor(dstOffsetArg);
        ZVAL_LONG(dstOffsetArg, dstOffset);
 
        RETURN_TRUE;

diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index f81f2b65e4a6895b6e9d920afe7ee6b9ae0acc58..244b039385adc9d7863d04fbeefceeacd584d64f 100644 (file)
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -3066,7 +3066,7 @@ PHP_FUNCTION(ldap_get_option)
                        if (!timeout) {
                                RETURN_FALSE;
                        }
-                       zval_dtor(retval);
+                       zval_ptr_dtor(retval);
                        ZVAL_LONG(retval, timeout->tv_sec);
                        ldap_memfree(timeout);
                } break;
@@ -3435,7 +3435,7 @@ PHP_FUNCTION(ldap_parse_exop)
        /* Reverse -> fall through */
        switch (myargcount) {
                case 4:
-                       zval_dtor(retoid);
+                       zval_ptr_dtor(retoid);
                        if (lretoid == NULL) {
                                ZVAL_EMPTY_STRING(retoid);
                        } else {
@@ -3444,7 +3444,7 @@ PHP_FUNCTION(ldap_parse_exop)
                        }
                case 3:
                        /* use arg #3 as the data returned by the server */
-                       zval_dtor(retdata);
+                       zval_ptr_dtor(retdata);
                        if (lretdata == NULL) {
                                ZVAL_EMPTY_STRING(retdata);
                        } else {
@@ -4084,7 +4084,7 @@ PHP_FUNCTION(ldap_control_paged_result_response)
 
        ldap_controls_free(lserverctrls);
        if (myargcount == 4) {
-               zval_dtor(estimated);
+               zval_ptr_dtor(estimated);
                ZVAL_LONG(estimated, lestimated);
        }
 
@@ -4155,7 +4155,7 @@ PHP_FUNCTION(ldap_exop)
                }
 
                if (retoid) {
-                       zval_dtor(retoid);
+                       zval_ptr_dtor(retoid);
                        if (lretoid) {
                                ZVAL_STRING(retoid, lretoid);
                                ldap_memfree(lretoid);
@@ -4164,7 +4164,7 @@ PHP_FUNCTION(ldap_exop)
                        }
                }
 
-               zval_dtor(retdata);
+               zval_ptr_dtor(retdata);
                if (lretdata) {
                        ZVAL_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
                        ldap_memfree(lretdata->bv_val);

diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index 2c2a4824cc36d3cdecc3ca01df5d351df6bbd1eb..8a6de170dc48ab163f037c8b61bdc8ff93922096 100644 (file)
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -2139,7 +2139,7 @@ PHP_FUNCTION(mb_parse_str)
 
        if (track_vars_array != NULL) {
                /* Clear out the array */
-               zval_dtor(track_vars_array);
+               zval_ptr_dtor(track_vars_array);
                array_init(track_vars_array);
        }
 

diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index 608cdc9d8f8e0971f2998be5f15e550890fc489c..b95f315c881e065decd4493a3bae69e3dea998e1 100644 (file)
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -701,7 +701,7 @@ static void _php_mb_regex_ereg_exec(INTERNAL_FUNCTION_PARAMETERS, int icase)
        }
 
        if (array != NULL) {
-               zval_dtor(array);
+               zval_ptr_dtor(array);
                array_init(array);
        }
 

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index ca7e512efd649f381077cf1ca95d229831467775..391b101f128a8a7e91edcd82fc167afa0abe231d 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2118,7 +2118,7 @@ PHP_FUNCTION(openssl_x509_export)
        if (PEM_write_bio_X509(bio_out, cert)) {
                BUF_MEM *bio_buf;
 
-               zval_dtor(zout);
+               zval_ptr_dtor(zout);
                BIO_get_mem_ptr(bio_out, &bio_buf);
                ZVAL_STRINGL(zout, bio_buf->data, bio_buf->length);
 
@@ -2920,7 +2920,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
                if (i2d_PKCS12_bio(bio_out, p12)) {
                        BUF_MEM *bio_buf;
 
-                       zval_dtor(zout);
+                       zval_ptr_dtor(zout);
                        BIO_get_mem_ptr(bio_out, &bio_buf);
                        ZVAL_STRINGL(zout, bio_buf->data, bio_buf->length);
 
