--- /dev/null
+--TEST--
+Bug #52041 (Memory leak when writing on uninitialized variable returned from function)
+--FILE--
+<?php
+function foo() {
+ return $x;
+}
+
+foo()->a = 1;
+foo()->a->b = 2;
+foo()->a++;
+foo()->a->b++;
+foo()->a += 2;
+foo()->a->b += 2;
+
+//foo()[0] = 1;
+//foo()[0][0] = 2;
+//foo()[0]++;
+//foo()[0][0]++;
+//foo()[0] += 2;
+//foo()[0][0] += 2;
+var_dump(foo());
+?>
+--EXPECTF--
+Notice: Undefined variable: x in %sbug52041.php on line 3
+
+Strict Standards: Creating default object from empty value in %sbug52041.php on line 6
+
+Notice: Undefined variable: x in %sbug52041.php on line 3
+
+Strict Standards: Creating default object from empty value in %sbug52041.php on line 7
+
+Notice: Undefined variable: x in %sbug52041.php on line 3
+
+Strict Standards: Creating default object from empty value in %sbug52041.php on line 8
+
+Notice: Undefined variable: x in %sbug52041.php on line 3
+
+Strict Standards: Creating default object from empty value in %sbug52041.php on line 9
+
+Notice: Undefined variable: x in %sbug52041.php on line 3
+
+Strict Standards: Creating default object from empty value in %sbug52041.php on line 10
+
+Notice: Undefined variable: x in %sbug52041.php on line 3
+
+Strict Standards: Creating default object from empty value in %sbug52041.php on line 11
+
+Notice: Undefined variable: x in %sbug52041.php on line 3
+NULL
INIT_PZVAL_COPY(ret, retval_ptr);
zval_copy_ctor(ret);
*EG(return_value_ptr_ptr) = ret;
+ } else if ((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) &&
+ retval_ptr == &EG(uninitialized_zval)) {
+ zval *ret;
+
+ ALLOC_INIT_ZVAL(ret);
+ *EG(return_value_ptr_ptr) = ret;
} else {
*EG(return_value_ptr_ptr) = retval_ptr;
Z_ADDREF_P(retval_ptr);
INIT_PZVAL_COPY(ret, retval_ptr);
zval_copy_ctor(ret);
*EG(return_value_ptr_ptr) = ret;
+ } else if ((IS_CONST == IS_CV || IS_CONST == IS_VAR) &&
+ retval_ptr == &EG(uninitialized_zval)) {
+ zval *ret;
+
+ ALLOC_INIT_ZVAL(ret);
+ *EG(return_value_ptr_ptr) = ret;
} else {
*EG(return_value_ptr_ptr) = retval_ptr;
Z_ADDREF_P(retval_ptr);
INIT_PZVAL_COPY(ret, retval_ptr);
zval_copy_ctor(ret);
*EG(return_value_ptr_ptr) = ret;
+ } else if ((IS_TMP_VAR == IS_CV || IS_TMP_VAR == IS_VAR) &&
+ retval_ptr == &EG(uninitialized_zval)) {
+ zval *ret;
+
+ ALLOC_INIT_ZVAL(ret);
+ *EG(return_value_ptr_ptr) = ret;
} else {
*EG(return_value_ptr_ptr) = retval_ptr;
Z_ADDREF_P(retval_ptr);
INIT_PZVAL_COPY(ret, retval_ptr);
zval_copy_ctor(ret);
*EG(return_value_ptr_ptr) = ret;
+ } else if ((IS_VAR == IS_CV || IS_VAR == IS_VAR) &&
+ retval_ptr == &EG(uninitialized_zval)) {
+ zval *ret;
+
+ ALLOC_INIT_ZVAL(ret);
+ *EG(return_value_ptr_ptr) = ret;
} else {
*EG(return_value_ptr_ptr) = retval_ptr;
Z_ADDREF_P(retval_ptr);
INIT_PZVAL_COPY(ret, retval_ptr);
zval_copy_ctor(ret);
*EG(return_value_ptr_ptr) = ret;
+ } else if ((IS_CV == IS_CV || IS_CV == IS_VAR) &&
+ retval_ptr == &EG(uninitialized_zval)) {
+ zval *ret;
+
+ ALLOC_INIT_ZVAL(ret);
+ *EG(return_value_ptr_ptr) = ret;
} else {
*EG(return_value_ptr_ptr) = retval_ptr;
Z_ADDREF_P(retval_ptr);
}
model_to_zval_object(ret, sdlType->model, data, sdl TSRMLS_CC);
if (redo_any) {
- if (get_zval_property(ret, "any" TSRMLS_CC) == NULL) {
+ zval *tmp = get_zval_property(ret, "any" TSRMLS_CC);
+
+ if (tmp == NULL) {
model_to_zval_any(ret, data->children TSRMLS_CC);
+ } else if (Z_REFCOUNT_P(tmp) == 0) {
+ zval_dtor(tmp);
+ efree(tmp);
}
zval_ptr_dtor(&redo_any);
}
projects / php / commitdiff