Fix incorrect literal freeing if pass_two generates fatal error

author Nikita Popov <nikita.ppv@gmail.com>

Tue, 4 Sep 2018 06:08:39 +0000 (08:08 +0200)

committer Nikita Popov <nikita.ppv@gmail.com>

Tue, 4 Sep 2018 06:08:39 +0000 (08:08 +0200)
author Nikita Popov <nikita.ppv@gmail.com>
Tue, 4 Sep 2018 06:08:39 +0000 (08:08 +0200)
committer Nikita Popov <nikita.ppv@gmail.com>
Tue, 4 Sep 2018 06:08:39 +0000 (08:08 +0200)
diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c

index 6bed3c7b59df4c4566126972f84db0f28af8eaaf..1e82dc7bf5b94cb494b077c5a120f98e63b68a78 100644 (file)
--- a/Zend/zend_opcode.c
+++ b/Zend/zend_opcode.c
@@ -546,6 +546,10 @@ ZEND_API int pass_two(zend_op_array *op_array)
         CG(context).literals_size = op_array->last_literal;
  #endif
  
+       /* Needs to be set directly after the opcode/literal reallocation, to ensure destruction
+        * happens correctly if any of the following fixups generate a fatal error. */
+       op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
+
         opline = op_array->opcodes;
         end = opline + op_array->last;
         while (opline < end) {
@@ -674,7 +678,6 @@ ZEND_API int pass_two(zend_op_array *op_array)
                 }
         }
  
-       op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
         return 0;
  }
author	Nikita Popov <nikita.ppv@gmail.com>
	Tue, 4 Sep 2018 06:08:39 +0000 (08:08 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Tue, 4 Sep 2018 06:08:39 +0000 (08:08 +0200)