Fixed access on uninitialized data in Zend/tests/closure_019.phpt

author Dmitry Stogov <dmitry@zend.com>

Tue, 10 Mar 2015 11:05:14 +0000 (14:05 +0300)

committer Dmitry Stogov <dmitry@zend.com>

Tue, 10 Mar 2015 11:05:14 +0000 (14:05 +0300)
author Dmitry Stogov <dmitry@zend.com>
Tue, 10 Mar 2015 11:05:14 +0000 (14:05 +0300)
committer Dmitry Stogov <dmitry@zend.com>
Tue, 10 Mar 2015 11:05:14 +0000 (14:05 +0300)
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h

index 9958e18cfb717c4a07ef498aafc952ece57534fe..d60cf6ad62cdd8ab39bee3c8f1f8bd098fb92dd2 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -3526,6 +3526,8 @@ ZEND_VM_HANDLER(116, ZEND_SEND_VAL_EX, CONST|TMP, ANY)
         if (ARG_MUST_BE_SENT_BY_REF(EX(call)->func, opline->op2.num)) {
                 zend_error(E_EXCEPTION | E_ERROR, "Cannot pass parameter %d by reference", opline->op2.num);
                 FREE_UNFETCHED_OP1();
+               arg = ZEND_CALL_VAR(EX(call), opline->result.var);
+               ZVAL_UNDEF(arg);
                 HANDLE_EXCEPTION();
         }
         value = GET_OP1_ZVAL_PTR(BP_VAR_R);
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h

index 3f2cb215b2b25913d562281fc50e956051335d64..2ae3059fc3ae1ee6a1b4d2a60687a4d6b35e9e93 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2887,6 +2887,8 @@ static int ZEND_FASTCALL  ZEND_SEND_VAL_EX_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLE
         if (ARG_MUST_BE_SENT_BY_REF(EX(call)->func, opline->op2.num)) {
                 zend_error(E_EXCEPTION | E_ERROR, "Cannot pass parameter %d by reference", opline->op2.num);
  
+               arg = ZEND_CALL_VAR(EX(call), opline->result.var);
+               ZVAL_UNDEF(arg);
                 HANDLE_EXCEPTION();
         }
         value = EX_CONSTANT(opline->op1);
@@ -9360,6 +9362,8 @@ static int ZEND_FASTCALL  ZEND_SEND_VAL_EX_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_
         if (ARG_MUST_BE_SENT_BY_REF(EX(call)->func, opline->op2.num)) {
                 zend_error(E_EXCEPTION | E_ERROR, "Cannot pass parameter %d by reference", opline->op2.num);
                 zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));
+               arg = ZEND_CALL_VAR(EX(call), opline->result.var);
+               ZVAL_UNDEF(arg);
                 HANDLE_EXCEPTION();
         }
         value = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1);
author	Dmitry Stogov <dmitry@zend.com>
	Tue, 10 Mar 2015 11:05:14 +0000 (14:05 +0300)
committer	Dmitry Stogov <dmitry@zend.com>
	Tue, 10 Mar 2015 11:05:14 +0000 (14:05 +0300)
Zend/zend_vm_def.h		patch \| blob \| history
Zend/zend_vm_execute.h		patch \| blob \| history