Fixed bug #54585 (track_errors causes segfault)

diff --git a/NEWS b/NEWS
index ed3e8578b9bc016f1f88ed2fdefef2150bf0d19f..b7bb64ba7e890aedd99becab731c370ab600f921 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2011, PHP 5.3.7
 - Zend Engine:
+  . Fixed bug #54585 (track_errors causes segfault). (Dmitry)
   . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). 
     (Tony, Dmitry)
   . Fixed bug #54372 (Crash accessing global object itself returned from its

diff --git a/Zend/tests/bug54585.phpt b/Zend/tests/bug54585.phpt
new file mode 100644 (file)
index 0000000..2ca11f3
--- /dev/null
+++ b/Zend/tests/bug54585.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #54585 (track_errors causes segfault)
+--INI--
+track_errors=On
+--FILE--
+<?php
+function testing($source) {
+                unset($source[$cos]);
+}
+testing($_GET);
+echo "ok\n";
+?>
+--EXPECTF--
+Notice: Undefined variable: cos in %sbug54585.php on line 3
+ok

diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 5f2ebff151c6767bd45c48775a7e44ad2188b4d3..deab17b65d706a741d4eaad2d05e41f350c4fe34 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -3430,12 +3430,14 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
        zend_op *opline = EX(opline);
        zend_free_op free_op1, free_op2;
        zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET);
-       zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
+       zval *offset;
+
+       if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
 
        if (OP1_TYPE != IS_VAR || container) {
-               if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);

diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 888ba953dad70189bbae7fefdc1f1ce993f6cc62..3ac52d3a30a24e78f5e98841cea454de84dd57cd 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -10725,12 +10725,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAND
        zend_op *opline = EX(opline);
        zend_free_op free_op1;
        zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-       zval *offset = &opline->op2.u.constant;
+       zval *offset;
+
+       if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = &opline->op2.u.constant;
 
        if (IS_VAR != IS_VAR || container) {
-               if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -12474,12 +12476,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLE
        zend_op *opline = EX(opline);
        zend_free_op free_op1, free_op2;
        zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-       zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
+       zval *offset;
+
+       if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
 
        if (IS_VAR != IS_VAR || container) {
-               if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -14274,12 +14278,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDLE
        zend_op *opline = EX(opline);
        zend_free_op free_op1, free_op2;
        zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-       zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
+       zval *offset;
+
+       if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
 
        if (IS_VAR != IS_VAR || container) {
-               if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -16660,12 +16666,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER
        zend_op *opline = EX(opline);
        zend_free_op free_op1;
        zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-       zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC);
+       zval *offset;
+
+       if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC);
 
        if (IS_VAR != IS_VAR || container) {
-               if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -17852,12 +17860,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_H
        zend_op *opline = EX(opline);
 
        zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
-       zval *offset = &opline->op2.u.constant;
+       zval *offset;
+
+       if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = &opline->op2.u.constant;
 
        if (IS_UNUSED != IS_VAR || container) {
-               if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -18909,12 +18919,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_UNUSED_TMP_HANDLER(ZEND_OPCODE_HAN
        zend_op *opline = EX(opline);
        zend_free_op free_op2;
        zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
-       zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
+       zval *offset;
+
+       if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
 
        if (IS_UNUSED != IS_VAR || container) {
-               if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -19966,12 +19978,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_UNUSED_VAR_HANDLER(ZEND_OPCODE_HAN
        zend_op *opline = EX(opline);
        zend_free_op free_op2;
        zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
-       zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
+       zval *offset;
+
+       if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
 
        if (IS_UNUSED != IS_VAR || container) {
-               if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -21282,12 +21296,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAND
        zend_op *opline = EX(opline);
 
        zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
-       zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC);
+       zval *offset;
+
+       if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC);
 
        if (IS_UNUSED != IS_VAR || container) {
-               if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -24280,12 +24296,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDL
        zend_op *opline = EX(opline);
 
        zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC);
-       zval *offset = &opline->op2.u.constant;
+       zval *offset;
+
+       if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = &opline->op2.u.constant;
 
        if (IS_CV != IS_VAR || container) {
-               if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -25920,12 +25938,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDLER
        zend_op *opline = EX(opline);
        zend_free_op free_op2;
        zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC);
-       zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
+       zval *offset;
+
+       if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
 
        if (IS_CV != IS_VAR || container) {
-               if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -27610,12 +27630,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLER
        zend_op *opline = EX(opline);
        zend_free_op free_op2;
        zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC);
-       zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
+       zval *offset;
+
+       if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC);
 
        if (IS_CV != IS_VAR || container) {
-               if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);
@@ -29787,12 +29809,14 @@ static int ZEND_FASTCALL  ZEND_UNSET_DIM_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_
        zend_op *opline = EX(opline);
 
        zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC);
-       zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC);
+       zval *offset;
+
+       if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
+               SEPARATE_ZVAL_IF_NOT_REF(container);
+       }
+       offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC);
 
        if (IS_CV != IS_VAR || container) {
-               if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
-                       SEPARATE_ZVAL_IF_NOT_REF(container);
-               }
                switch (Z_TYPE_PP(container)) {
                        case IS_ARRAY: {
                                HashTable *ht = Z_ARRVAL_PP(container);