]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5753d36)
Fixed bug #49037 (@list( $b ) = $a; causes a crash)
authorDmitry Stogov <dmitry@php.net>
Tue, 28 Jul 2009 13:01:40 +0000 (13:01 +0000)
committerDmitry Stogov <dmitry@php.net>
Tue, 28 Jul 2009 13:01:40 +0000 (13:01 +0000)
Zend/tests/bug49037.phpt [new file with mode: 0644] patch | blob
Zend/zend_vm_def.h patch | blob | history
Zend/zend_vm_execute.h patch | blob | history

diff --git a/Zend/tests/bug49037.phpt b/Zend/tests/bug49037.phpt
new file mode 100644 (file)
index 0000000..8f50ea7
--- /dev/null
+++ b/Zend/tests/bug49037.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #49037 (@list( $b ) = $a; causes a crash)
+--FILE--
+<?php
+$a = array( "c" );
+@list( $b ) = $a;
+print_r( $a );
+?>
+--EXPECT--
+Array
+(
+    [0] => c
+)
+
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 6dd3a90c554f4e76d6ccb0a8f9b2a5ec5f71c3e9..cbc80ba36107da7deb07108d933c2417c6536107 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1491,6 +1491,9 @@ ZEND_VM_HANDLER(98, ZEND_FETCH_DIM_TMP_VAR, VAR|CV|CONST|TMP, CONST)
        if (OP1_TYPE == IS_VAR && EX_T(opline->op1.u.var).var.ptr == NULL) {
                zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
        }
+       if (OP1_TYPE == IS_VAR && EX_T(opline->op1.u.var).var.ptr_ptr) {
+               PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
+       }
        container = GET_OP1_ZVAL_PTR(BP_VAR_R);
        if (Z_TYPE_P(container) != IS_ARRAY) {
                if (!RETURN_VALUE_UNUSED(&opline->result)) {
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 9ccfc5049557c0fe3636f667c1fbc7a383ae9a32..3d3f273194b0c28e4322d850ac432a11a81c2268 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2680,6 +2680,9 @@ static int ZEND_FASTCALL  ZEND_FETCH_DIM_TMP_VAR_SPEC_CONST_CONST_HANDLER(ZEND_O
        if (IS_CONST == IS_VAR && EX_T(opline->op1.u.var).var.ptr == NULL) {
                zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
        }
+       if (IS_CONST == IS_VAR && EX_T(opline->op1.u.var).var.ptr_ptr) {
+               PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
+       }
        container = &opline->op1.u.constant;
        if (Z_TYPE_P(container) != IS_ARRAY) {
                if (!RETURN_VALUE_UNUSED(&opline->result)) {
@@ -6117,6 +6120,9 @@ static int ZEND_FASTCALL  ZEND_FETCH_DIM_TMP_VAR_SPEC_TMP_CONST_HANDLER(ZEND_OPC
        if (IS_TMP_VAR == IS_VAR && EX_T(opline->op1.u.var).var.ptr == NULL) {
                zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
        }
+       if (IS_TMP_VAR == IS_VAR && EX_T(opline->op1.u.var).var.ptr_ptr) {
+               PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
+       }
        container = _get_zval_ptr_tmp(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
        if (Z_TYPE_P(container) != IS_ARRAY) {
                if (!RETURN_VALUE_UNUSED(&opline->result)) {
@@ -10579,6 +10585,9 @@ static int ZEND_FASTCALL  ZEND_FETCH_DIM_TMP_VAR_SPEC_VAR_CONST_HANDLER(ZEND_OPC
        if (IS_VAR == IS_VAR && EX_T(opline->op1.u.var).var.ptr == NULL) {
                zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
        }
+       if (IS_VAR == IS_VAR && EX_T(opline->op1.u.var).var.ptr_ptr) {
+               PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
+       }
        container = _get_zval_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
        if (Z_TYPE_P(container) != IS_ARRAY) {
                if (!RETURN_VALUE_UNUSED(&opline->result)) {
@@ -24941,6 +24950,9 @@ static int ZEND_FASTCALL  ZEND_FETCH_DIM_TMP_VAR_SPEC_CV_CONST_HANDLER(ZEND_OPCO
        if (IS_CV == IS_VAR && EX_T(opline->op1.u.var).var.ptr == NULL) {
                zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
        }
+       if (IS_CV == IS_VAR && EX_T(opline->op1.u.var).var.ptr_ptr) {
+               PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
+       }
        container = _get_zval_ptr_cv(&opline->op1, EX(Ts), BP_VAR_R TSRMLS_CC);
        if (Z_TYPE_P(container) != IS_ARRAY) {
                if (!RETURN_VALUE_UNUSED(&opline->result)) {
Unnamed repository; edit this file 'description' to name the repository.