Merge branch 'PHP-7.4'

author Nikita Popov <nikita.ppv@gmail.com>

Mon, 10 Aug 2020 08:12:49 +0000 (10:12 +0200)

committer Nikita Popov <nikita.ppv@gmail.com>

Mon, 10 Aug 2020 08:13:34 +0000 (10:13 +0200)
author Nikita Popov <nikita.ppv@gmail.com>
Mon, 10 Aug 2020 08:12:49 +0000 (10:12 +0200)
committer Nikita Popov <nikita.ppv@gmail.com>
Mon, 10 Aug 2020 08:13:34 +0000 (10:13 +0200)
diff --cc Zend/tests/bug79947.phpt

index 0000000000000000000000000000000000000000,18d2d75a9ddec35cb2e46d0743caa6061eb9a7b1..906f58144b41d435428d2851fc44b4aab5c308c5

mode 000000,100644..100644
--- /dev/null
--- 2/Zend/tests/bug79947.phpt
+++ b/Zend/tests/bug79947.phpt
@@@ -1,0 -1,13 +1,17 @@@
- -$array[$key] += [$key];
+ --TEST--
+ Bug #79947: Memory leak on invalid offset type in compound assignment
+ --FILE--
+ <?php
+ $array = [];
+ $key = [];
- ---EXPECTF--
- -Warning: Illegal offset type in %s on line %d
++try {
++    $array[$key] += [$key];
++} catch (TypeError $e) {
++    echo $e->getMessage(), "\n";
++}
+ var_dump($array);
+ ?>
++--EXPECT--
++Illegal offset type
+ array(0) {
+ }
diff --cc Zend/zend_execute.c

index 7d2a960cb5efe5e1818999d0501dc0e3749ce0b3,c5b502501e7d5dc9aef54590114dfa9494d32054..9a267987db3d77acca8ca1ec7bcc3c1524f420d2
--- 1/Zend/zend_execute.c
--- 2/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@@ -1999,10 -2058,9 +1999,9 @@@ static ZEND_COLD void zend_binary_assig
                         zend_check_string_offset(dim, BP_VAR_RW EXECUTE_DATA_CC);
                         zend_wrong_string_offset(EXECUTE_DATA_C);
                 }
- -      } else if (EXPECTED(!Z_ISERROR_P(container))) {
+ +      } else {
                 zend_use_scalar_as_array();
         }
-       FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
   }
   
   static zend_never_inline zend_uchar slow_index_convert(HashTable *ht, const zval *dim, zend_value *value EXECUTE_DATA_DC)
diff --cc Zend/zend_vm_def.h

index 86a86bd6527e9996f5f50264a213e6c56359c2b0,a5a2070b437b230581fac677523ff5a02c004e08..c5583feb6681135c01a3ecdd0dd2714bce19ea1d
--- 1/Zend/zend_vm_def.h
--- 2/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@@ -1215,6 -1272,7 +1215,7 @@@ ZEND_VM_C_LABEL(assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   ZEND_VM_C_LABEL(assign_dim_op_ret_null):
- -                      FREE_UNFETCHED_OP_DATA();
++                      FREE_OP_DATA();
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
diff --cc Zend/zend_vm_execute.h

index 4f118764a8eb2861648349cee1c2548b342055d4,6aa34bbd1094f83f295f0f40a23e6d7e2dc5ff11..b9ccb2226cc0df487e49c2af05ecddce1463b2a1
--- 1/Zend/zend_vm_execute.h
--- 2/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@@ -21431,6 -22205,7 +21431,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
@@@ -23976,6 -24495,7 +23977,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
@@@ -26201,6 -26900,7 +26203,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
@@@ -27911,6 -28175,7 +27914,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
@@@ -38602,6 -39124,7 +38606,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
@@@ -42214,6 -42624,7 +42219,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
@@@ -45003,6 -45605,7 +45009,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
@@@ -47251,6 -47708,7 +47258,7 @@@ assign_dim_op_new_array
                 } else {
                         zend_binary_assign_op_dim_slow(container, dim OPLINE_CC EXECUTE_DATA_CC);
   assign_dim_op_ret_null:
- -                      FREE_UNFETCHED_OP((opline+1)->op1_type, (opline+1)->op1.var);
++                      FREE_OP((opline+1)->op1_type, (opline+1)->op1.var);
                         if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
                                 ZVAL_NULL(EX_VAR(opline->result.var));
                         }
author	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 10 Aug 2020 08:12:49 +0000 (10:12 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 10 Aug 2020 08:13:34 +0000 (10:13 +0200)
		1	2
Zend/tests/bug79947.phpt	patch \|	\|	diff2 \|	blob \| history
Zend/zend_execute.c	patch \|	diff1 \|	diff2 \|	blob \| history
Zend/zend_vm_def.h	patch \|	diff1 \|	diff2 \|	blob \| history
Zend/zend_vm_execute.h	patch \|	diff1 \|	diff2 \|	blob \| history