@@ -2979,7 +2979,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
                BIO * bio_out;
                int cert_num;
 
-               zval_dtor(zout);
+               zval_ptr_dtor(zout);
                array_init(zout);
 
                if (cert) {
@@ -3358,7 +3358,7 @@ PHP_FUNCTION(openssl_csr_export)
                BUF_MEM *bio_buf;
 
                BIO_get_mem_ptr(bio_out, &bio_buf);
-               zval_dtor(zout);
+               zval_ptr_dtor(zout);
                ZVAL_STRINGL(zout, bio_buf->data, bio_buf->length);
 
                RETVAL_TRUE;
@@ -3576,7 +3576,7 @@ PHP_FUNCTION(openssl_csr_new)
 
                                                if (we_made_the_key) {
                                                        /* and a resource for the private key */
-                                                       zval_dtor(out_pkey);
+                                                       zval_ptr_dtor(out_pkey);
                                                        ZVAL_RES(out_pkey, zend_register_resource(req.priv_key, le_key));
                                                        req.priv_key = NULL; /* make sure the cleanup code doesn't zap it! */
                                                } else if (key_resource != NULL) {
@@ -4640,7 +4640,7 @@ PHP_FUNCTION(openssl_pkey_export)
                        RETVAL_TRUE;
 
                        bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
-                       zval_dtor(out);
+                       zval_ptr_dtor(out);
                        ZVAL_STRINGL(out, bio_mem_ptr, bio_mem_len);
                } else {
                        php_openssl_store_errors();
@@ -5386,7 +5386,7 @@ PHP_FUNCTION(openssl_pkcs7_read)
                        break;
        }
 
-       zval_dtor(zout);
+       zval_ptr_dtor(zout);
        array_init(zout);
 
        if (certs != NULL) {
@@ -5672,7 +5672,7 @@ PHP_FUNCTION(openssl_private_encrypt)
        }
 
        if (successful) {
-               zval_dtor(crypted);
+               zval_ptr_dtor(crypted);
                ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
                ZVAL_NEW_STR(crypted, cryptedbuf);
                cryptedbuf = NULL;
@@ -5741,7 +5741,7 @@ PHP_FUNCTION(openssl_private_decrypt)
        efree(crypttemp);
 
        if (successful) {
-               zval_dtor(crypted);
+               zval_ptr_dtor(crypted);
                ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
                ZVAL_NEW_STR(crypted, cryptedbuf);
                cryptedbuf = NULL;
@@ -5803,7 +5803,7 @@ PHP_FUNCTION(openssl_public_encrypt)
        }
 
        if (successful) {
-               zval_dtor(crypted);
+               zval_ptr_dtor(crypted);
                ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
                ZVAL_NEW_STR(crypted, cryptedbuf);
                cryptedbuf = NULL;
@@ -5874,7 +5874,7 @@ PHP_FUNCTION(openssl_public_decrypt)
        efree(crypttemp);
 
        if (successful) {
-               zval_dtor(crypted);
+               zval_ptr_dtor(crypted);
                ZSTR_VAL(cryptedbuf)[cryptedlen] = '\0';
                ZVAL_NEW_STR(crypted, cryptedbuf);
                cryptedbuf = NULL;
@@ -5970,7 +5970,7 @@ PHP_FUNCTION(openssl_sign)
                        EVP_SignInit(md_ctx, mdtype) &&
                        EVP_SignUpdate(md_ctx, data, data_len) &&
                        EVP_SignFinal(md_ctx, (unsigned char*)ZSTR_VAL(sigbuf), &siglen, pkey)) {
-               zval_dtor(signature);
+               zval_ptr_dtor(signature);
                ZSTR_VAL(sigbuf)[siglen] = '\0';
                ZSTR_LEN(sigbuf) = siglen;
                ZVAL_NEW_STR(signature, sigbuf);
@@ -6139,11 +6139,11 @@ PHP_FUNCTION(openssl_seal)
        }
 
        if (len1 + len2 > 0) {
-               zval_dtor(sealdata);
+               zval_ptr_dtor(sealdata);
                ZVAL_NEW_STR(sealdata, zend_string_init((char*)buf, len1 + len2, 0));
                efree(buf);
 
