Fix bug #63822: Crash when using closures with ArrayAccess

author Nikita Popov <nikic@php.net>

Fri, 21 Dec 2012 00:56:37 +0000 (01:56 +0100)

committer Nikita Popov <nikic@php.net>

Fri, 21 Dec 2012 00:56:37 +0000 (01:56 +0100)
author Nikita Popov <nikic@php.net>
Fri, 21 Dec 2012 00:56:37 +0000 (01:56 +0100)
committer Nikita Popov <nikic@php.net>
Fri, 21 Dec 2012 00:56:37 +0000 (01:56 +0100)
diff --git a/NEWS b/NEWS

index d63858df0171684b8b9d857c97e783b809d60a14..019513a117436d3040884015e5767559b4207d98 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
  ?? ??? 201?, PHP 5.5.0 Alpha 3
  
+- General improvements:
+  . Fixed bug #63822 (Crash when using closures with ArrayAccess).
+    (Nikita Popov)
  
  18 Dec 2012, PHP 5.5.0 Alpha 2
  
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h

index c933a48248d80a1bd3e90d472b0c59dda5a0f4da..2c17182b9f049dee97cce7ea8002d7f1a3abf11a 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1843,7 +1843,7 @@ ZEND_VM_HANDLER(39, ZEND_ASSIGN_REF, VAR|CV, VAR|CV)
  
  ZEND_VM_HELPER(zend_leave_helper, ANY, ANY)
  {
-       zend_bool nested;
+       zend_bool nested = EX(nested);
         zend_op_array *op_array = EX(op_array);
  
         EG(current_execute_data) = EX(prev_execute_data);
@@ -1852,14 +1852,12 @@ ZEND_VM_HELPER(zend_leave_helper, ANY, ANY)
                 i_free_compiled_variables(execute_data);
         }
  
+       zend_vm_stack_free((char*)execute_data - (ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * op_array->T) TSRMLS_CC);
+
         if ((op_array->fn_flags & ZEND_ACC_CLOSURE) && op_array->prototype) {
                 zval_ptr_dtor((zval**)&op_array->prototype);
         }
  
-       nested = EX(nested);
-
-       zend_vm_stack_free((char*)execute_data - (ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * op_array->T) TSRMLS_CC);
-
         if (nested) {
                 execute_data = EG(current_execute_data);
         }
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h

index dab0df35409f0ef802e0d56938f0fe94b6c858ee..c51df01c2d38b252821dfdf48e9077869db69cf5 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -383,7 +383,7 @@ ZEND_API void zend_execute(zend_op_array *op_array TSRMLS_DC)
  
  static int ZEND_FASTCALL zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
  {
-       zend_bool nested;
+       zend_bool nested = EX(nested);
         zend_op_array *op_array = EX(op_array);
  
         EG(current_execute_data) = EX(prev_execute_data);
@@ -392,14 +392,12 @@ static int ZEND_FASTCALL zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS)
                 i_free_compiled_variables(execute_data);
         }
  
+       zend_vm_stack_free((char*)execute_data - (ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * op_array->T) TSRMLS_CC);
+
         if ((op_array->fn_flags & ZEND_ACC_CLOSURE) && op_array->prototype) {
                 zval_ptr_dtor((zval**)&op_array->prototype);
         }
  
-       nested = EX(nested);
-
-       zend_vm_stack_free((char*)execute_data - (ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * op_array->T) TSRMLS_CC);
-
         if (nested) {
                 execute_data = EG(current_execute_data);
         }
author	Nikita Popov <nikic@php.net>
	Fri, 21 Dec 2012 00:56:37 +0000 (01:56 +0100)
committer	Nikita Popov <nikic@php.net>
	Fri, 21 Dec 2012 00:56:37 +0000 (01:56 +0100)
NEWS		patch \| blob \| history
Zend/zend_vm_def.h		patch \| blob \| history
Zend/zend_vm_execute.h		patch \| blob \| history