Fix invalid function by-ref prop assign handling

author Nikita Popov <nikita.ppv@gmail.com>

Mon, 8 Apr 2019 08:18:26 +0000 (10:18 +0200)

committer Nikita Popov <nikita.ppv@gmail.com>

Mon, 8 Apr 2019 08:18:26 +0000 (10:18 +0200)
author Nikita Popov <nikita.ppv@gmail.com>
Mon, 8 Apr 2019 08:18:26 +0000 (10:18 +0200)
committer Nikita Popov <nikita.ppv@gmail.com>
Mon, 8 Apr 2019 08:18:26 +0000 (10:18 +0200)
diff --git a/Zend/tests/assign_obj_ref_byval_function.phpt b/Zend/tests/assign_obj_ref_byval_function.phpt

new file mode 100644 (file)

index 0000000..561ef08
--- /dev/null
+++ b/Zend/tests/assign_obj_ref_byval_function.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Assign result of by-value function to object property by-reference
+--FILE--
+<?php
+
+function notRef() {
+    return null;
+}
+
+$obj = new stdClass;
+$obj->prop =& notRef();
+var_dump($obj);
+
+?>
+--EXPECTF--
+Notice: Only variables should be assigned by reference in %s on line %d
+object(stdClass)#1 (1) {
+  ["prop"]=>
+  NULL
+}
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h

index 54257933cd9899f5e4a4406e7f0d988ed843a3e4..0f74e4280e684b393a1078117bf372fc2e2b39aa 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2636,11 +2636,11 @@ ZEND_VM_HANDLER(200, ZEND_ASSIGN_OBJ_REF, VAR|UNUSED|THIS|CV, CONST|TMPVAR|CV, C
         } else if (OP_DATA_TYPE == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (OP_DATA_TYPE == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h

index afbf6a4ad838c581d11dadf2cf2f450e9ec4f6bb..05c6101bcc09f6bae3bfe14ac75a42f09f1d5bb8 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -24416,11 +24416,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_VAR_CONST_
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -24498,11 +24498,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_VAR_CONST_
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -27115,11 +27115,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_VAR_TMPVAR
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -27197,11 +27197,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_VAR_TMPVAR
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -31523,11 +31523,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_VAR_CV_OP_
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -31605,11 +31605,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_VAR_CV_OP_
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -33606,11 +33606,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_UNUSED_CON
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -33687,11 +33687,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_UNUSED_CON
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -35553,11 +35553,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_UNUSED_TMP
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -35634,11 +35634,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_UNUSED_TMP
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -38147,11 +38147,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_UNUSED_CV_
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -38228,11 +38228,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_UNUSED_CV_
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -43555,11 +43555,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_CV_CONST_O
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -43636,11 +43636,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_CV_CONST_O
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -47662,11 +47662,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_CV_TMPVAR_
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -47743,11 +47743,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_CV_TMPVAR_
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -53735,11 +53735,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_CV_CV_OP_D
         } else if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_VAR == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
@@ -53816,11 +53816,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_REF_SPEC_CV_CV_OP_D
         } else if (IS_CV == IS_VAR && UNEXPECTED(Z_ISERROR_P(value_ptr))) {
                 variable_ptr = &EG(uninitialized_zval);
         } else if (IS_CV == IS_VAR &&
-                  opline->extended_value == ZEND_RETURNS_FUNCTION &&
+                  (opline->extended_value & ZEND_RETURNS_FUNCTION) &&
                            UNEXPECTED(!Z_ISREF_P(value_ptr))) {
  
                 if (UNEXPECTED(!zend_wrong_assign_to_variable_reference(
-                               Z_INDIRECT_P(variable_ptr), value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
+                               variable_ptr, value_ptr OPLINE_CC EXECUTE_DATA_CC))) {
                         variable_ptr = &EG(uninitialized_zval);
                 }
         } else {
author	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 8 Apr 2019 08:18:26 +0000 (10:18 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 8 Apr 2019 08:18:26 +0000 (10:18 +0200)
Zend/tests/assign_obj_ref_byval_function.phpt	[new file with mode: 0644]	patch \| blob
Zend/zend_vm_def.h		patch \| blob \| history
Zend/zend_vm_execute.h		patch \| blob \| history