- Fixed bug #44913 (Segfault when using return in combination with nested loops and continue 2)
--- /dev/null
+--TEST--
+Bug #44913 (Segfault when using return in combination with nested loops and continue 2)
+--FILE--
+<?php
+function something() {
+ foreach(array(1, 2) as $value) {
+ for($i = 0; $i < 1; $i++) {
+ continue 2;
+ }
+ return;
+ }
+}
+something();
+echo "ok\n";
+?>
+--EXPECT--
+ok
opline = get_next_op(CG(active_op_array) TSRMLS_CC);
- opline->opcode = ZEND_SWITCH_FREE;
+ opline->opcode = (switch_entry->cond.op_type == IS_TMP_VAR) ? ZEND_FREE : ZEND_SWITCH_FREE;
opline->op1 = switch_entry->cond;
SET_UNUSED(opline->op2);
opline->extended_value = 0;
opline = get_next_op(CG(active_op_array) TSRMLS_CC);
- opline->opcode = ZEND_SWITCH_FREE;
+ opline->opcode = (foreach_copy->result.op_type == IS_TMP_VAR) ? ZEND_FREE : ZEND_SWITCH_FREE;
opline->op1 = foreach_copy->result;
SET_UNUSED(opline->op2);
opline->extended_value = 1;
if (foreach_copy->op1.op_type != IS_UNUSED) {
opline = get_next_op(CG(active_op_array) TSRMLS_CC);
- opline->opcode = ZEND_SWITCH_FREE;
+ opline->opcode = (foreach_copy->op1.op_type == IS_TMP_VAR) ? ZEND_FREE : ZEND_SWITCH_FREE;
opline->op1 = foreach_copy->op1;
SET_UNUSED(opline->op2);
opline->extended_value = 0;
void zend_do_return(znode *expr, int do_end_vparse TSRMLS_DC) /* {{{ */
{
zend_op *opline;
+ int start_op_number, end_op_number;
if (do_end_vparse) {
if (CG(active_op_array)->return_reference && !zend_is_function_or_method_call(expr)) {
}
}
+ start_op_number = get_next_op_number(CG(active_op_array));
+
#ifdef ZTS
zend_stack_apply_with_argument(&CG(switch_cond_stack), ZEND_STACK_APPLY_TOPDOWN, (int (*)(void *element, void *)) generate_free_switch_expr TSRMLS_CC);
zend_stack_apply_with_argument(&CG(foreach_copy_stack), ZEND_STACK_APPLY_TOPDOWN, (int (*)(void *element, void *)) generate_free_foreach_copy TSRMLS_CC);
zend_stack_apply(&CG(foreach_copy_stack), ZEND_STACK_APPLY_TOPDOWN, (int (*)(void *element)) generate_free_foreach_copy);
#endif
+ end_op_number = get_next_op_number(CG(active_op_array));
+ while (start_op_number < end_op_number) {
+ CG(active_op_array)->opcodes[start_op_number].op1.u.EA.type = EXT_TYPE_FREE_ON_RETURN;
+ start_op_number++;
+ }
+
opline = get_next_op(CG(active_op_array) TSRMLS_CC);
opline->opcode = ZEND_RETURN;
if (switch_entry_ptr->cond.op_type==IS_VAR || switch_entry_ptr->cond.op_type==IS_TMP_VAR) {
/* emit free for the switch condition*/
opline = get_next_op(CG(active_op_array) TSRMLS_CC);
- opline->opcode = ZEND_SWITCH_FREE;
+ opline->opcode = (switch_entry_ptr->cond.op_type == IS_TMP_VAR) ? ZEND_FREE : ZEND_SWITCH_FREE;
opline->op1 = switch_entry_ptr->cond;
SET_UNUSED(opline->op2);
}
#define IS_UNUSED (1<<3) /* Unused variable */
#define IS_CV (1<<4) /* Compiled variable */
-#define EXT_TYPE_UNUSED (1<<0)
+#define EXT_TYPE_UNUSED (1<<0)
+#define EXT_TYPE_FREE_ON_RETURN (2<<0)
#include "zend_globals.h"
}
/* }}} */
-static inline void zend_switch_free(temp_variable *T, int type, int extended_value TSRMLS_DC) /* {{{ */
+static inline void zend_switch_free(temp_variable *T, int extended_value TSRMLS_DC) /* {{{ */
{
- if (type == IS_VAR) {
- if (T->var.ptr) {
- if (extended_value & ZEND_FE_RESET_VARIABLE) { /* foreach() free */
- Z_DELREF_P(T->var.ptr);
- }
- zval_ptr_dtor(&T->var.ptr);
- } else if (!T->var.ptr_ptr) {
- /* perform the equivalent of equivalent of a
- * quick & silent get_zval_ptr, and FREE_OP
- */
- PZVAL_UNLOCK_FREE(T->str_offset.str);
+ if (T->var.ptr) {
+ if (extended_value & ZEND_FE_RESET_VARIABLE) { /* foreach() free */
+ Z_DELREF_P(T->var.ptr);
}
- } else { /* IS_TMP_VAR */
- zendi_zval_dtor(T->tmp_var);
