Fix bug #10287 - avoid crashing under a bogus usage of list()

author Zeev Suraski <zeev@php.net>

Mon, 16 Jul 2001 15:48:31 +0000 (15:48 +0000)

committer Zeev Suraski <zeev@php.net>

Mon, 16 Jul 2001 15:48:31 +0000 (15:48 +0000)
author Zeev Suraski <zeev@php.net>
Mon, 16 Jul 2001 15:48:31 +0000 (15:48 +0000)
committer Zeev Suraski <zeev@php.net>
Mon, 16 Jul 2001 15:48:31 +0000 (15:48 +0000)
diff --git a/Zend/zend_API.h b/Zend/zend_API.h

index 6a44d0817baa9c6d50e4336a875d39016c01d2ae..244669f9c832fca919d060aa5e4589d1657f4a47 100644 (file)
--- a/Zend/zend_API.h
+++ b/Zend/zend_API.h
@@ -243,9 +243,12 @@ ZEND_API int zend_set_hash_symbol(zval *symbol, char *name, int name_length,
  
  #if ZEND_DEBUG
  #define CHECK_ZVAL_STRING(z) \
-if ((z)->value.str.val[ (z)->value.str.len ] != '\0') zend_error(E_WARNING, "String is not zero-terminated (%s)",(z)->value.str.val);
+       if ((z)->value.str.val[ (z)->value.str.len ] != '\0') zend_error(E_WARNING, "String is not zero-terminated (%s)", (z)->value.str.val);
+#define CHECK_ZVAL_STRING_REL(z) \
+       if ((z)->value.str.val[ (z)->value.str.len ] != '\0') zend_error(E_WARNING, "String is not zero-terminated (%s) (source: %s:%d)", (z)->value.str.val ZEND_FILE_LINE_RELAY_CC);
  #else
  #define CHECK_ZVAL_STRING(z)
+#define CHECK_ZVAL_STRING_REL(z)
  #endif
  
  #define ZVAL_RESOURCE(z,l) {                   \
@@ -284,7 +287,6 @@ if ((z)->value.str.val[ (z)->value.str.len ] != '\0') zend_error(E_WARNING, "Str
                 (z)->value.str.len = __l;           \
                 (z)->value.str.val = (duplicate?estrndup(__s,__l):__s); \
                 (z)->type = IS_STRING;              \
-               CHECK_ZVAL_STRING(z);                   \
         }
  
  #define ZVAL_EMPTY_STRING(z) {         \
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c

index 6514355b66ebb4d723edc5cbae71f3e52e44a281..149e02bf4d0f273ddb340719bae0f30a40826086 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -77,6 +77,7 @@ void zend_init_compiler_data_structures(CLS_D)
         CG(active_ce_parent_class_name).value.str.val = NULL;
         zend_llist_init(&CG(list_llist), sizeof(list_llist_element), NULL, 0);
         zend_llist_init(&CG(dimension_llist), sizeof(int), NULL, 0);
+       zend_stack_init(&CG(list_stack));
         CG(handle_op_arrays) = 1;
         CG(in_compilation) = 0;
         init_compiler_declarables(CLS_C);
@@ -101,6 +102,7 @@ void shutdown_compiler(CLS_D)
         zend_stack_destroy(&CG(foreach_copy_stack));
         zend_stack_destroy(&CG(object_stack));
         zend_stack_destroy(&CG(declare_stack));
+       zend_stack_destroy(&CG(list_stack));
         zend_hash_destroy(&CG(filenames_table));
         zend_llist_destroy(&CG(open_files));
  }
@@ -1853,6 +1855,8 @@ void zend_do_new_list_end(CLS_D)
  
  void zend_do_list_init(CLS_D)
  {
+       zend_stack_push(&CG(list_stack), &CG(list_llist), sizeof(zend_llist));
+       zend_stack_push(&CG(list_stack), &CG(dimension_llist), sizeof(zend_llist));
         zend_llist_init(&CG(list_llist), sizeof(list_llist_element), NULL, 0);
         zend_llist_init(&CG(dimension_llist), sizeof(int), NULL, 0);
         zend_do_new_list_begin(CLS_C);
@@ -1911,6 +1915,17 @@ void zend_do_list_end(znode *result, znode *expr CLS_DC)
         zend_llist_destroy(&CG(dimension_llist));
         zend_llist_destroy(&CG(list_llist));
         *result = *expr;
+       {
+               zend_llist *p;
+
+               /* restore previous lists */
+               zend_stack_top(&CG(list_stack), (void **) &p);
+               CG(dimension_llist) = *p;
+               zend_stack_del_top(&CG(list_stack));
+               zend_stack_top(&CG(list_stack), (void **) &p);
+               CG(list_llist) = *p;
+               zend_stack_del_top(&CG(list_stack));
+       }
  }
  
  
diff --git a/Zend/zend_globals.h b/Zend/zend_globals.h

index fd6573ef2315c25f7cd9b45ed9770cc5c212b4ef..ce0f67e99107b48c5f44d58eae3c0d5facb778ee 100644 (file)
--- a/Zend/zend_globals.h
+++ b/Zend/zend_globals.h
@@ -78,6 +78,7 @@ struct _zend_compiler_globals {
         /* variables for list() compilation */
         zend_llist list_llist;
         zend_llist dimension_llist;
+       zend_stack list_stack;
  
         zend_stack function_call_stack;
  
diff --git a/Zend/zend_variables.c b/Zend/zend_variables.c

index 260fb1432190634b2bca5d62f69687fbd9190041..cbcacc8f6cd10bde1b47a050a1f581726d86f05b 100644 (file)
--- a/Zend/zend_variables.c
+++ b/Zend/zend_variables.c
@@ -40,7 +40,7 @@ ZEND_API void _zval_dtor(zval *zvalue ZEND_FILE_LINE_DC)
         switch(zvalue->type) {
                 case IS_STRING:
                 case IS_CONSTANT:
-                       CHECK_ZVAL_STRING(zvalue);
+                       CHECK_ZVAL_STRING_REL(zvalue);
                         STR_FREE_REL(zvalue->value.str.val);
                         break;
                 case IS_ARRAY:
@@ -96,7 +96,7 @@ ZEND_API int _zval_copy_ctor(zval *zvalue ZEND_FILE_LINE_DC)
                                         return SUCCESS;
                                 }
                         }
-                       CHECK_ZVAL_STRING(zvalue);
+                       CHECK_ZVAL_STRING_REL(zvalue);
                         zvalue->value.str.val = (char *) estrndup_rel(zvalue->value.str.val, zvalue->value.str.len);
                         break;
                 case IS_ARRAY:
author	Zeev Suraski <zeev@php.net>
	Mon, 16 Jul 2001 15:48:31 +0000 (15:48 +0000)
committer	Zeev Suraski <zeev@php.net>
	Mon, 16 Jul 2001 15:48:31 +0000 (15:48 +0000)
Zend/zend_API.h		patch \| blob \| history
Zend/zend_compile.c		patch \| blob \| history
Zend/zend_globals.h		patch \| blob \| history
Zend/zend_variables.c		patch \| blob \| history