]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f90438)
Fixed access to memory that is already freed (in case of __call() method)
authorDmitry Stogov <dmitry@php.net>
Mon, 19 Sep 2005 16:28:43 +0000 (16:28 +0000)
committerDmitry Stogov <dmitry@php.net>
Mon, 19 Sep 2005 16:28:43 +0000 (16:28 +0000)
Zend/zend_vm_def.h patch | blob | history
Zend/zend_vm_execute.h patch | blob | history

diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 25358fc72f069dd2a85c0ac8ed993d05227f40ab..391da2272e5f546e0455b8c6b67cf76240ef02d8 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1868,6 +1868,8 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY)
                }
        }
        if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION) {
+               unsigned char return_reference = EX(function_state).function->common.return_reference;
+
                ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
                INIT_ZVAL(*(EX_T(opline->result.u.var).var.ptr));
 
@@ -1903,7 +1905,7 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY)
                if (!return_value_used) {
                        zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
                } else {
-                       EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
+                       EX_T(opline->result.u.var).var.fcall_returned_reference = return_reference;
                }
        } else if (EX(function_state).function->type == ZEND_USER_FUNCTION) {
                HashTable *calling_symbol_table;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 81f2fe9e51596688c810e5c29f5304eea58c7d70..9a23ad8a3826b17f1360bbfc41c7da73131e19d8 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -172,6 +172,8 @@ static int zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
                }
        }
        if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION) {
+               unsigned char return_reference = EX(function_state).function->common.return_reference;
+
                ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
                INIT_ZVAL(*(EX_T(opline->result.u.var).var.ptr));
 
@@ -207,7 +209,7 @@ static int zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
                if (!return_value_used) {
                        zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
                } else {
-                       EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
+                       EX_T(opline->result.u.var).var.fcall_returned_reference = return_reference;
                }
        } else if (EX(function_state).function->type == ZEND_USER_FUNCTION) {
                HashTable *calling_symbol_table;
Unnamed repository; edit this file 'description' to name the repository.