-               zval_dtor(ekeys);
+               zval_ptr_dtor(ekeys);
                array_init(ekeys);
                for (i=0; i<nkeys; i++) {
                        eks[i][eksl[i]] = '\0';
@@ -6153,7 +6153,7 @@ PHP_FUNCTION(openssl_seal)
                }
 
                if (iv) {
-                       zval_dtor(iv);
+                       zval_ptr_dtor(iv);
                        iv_buf[iv_len] = '\0';
                        ZVAL_NEW_STR(iv, zend_string_init((char*)iv_buf, iv_len, 0));
                }
@@ -6243,7 +6243,7 @@ PHP_FUNCTION(openssl_open)
        if (ctx != NULL && EVP_OpenInit(ctx, cipher, (unsigned char *)ekey, (int)ekey_len, iv_buf, pkey) &&
                        EVP_OpenUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) &&
                        EVP_OpenFinal(ctx, buf + len1, &len2) && (len1 + len2 > 0)) {
-               zval_dtor(opendata);
+               zval_ptr_dtor(opendata);
                buf[len1 + len2] = '\0';
                ZVAL_NEW_STR(opendata, zend_string_init((char*)buf, len1 + len2, 0));
                RETVAL_TRUE;
@@ -6644,7 +6644,7 @@ PHP_FUNCTION(openssl_encrypt)
                        zend_string *tag_str = zend_string_alloc(tag_len, 0);
 
                        if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode.aead_get_tag_flag, tag_len, ZSTR_VAL(tag_str)) == 1) {
-                               zval_dtor(tag);
+                               zval_ptr_dtor(tag);
                                ZSTR_VAL(tag_str)[tag_len] = '\0';
                                ZSTR_LEN(tag_str) = tag_len;
                                ZVAL_NEW_STR(tag, tag_str);
@@ -6655,7 +6655,7 @@ PHP_FUNCTION(openssl_encrypt)
                                RETVAL_FALSE;
                        }
                } else if (tag) {
-                       zval_dtor(tag);
+                       zval_ptr_dtor(tag);
                        ZVAL_NULL(tag);
                        php_error_docref(NULL, E_WARNING,
                                        "The authenticated tag cannot be provided for cipher that doesn not support AEAD");
@@ -6808,7 +6808,7 @@ PHP_FUNCTION(openssl_random_pseudo_bytes)
        }
 
        if (zstrong_result_returned) {
-               zval_dtor(zstrong_result_returned);
+               zval_ptr_dtor(zstrong_result_returned);
                ZVAL_FALSE(zstrong_result_returned);
        }
 

diff --git a/ext/pcntl/pcntl.c b/ext/pcntl/pcntl.c
index 6c873a2619330dd9d1b36c01a72e4931b2a97191..013d74054b4437dafb66043d33654135a9aaf020 100644 (file)
--- a/ext/pcntl/pcntl.c
+++ b/ext/pcntl/pcntl.c
@@ -674,7 +674,7 @@ PHP_FUNCTION(pcntl_waitpid)
 #ifdef HAVE_WAIT4
        if (z_rusage) {
                if (Z_TYPE_P(z_rusage) != IS_ARRAY) {
-                       zval_dtor(z_rusage);
+                       zval_ptr_dtor(z_rusage);
                        array_init(z_rusage);
                } else {
                        zend_hash_clean(Z_ARRVAL_P(z_rusage));
@@ -699,7 +699,7 @@ PHP_FUNCTION(pcntl_waitpid)
        }
 #endif
 
-       zval_dtor(z_status);
+       zval_ptr_dtor(z_status);
        ZVAL_LONG(z_status, status);
 
        RETURN_LONG((zend_long) child_id);
@@ -726,7 +726,7 @@ PHP_FUNCTION(pcntl_wait)
 #ifdef HAVE_WAIT3
        if (z_rusage) {
                if (Z_TYPE_P(z_rusage) != IS_ARRAY) {
-                       zval_dtor(z_rusage);
+                       zval_ptr_dtor(z_rusage);
                        array_init(z_rusage);
                } else {
                        zend_hash_clean(Z_ARRVAL_P(z_rusage));
@@ -752,7 +752,7 @@ PHP_FUNCTION(pcntl_wait)
        }
 #endif
 
