Fixed bug #38469 (unexpected creation of cycle, json tests failed, leaks memory)

author Dmitry Stogov <dmitry@php.net>

Fri, 28 Dec 2007 13:22:00 +0000 (13:22 +0000)

committer Dmitry Stogov <dmitry@php.net>

Fri, 28 Dec 2007 13:22:00 +0000 (13:22 +0000)
author Dmitry Stogov <dmitry@php.net>
Fri, 28 Dec 2007 13:22:00 +0000 (13:22 +0000)
committer Dmitry Stogov <dmitry@php.net>
Fri, 28 Dec 2007 13:22:00 +0000 (13:22 +0000)
diff --git a/NEWS b/NEWS

index e68a144e823fa93a3d03a9b6669226f3fdedf317..598e3bd2b239eee80490bab435e87f1ecedb45ba 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -91,6 +91,7 @@ PHP                                                                        NEWS
    (Lars W)
  - Fixed bug #39397 (invalid statement handle in Unknown on line 0). (Lars W)
  - Fixed bug #39056 (Interbase NUMERIC data type error). (Lars W)
+- Fixed bug #38468 (Unexpected creation of cycle). (Dmitry)
  - Fixed bug #37911 (preg_replace_callback() ignores named groups). (Nuno)
  - Fixed bug #36128 (Interbase PDO - timestamp columns return NULL). (Lars W)
  - Fixed bug #35386 (firebird: first row is null). (Lars W)
diff --git a/Zend/tests/bug38469.phpt b/Zend/tests/bug38469.phpt

new file mode 100644 (file)

index 0000000..51fffb3
--- /dev/null
+++ b/Zend/tests/bug38469.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #38469 Unexpected creation of cycle
+--FILE--
+<?php
+$a = array();
+$a[0] = $a;
+var_dump($a);
+$b = array(array());
+$b[0][0] = $b;
+var_dump($b);
+?>
+--EXPECT--
+array(1) {
+  [0]=>
+  array(0) {
+  }
+}
+array(1) {
+  [0]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(0) {
+      }
+    }
+  }
+}
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c

index e807df00fc0c4e6ee7a9f7bb1d5d3b504a8f22dc..3ac034b07b9e792c40523b3d9723ebc719b4a76e 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -546,8 +546,39 @@ static zend_bool opline_is_fetch_this(zend_op *opline TSRMLS_DC)
  
  void zend_do_assign(znode *result, znode *variable, znode *value TSRMLS_DC)
  {
-       int last_op_number = get_next_op_number(CG(active_op_array));
-       zend_op *opline = get_next_op(CG(active_op_array) TSRMLS_CC);
+       int last_op_number;
+       zend_op *opline;
+
+       if (value->op_type == IS_CV) {
+               zend_llist *fetch_list_ptr;
+
+               zend_stack_top(&CG(bp_stack), (void **) &fetch_list_ptr);
+               if (fetch_list_ptr && fetch_list_ptr->head) {
+                       opline = (zend_op *)fetch_list_ptr->head->data;
+
+                       if (opline->opcode == ZEND_FETCH_DIM_W &&
+                           opline->op1.op_type == IS_CV &&
+                           opline->op1.u.var == value->u.var) {
+
+                               opline = get_next_op(CG(active_op_array) TSRMLS_CC);
+                               opline->opcode = ZEND_FETCH_R;
+                               opline->result.op_type = IS_VAR;
+                               opline->result.u.EA.type = 0;
+                               opline->result.u.var = get_temporary_variable(CG(active_op_array));
+                               opline->op1.op_type = IS_CONST;
+                               ZVAL_STRINGL(&opline->op1.u.constant,
+                                       CG(active_op_array)->vars[value->u.var].name, 
+                                       CG(active_op_array)->vars[value->u.var].name_len, 1);
+                               SET_UNUSED(opline->op2);
+                               value = &opline->result;
+                       }
+               }
+       }
+
+       zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC);
+
+       last_op_number = get_next_op_number(CG(active_op_array));
+       opline = get_next_op(CG(active_op_array) TSRMLS_CC);
  
         if (variable->op_type == IS_VAR) {
                 int n = 0;
@@ -3840,8 +3871,6 @@ void zend_do_list_end(znode *result, znode *expr TSRMLS_DC)
         zend_llist_element *dimension;
         zend_op *opline;
         znode last_container;
-       int last_op_number;
-       zend_op *last_op;
  