+ zval_ptr_dtor(&T->var.ptr);
+ } else if (!T->var.ptr_ptr) {
+ /* perform the equivalent of equivalent of a
+ * quick & silent get_zval_ptr, and FREE_OP
+ */
+ PZVAL_UNLOCK_FREE(T->str_offset.str);
}
}
/* }}} */
switch (brk_opline->opcode) {
case ZEND_SWITCH_FREE:
- zend_switch_free(&T(brk_opline->op1.u.var), brk_opline->op1.op_type, brk_opline->extended_value TSRMLS_CC);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zend_switch_free(&T(brk_opline->op1.u.var), brk_opline->extended_value TSRMLS_CC);
+ }
break;
case ZEND_FREE:
- zendi_zval_dtor(T(brk_opline->op1.u.var).tmp_var);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zendi_zval_dtor(T(brk_opline->op1.u.var).tmp_var);
+ }
break;
}
}
switch (brk_opline->opcode) {
case ZEND_SWITCH_FREE:
- zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->op1.op_type, brk_opline->extended_value TSRMLS_CC);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->extended_value TSRMLS_CC);
+ }
break;
case ZEND_FREE:
- zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ }
break;
}
ZEND_VM_JMP(opline->op1.u.jmp_addr);
ZEND_VM_NEXT_OPCODE();
}
-ZEND_VM_HANDLER(49, ZEND_SWITCH_FREE, TMP|VAR, ANY)
+ZEND_VM_HANDLER(49, ZEND_SWITCH_FREE, VAR, ANY)
{
zend_op *opline = EX(opline);
- zend_switch_free(&EX_T(opline->op1.u.var), OP1_TYPE, opline->extended_value TSRMLS_CC);
+ zend_switch_free(&EX_T(opline->op1.u.var), opline->extended_value TSRMLS_CC);
ZEND_VM_NEXT_OPCODE();
}
switch (brk_opline->opcode) {
case ZEND_SWITCH_FREE:
- zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->op1.op_type, brk_opline->extended_value TSRMLS_CC);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->extended_value TSRMLS_CC);
+ }
break;
case ZEND_FREE:
- zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ }
break;
}
}
switch (brk_opline->opcode) {
case ZEND_SWITCH_FREE:
- zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->op1.op_type, brk_opline->extended_value TSRMLS_CC);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->extended_value TSRMLS_CC);
+ }
break;
case ZEND_FREE:
- zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ }
break;
}
}
switch (brk_opline->opcode) {
case ZEND_SWITCH_FREE:
- zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->op1.op_type, brk_opline->extended_value TSRMLS_CC);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->extended_value TSRMLS_CC);
+ }
break;
case ZEND_FREE:
- zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
+ zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
+ }
break;
}
ZEND_VM_JMP(opline->op1.u.jmp_addr);
ZEND_VM_NEXT_OPCODE();
}
-static int ZEND_SWITCH_FREE_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
-{
- zend_op *opline = EX(opline);
-
- zend_switch_free(&EX_T(opline->op1.u.var), IS_TMP_VAR, opline->extended_value TSRMLS_CC);
- ZEND_VM_NEXT_OPCODE();
-}
-
static int ZEND_CLONE_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
{
zend_op *opline = EX(opline);
{
zend_op *opline = EX(opline);
- zend_switch_free(&EX_T(opline->op1.u.var), IS_VAR, opline->extended_value TSRMLS_CC);
+ zend_switch_free(&EX_T(opline->op1.u.var), opline->extended_value TSRMLS_CC);
ZEND_VM_NEXT_OPCODE();
}
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
- ZEND_SWITCH_FREE_SPEC_TMP_HANDLER,
- ZEND_SWITCH_FREE_SPEC_TMP_HANDLER,
- ZEND_SWITCH_FREE_SPEC_TMP_HANDLER,
- ZEND_SWITCH_FREE_SPEC_TMP_HANDLER,
- ZEND_SWITCH_FREE_SPEC_TMP_HANDLER,
+ ZEND_NULL_HANDLER,
+ ZEND_NULL_HANDLER,
+ ZEND_NULL_HANDLER,
+ ZEND_NULL_HANDLER,
+ ZEND_NULL_HANDLER,
ZEND_SWITCH_FREE_SPEC_VAR_HANDLER,
ZEND_SWITCH_FREE_SPEC_VAR_HANDLER,
ZEND_SWITCH_FREE_SPEC_VAR_HANDLER,
projects / php / commitdiff