Fixed segfault in file cache serialize if live range is empty after

author Xinchen Hui <laruence@gmail.com>

Mon, 15 Feb 2016 04:07:43 +0000 (12:07 +0800)

committer Xinchen Hui <laruence@gmail.com>

Mon, 15 Feb 2016 04:07:43 +0000 (12:07 +0800)
author Xinchen Hui <laruence@gmail.com>
Mon, 15 Feb 2016 04:07:43 +0000 (12:07 +0800)
committer Xinchen Hui <laruence@gmail.com>
Mon, 15 Feb 2016 04:07:43 +0000 (12:07 +0800)
diff --git a/ext/opcache/Optimizer/zend_optimizer.c b/ext/opcache/Optimizer/zend_optimizer.c

index e2a12de108bea498740a3a7f44005e667420639a..f398a8392729a797831552bb8a86a384445cfa0b 100644 (file)
--- a/ext/opcache/Optimizer/zend_optimizer.c
+++ b/ext/opcache/Optimizer/zend_optimizer.c
@@ -368,16 +368,20 @@ void zend_optimizer_remove_live_range(zend_op_array *op_array, uint32_t var)
                         i++;
                 } while (i < op_array->last_live_range);
                 if (i != j) {
-                       zend_op *opline = op_array->opcodes;
-                       zend_op *end = opline + op_array->last;
-
-                       op_array->last_live_range = j;
-                       while (opline != end) {
-                               if ((opline->opcode == ZEND_FREE || opline->opcode == ZEND_FE_FREE) &&
-                                   opline->extended_value == ZEND_FREE_ON_RETURN) {
-                                       opline->op2.num = map[opline->op2.num];
+                       if ((op_array->last_live_range = j)) {
+                               zend_op *opline = op_array->opcodes;
+                               zend_op *end = opline + op_array->last;
+
+                               while (opline != end) {
+                                       if ((opline->opcode == ZEND_FREE || opline->opcode == ZEND_FE_FREE) &&
+                                                       opline->extended_value == ZEND_FREE_ON_RETURN) {
+                                               opline->op2.num = map[opline->op2.num];
+                                       }
+                                       opline++;
                                 }
-                               opline++;
+                       } else {
+                               efree(op_array->live_range);
+                               op_array->live_range = NULL;
                         }
                 }
                 free_alloca(map, use_heap);
author	Xinchen Hui <laruence@gmail.com>
	Mon, 15 Feb 2016 04:07:43 +0000 (12:07 +0800)
committer	Xinchen Hui <laruence@gmail.com>
	Mon, 15 Feb 2016 04:07:43 +0000 (12:07 +0800)