         le = CG(list_llist).head;
         while (le) {
@@ -3881,9 +3910,6 @@ void zend_do_list_end(znode *result, znode *expr TSRMLS_DC)
                 }
                 ((list_llist_element *) le->data)->value = last_container;
                 zend_llist_destroy(&((list_llist_element *) le->data)->dimensions);
-               zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC);
-               last_op_number = get_next_op_number(CG(active_op_array))-1;
-               last_op = &CG(active_op_array)->opcodes[last_op_number];
                 zend_do_assign(result, &((list_llist_element *) le->data)->var, &((list_llist_element *) le->data)->value TSRMLS_CC);
                 zend_do_free(result TSRMLS_CC);
                 le = le->next;
@@ -4244,8 +4270,8 @@ void zend_do_foreach_cont(znode *foreach_token, znode *open_brackets_token, znod
  
         value_node = opline->result;
  
-       zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC);
         if (assign_by_ref) {
+               zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC);
                 /* Mark FE_FETCH as IS_VAR as it holds the data directly as a value */
                 zend_do_assign_ref(NULL, value, &value_node TSRMLS_CC);
         } else {
@@ -4256,7 +4282,6 @@ void zend_do_foreach_cont(znode *foreach_token, znode *open_brackets_token, znod
         if (key->op_type != IS_UNUSED) {
                 znode key_node;
  
-               zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC);
                 opline = &CG(active_op_array)->opcodes[as_token->u.opline_num+1];
                 opline->result.op_type = IS_TMP_VAR;
                 opline->result.u.EA.type = 0;
diff --git a/Zend/zend_language_parser.y b/Zend/zend_language_parser.y

index fe260c99d803e262d86486cf23153e22d79816c7..0f112974f739b97734e59c4c04427e4e0389579e 100644 (file)
--- a/Zend/zend_language_parser.y
+++ b/Zend/zend_language_parser.y
@@ -560,7 +560,7 @@ non_empty_for_expr:
  
  expr_without_variable:
                 T_LIST '(' { zend_do_list_init(TSRMLS_C); } assignment_list ')' '=' expr { zend_do_list_end(&$$, &$7 TSRMLS_CC); }
-       |       variable '=' expr               { zend_check_writable_variable(&$1); zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); zend_do_assign(&$$, &$1, &$3 TSRMLS_CC); }
+       |       variable '=' expr               { zend_check_writable_variable(&$1); zend_do_assign(&$$, &$1, &$3 TSRMLS_CC); }
         |       variable '=' '&' variable { zend_check_writable_variable(&$1); zend_do_end_variable_parse(BP_VAR_W, 1 TSRMLS_CC); zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); zend_do_assign_ref(&$$, &$1, &$4 TSRMLS_CC); }
         |       variable '=' '&' T_NEW class_name_reference { zend_error(E_STRICT, "Assigning the return value of new by reference is deprecated");  zend_check_writable_variable(&$1); zend_do_extended_fcall_begin(TSRMLS_C); zend_do_begin_new_object(&$4, &$5 TSRMLS_CC); } ctor_arguments { zend_do_end_new_object(&$3, &$4, &$7 TSRMLS_CC); zend_do_extended_fcall_end(TSRMLS_C); zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); zend_do_assign_ref(&$$, &$1, &$3 TSRMLS_CC); }
         |       T_NEW class_name_reference { zend_do_extended_fcall_begin(TSRMLS_C); zend_do_begin_new_object(&$1, &$2 TSRMLS_CC); } ctor_arguments { zend_do_end_new_object(&$$, &$1, &$4 TSRMLS_CC); zend_do_extended_fcall_end(TSRMLS_C);}
author	Dmitry Stogov <dmitry@php.net>
	Fri, 28 Dec 2007 13:22:00 +0000 (13:22 +0000)
committer	Dmitry Stogov <dmitry@php.net>
	Fri, 28 Dec 2007 13:22:00 +0000 (13:22 +0000)
NEWS		patch \| blob \| history
Zend/tests/bug38469.phpt	[new file with mode: 0644]	patch \| blob
Zend/zend_compile.c		patch \| blob \| history
Zend/zend_language_parser.y		patch \| blob \| history