Fixed memory leak in ZEND_JMPZ_EX (op1 and result may share same slot)

diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 72fbf7fbb40a5c39ac27eb9e5e23099c16cf7c23..9f2d26a2030abb43ef42bb4414a7bf8257fa3956 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1910,13 +1910,14 @@ ZEND_VM_HANDLER(46, ZEND_JMPZ_EX, CONST|TMP|VAR|CV, ANY)
        }
 
        if (i_zend_is_true(val TSRMLS_CC)) {
+               FREE_OP1();
                ZVAL_TRUE(EX_VAR(opline->result.var));
                opline++;
        } else {
+               FREE_OP1();
                ZVAL_FALSE(EX_VAR(opline->result.var));
                opline = opline->op2.jmp_addr;
        }
-       FREE_OP1();
        if (UNEXPECTED(EG(exception) != NULL)) {
                HANDLE_EXCEPTION();
        }
@@ -3773,7 +3774,7 @@ ZEND_VM_HANDLER(99, ZEND_FETCH_CONSTANT, VAR|CONST|UNUSED, CONST)
                } else if ((c = zend_quick_get_constant(opline->op2.zv + 1, opline->extended_value TSRMLS_CC)) == NULL) {
                        if ((opline->extended_value & IS_CONSTANT_UNQUALIFIED) != 0) {
                                char *actual = (char *)zend_memrchr(Z_STRVAL_P(opline->op2.zv), '\\', Z_STRLEN_P(opline->op2.zv));
-                               if(!actual) {
+                               if (!actual) {
                                        actual = Z_STRVAL_P(opline->op2.zv);
                                } else {
                                        actual++;

diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 94466c581bcb8a3f6e7b40195cb03dce665efeb8..732c3f02a25bad22189359571eafd16e73bd106e 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2497,13 +2497,14 @@ static int ZEND_FASTCALL  ZEND_JMPZ_EX_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_AR
        }
 
        if (i_zend_is_true(val TSRMLS_CC)) {
+
                ZVAL_TRUE(EX_VAR(opline->result.var));
                opline++;
        } else {
+
                ZVAL_FALSE(EX_VAR(opline->result.var));
                opline = opline->op2.jmp_addr;
        }
-
        if (UNEXPECTED(EG(exception) != NULL)) {
                HANDLE_EXCEPTION();
        }
@@ -4298,7 +4299,7 @@ static int ZEND_FASTCALL  ZEND_FETCH_CONSTANT_SPEC_CONST_CONST_HANDLER(ZEND_OPCO
                } else if ((c = zend_quick_get_constant(opline->op2.zv + 1, opline->extended_value TSRMLS_CC)) == NULL) {
                        if ((opline->extended_value & IS_CONSTANT_UNQUALIFIED) != 0) {
                                char *actual = (char *)zend_memrchr(Z_STRVAL_P(opline->op2.zv), '\\', Z_STRLEN_P(opline->op2.zv));
-                               if(!actual) {
+                               if (!actual) {
                                        actual = Z_STRVAL_P(opline->op2.zv);
                                } else {
                                        actual++;
@@ -9336,13 +9337,14 @@ static int ZEND_FASTCALL  ZEND_JMPZ_EX_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS
        }
 
        if (i_zend_is_true(val TSRMLS_CC)) {
+               zval_ptr_dtor_nogc(free_op1.var);
                ZVAL_TRUE(EX_VAR(opline->result.var));
                opline++;
        } else {
+               zval_ptr_dtor_nogc(free_op1.var);
                ZVAL_FALSE(EX_VAR(opline->result.var));
                opline = opline->op2.jmp_addr;
        }
-       zval_ptr_dtor_nogc(free_op1.var);
        if (UNEXPECTED(EG(exception) != NULL)) {
                HANDLE_EXCEPTION();
        }
@@ -15920,13 +15922,14 @@ static int ZEND_FASTCALL  ZEND_JMPZ_EX_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS
        }
 
        if (i_zend_is_true(val TSRMLS_CC)) {
+               zval_ptr_dtor_nogc(free_op1.var);
                ZVAL_TRUE(EX_VAR(opline->result.var));
                opline++;
        } else {
+               zval_ptr_dtor_nogc(free_op1.var);
                ZVAL_FALSE(EX_VAR(opline->result.var));
                opline = opline->op2.jmp_addr;
        }
-       zval_ptr_dtor_nogc(free_op1.var);
        if (UNEXPECTED(EG(exception) != NULL)) {
                HANDLE_EXCEPTION();
        }
@@ -18946,7 +18949,7 @@ static int ZEND_FASTCALL  ZEND_FETCH_CONSTANT_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE
                } else if ((c = zend_quick_get_constant(opline->op2.zv + 1, opline->extended_value TSRMLS_CC)) == NULL) {
                        if ((opline->extended_value & IS_CONSTANT_UNQUALIFIED) != 0) {
                                char *actual = (char *)zend_memrchr(Z_STRVAL_P(opline->op2.zv), '\\', Z_STRLEN_P(opline->op2.zv));
-                               if(!actual) {
+                               if (!actual) {
                                        actual = Z_STRVAL_P(opline->op2.zv);
                                } else {
                                        actual++;
@@ -28230,7 +28233,7 @@ static int ZEND_FASTCALL  ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER(ZEND_OPC
                } else if ((c = zend_quick_get_constant(opline->op2.zv + 1, opline->extended_value TSRMLS_CC)) == NULL) {
                        if ((opline->extended_value & IS_CONSTANT_UNQUALIFIED) != 0) {
                                char *actual = (char *)zend_memrchr(Z_STRVAL_P(opline->op2.zv), '\\', Z_STRLEN_P(opline->op2.zv));
-                               if(!actual) {
+                               if (!actual) {
                                        actual = Z_STRVAL_P(opline->op2.zv);
                                } else {
                                        actual++;
@@ -33369,13 +33372,14 @@ static int ZEND_FASTCALL  ZEND_JMPZ_EX_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
        }
 
        if (i_zend_is_true(val TSRMLS_CC)) {
+
                ZVAL_TRUE(EX_VAR(opline->result.var));
                opline++;
        } else {
+
                ZVAL_FALSE(EX_VAR(opline->result.var));
                opline = opline->op2.jmp_addr;
        }
-
        if (UNEXPECTED(EG(exception) != NULL)) {
                HANDLE_EXCEPTION();
        }