-       zval_dtor(z_status);
+       zval_ptr_dtor(z_status);
        ZVAL_LONG(z_status, status);
 
        RETURN_LONG((zend_long) child_id);
@@ -1134,7 +1134,7 @@ PHP_FUNCTION(pcntl_sigprocmask)
 
        if (user_oldset != NULL) {
                if (Z_TYPE_P(user_oldset) != IS_ARRAY) {
-                       zval_dtor(user_oldset);
+                       zval_ptr_dtor(user_oldset);
                        array_init(user_oldset);
                } else {
                        zend_hash_clean(Z_ARRVAL_P(user_oldset));
@@ -1233,7 +1233,7 @@ static void pcntl_siginfo_to_zval(int signo, siginfo_t *siginfo, zval *user_sigi
 {
        if (signo > 0 && user_siginfo) {
                if (Z_TYPE_P(user_siginfo) != IS_ARRAY) {
-                       zval_dtor(user_siginfo);
+                       zval_ptr_dtor(user_siginfo);
                        array_init(user_siginfo);
                } else {
                        zend_hash_clean(Z_ARRVAL_P(user_siginfo));

diff --git a/ext/standard/dns_win32.c b/ext/standard/dns_win32.c
index 41f8d1e15934d20270b3158577c443043664a234..aa11a01f478c50f36e9b04cc7324e61bb6e655b2 100644 (file)
--- a/ext/standard/dns_win32.c
+++ b/ext/standard/dns_win32.c
@@ -60,11 +60,11 @@ PHP_FUNCTION(dns_get_mx) /* {{{ */
                RETURN_FALSE;
        }
 
-       zval_dtor(mx_list);
+       zval_ptr_dtor(mx_list);
        array_init(mx_list);
 
        if (weight_list) {
-               zval_dtor(weight_list);
+               zval_ptr_dtor(weight_list);
                array_init(weight_list);
        }
 
@@ -358,11 +358,11 @@ PHP_FUNCTION(dns_get_record)
        }
 
        if (authns) {
-               zval_dtor(authns);
+               zval_ptr_dtor(authns);
                array_init(authns);
        }
        if (addtl) {
-               zval_dtor(addtl);
+               zval_ptr_dtor(addtl);
                array_init(addtl);
        }
 

diff --git a/ext/sysvmsg/sysvmsg.c b/ext/sysvmsg/sysvmsg.c
index 1382eaa1197361e706ce1af7317604e47b72f4e2..6384ace349b1c9ba5fe956917d461bfcf7ddce9c 100644 (file)
--- a/ext/sysvmsg/sysvmsg.c
+++ b/ext/sysvmsg/sysvmsg.c
@@ -343,14 +343,13 @@ PHP_FUNCTION(msg_receive)
 
        result = msgrcv(mq->id, messagebuffer, maxsize, desiredmsgtype, realflags);
 
-       zval_dtor(out_msgtype);
-       zval_dtor(out_message);
+       zval_ptr_dtor(out_msgtype);
+       zval_ptr_dtor(out_message);
        ZVAL_LONG(out_msgtype, 0);
        ZVAL_FALSE(out_message);
 
        if (zerrcode) {
-               ZVAL_DEREF(zerrcode);
-               zval_dtor(zerrcode);
+               zval_ptr_dtor(zerrcode);
                ZVAL_LONG(zerrcode, 0);
        }
 

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 24dd0020d61b0184d219b298621868531f3f7d7c..319c1ddc6697bce01a02d19834515d0c3610656a 100644 (file)
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -2260,9 +2260,9 @@ static ZIPARCHIVE_METHOD(getExternalAttributesIndex)
                        (zip_flags_t)flags, &opsys, &attr) < 0) {
                RETURN_FALSE;
        }
-       zval_dtor(z_opsys);
+       zval_ptr_dtor(z_opsys);
        ZVAL_LONG(z_opsys, opsys);
-       zval_dtor(z_attr);
+       zval_ptr_dtor(z_attr);
        ZVAL_LONG(z_attr, attr);
        RETURN_TRUE;
 }