Fix leak if get_constructor returns NULL

author Nikita Popov <nikic@php.net>

Wed, 13 Jul 2016 21:39:16 +0000 (23:39 +0200)

committer Nikita Popov <nikic@php.net>

Thu, 14 Jul 2016 16:42:46 +0000 (18:42 +0200)
author Nikita Popov <nikic@php.net>
Wed, 13 Jul 2016 21:39:16 +0000 (23:39 +0200)
committer Nikita Popov <nikic@php.net>
Thu, 14 Jul 2016 16:42:46 +0000 (18:42 +0200)
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h

index 868e0351050eca71cc8cbc872afb75c0ca71e844..0be1b5726c10507312a802c289b7cb290a68219d 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -4922,6 +4922,11 @@ ZEND_VM_HANDLER(68, ZEND_NEW, UNUSED|CLASS_FETCH|CONST|VAR, ANY, NUM)
  
         constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result));
         if (constructor == NULL) {
+               if (UNEXPECTED(EG(exception))) {
+                       zval_ptr_dtor(result);
+                       HANDLE_EXCEPTION();
+               }
+
                 /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next
                  * opcode is DO_FCALL in case EXT instructions are used. */
                 if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) {
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h

index a9e59ebd7dd3a4c048d66af31d7a14a9914dff36..5943e4b5c75630af9f94310aac5d0aa2122a0e37 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -3176,6 +3176,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_CONST_HANDLER(ZEND_OP
  
         constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result));
         if (constructor == NULL) {
+               if (UNEXPECTED(EG(exception))) {
+                       zval_ptr_dtor(result);
+                       HANDLE_EXCEPTION();
+               }
+
                 /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next
                  * opcode is DO_FCALL in case EXT instructions are used. */
                 if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) {
@@ -15955,6 +15960,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_VAR_HANDLER(ZEND_OPCO
  
         constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result));
         if (constructor == NULL) {
+               if (UNEXPECTED(EG(exception))) {
+                       zval_ptr_dtor(result);
+                       HANDLE_EXCEPTION();
+               }
+
                 /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next
                  * opcode is DO_FCALL in case EXT instructions are used. */
                 if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) {
@@ -27567,6 +27577,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_UNUSED_HANDLER(ZEND_O
  
         constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result));
         if (constructor == NULL) {
+               if (UNEXPECTED(EG(exception))) {
+                       zval_ptr_dtor(result);
+                       HANDLE_EXCEPTION();
+               }
+
                 /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next
                  * opcode is DO_FCALL in case EXT instructions are used. */
                 if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) {
author	Nikita Popov <nikic@php.net>
	Wed, 13 Jul 2016 21:39:16 +0000 (23:39 +0200)
committer	Nikita Popov <nikic@php.net>
	Thu, 14 Jul 2016 16:42:46 +0000 (18:42 +0200)
Zend/zend_vm_def.h		patch \| blob \| history
Zend/zend_vm_execute.h		patch \| blob \| history