]> granicus.if.org Git - php/commitdiff
MFB: fix crash on $x['x']['y'] += 1, patch by Brian Shire
authorStanislav Malyshev <stas@php.net>
Thu, 8 Mar 2007 21:06:54 +0000 (21:06 +0000)
committerStanislav Malyshev <stas@php.net>
Thu, 8 Mar 2007 21:06:54 +0000 (21:06 +0000)
Zend/zend_vm_def.h
Zend/zend_vm_execute.h

index 575c48067f6956a50506dbdb1afaa05aa58b388f..0c8edd28e5025c71a0aba8cf0d4358b6ccf38798 100644 (file)
@@ -408,11 +408,11 @@ ZEND_VM_HELPER_EX(zend_binary_assign_op_helper, VAR|UNUSED|CV, CONST|TMP|VAR|UNU
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W);
 
-                               if (OP1_TYPE != IS_CV && !OP1_FREE) {
+                               if (object_ptr && OP1_TYPE != IS_CV && !OP1_FREE) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_obj_helper, binary_op, binary_op);
                                } else {
                                        zend_op *op_data = opline+1;
index a5bb4c3976e8f28200be0d10c07ee540a653433e..ea117d9eff4cd5c8b65bc301cf8bf937aa5e6e30 100644 (file)
@@ -8886,11 +8886,11 @@ static int zend_binary_assign_op_helper_SPEC_VAR_CONST(int (*binary_op)(zval *re
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
 
-                               if (IS_VAR != IS_CV && !(free_op1.var != NULL)) {
+                               if (object_ptr && IS_VAR != IS_CV && !(free_op1.var != NULL)) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_VAR_CONST(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -10424,11 +10424,11 @@ static int zend_binary_assign_op_helper_SPEC_VAR_TMP(int (*binary_op)(zval *resu
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
 
-                               if (IS_VAR != IS_CV && !(free_op1.var != NULL)) {
+                               if (object_ptr && IS_VAR != IS_CV && !(free_op1.var != NULL)) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_VAR_TMP(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -11966,11 +11966,11 @@ static int zend_binary_assign_op_helper_SPEC_VAR_VAR(int (*binary_op)(zval *resu
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
 
-                               if (IS_VAR != IS_CV && !(free_op1.var != NULL)) {
+                               if (object_ptr && IS_VAR != IS_CV && !(free_op1.var != NULL)) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_VAR_VAR(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -13312,11 +13312,11 @@ static int zend_binary_assign_op_helper_SPEC_VAR_UNUSED(int (*binary_op)(zval *r
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
 
-                               if (IS_VAR != IS_CV && !(free_op1.var != NULL)) {
+                               if (object_ptr && IS_VAR != IS_CV && !(free_op1.var != NULL)) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_VAR_UNUSED(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -13982,11 +13982,11 @@ static int zend_binary_assign_op_helper_SPEC_VAR_CV(int (*binary_op)(zval *resul
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
 
-                               if (IS_VAR != IS_CV && !(free_op1.var != NULL)) {
+                               if (object_ptr && IS_VAR != IS_CV && !(free_op1.var != NULL)) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_VAR_CV(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -15402,11 +15402,11 @@ static int zend_binary_assign_op_helper_SPEC_UNUSED_CONST(int (*binary_op)(zval
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
 
-                               if (IS_UNUSED != IS_CV && !0) {
+                               if (object_ptr && IS_UNUSED != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_UNUSED_CONST(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -16460,11 +16460,11 @@ static int zend_binary_assign_op_helper_SPEC_UNUSED_TMP(int (*binary_op)(zval *r
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
 
-                               if (IS_UNUSED != IS_CV && !0) {
+                               if (object_ptr && IS_UNUSED != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_UNUSED_TMP(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -17477,11 +17477,11 @@ static int zend_binary_assign_op_helper_SPEC_UNUSED_VAR(int (*binary_op)(zval *r
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
 
-                               if (IS_UNUSED != IS_CV && !0) {
+                               if (object_ptr && IS_UNUSED != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_UNUSED_VAR(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -18494,11 +18494,11 @@ static int zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(int (*binary_op)(zval
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
 
-                               if (IS_UNUSED != IS_CV && !0) {
+                               if (object_ptr && IS_UNUSED != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_UNUSED_UNUSED(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -18760,11 +18760,11 @@ static int zend_binary_assign_op_helper_SPEC_UNUSED_CV(int (*binary_op)(zval *re
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
 
-                               if (IS_UNUSED != IS_CV && !0) {
+                               if (object_ptr && IS_UNUSED != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_UNUSED_CV(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -21332,11 +21332,11 @@ static int zend_binary_assign_op_helper_SPEC_CV_CONST(int (*binary_op)(zval *res
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC);
 
-                               if (IS_CV != IS_CV && !0) {
+                               if (object_ptr && IS_CV != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_CV_CONST(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -22862,11 +22862,11 @@ static int zend_binary_assign_op_helper_SPEC_CV_TMP(int (*binary_op)(zval *resul
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC);
 
-                               if (IS_CV != IS_CV && !0) {
+                               if (object_ptr && IS_CV != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_CV_TMP(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -24396,11 +24396,11 @@ static int zend_binary_assign_op_helper_SPEC_CV_VAR(int (*binary_op)(zval *resul
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC);
 
-                               if (IS_CV != IS_CV && !0) {
+                               if (object_ptr && IS_CV != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_CV_VAR(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -25733,11 +25733,11 @@ static int zend_binary_assign_op_helper_SPEC_CV_UNUSED(int (*binary_op)(zval *re
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC);
 
-                               if (IS_CV != IS_CV && !0) {
+                               if (object_ptr && IS_CV != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_CV_UNUSED(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;
@@ -26402,11 +26402,11 @@ static int zend_binary_assign_op_helper_SPEC_CV_CV(int (*binary_op)(zval *result
                case ZEND_ASSIGN_DIM: {
                                zval **object_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC);
 
-                               if (IS_CV != IS_CV && !0) {
+                               if (object_ptr && IS_CV != IS_CV && !0) {
                                        (*object_ptr)->refcount++;  /* undo the effect of get_obj_zval_ptr_ptr() */
                                }
 
-                               if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
+                               if (object_ptr && Z_TYPE_PP(object_ptr) == IS_OBJECT) {
                                        return zend_binary_assign_op_obj_helper_SPEC_CV_CV(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
                                } else {
                                        zend_op *op_data = opline+1;