From: Nikita Popov Date: Sat, 31 Dec 2016 12:33:21 +0000 (+0100) Subject: Fix bug #73847 X-Git-Tag: php-7.1.1RC1~43 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=242d924e599d2c92a5d12873ad1564f7d44f7126;p=php Fix bug #73847 --- diff --git a/NEWS b/NEWS index 9d1a2c5bc9..d06b6c4ae3 100644 --- a/NEWS +++ b/NEWS @@ -37,6 +37,7 @@ PHP NEWS . Fixed bug #73654 (Segmentation fault in zend_call_function). (Nikita) . Fixed bug #73668 ("SIGFPE Arithmetic exception" in opcache when divide by minus 1). (Nikita) + . Fixed bug #73847 (Recursion when a variable is redefined as array). (Nikita) - PDO_Firebird: . Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning diff --git a/ext/opcache/Optimizer/dfa_pass.c b/ext/opcache/Optimizer/dfa_pass.c index 2780a4cc54..f01e2ecc65 100644 --- a/ext/opcache/Optimizer/dfa_pass.c +++ b/ext/opcache/Optimizer/dfa_pass.c @@ -356,6 +356,12 @@ static zend_bool opline_supports_assign_contraction( return opline->op1_type != IS_CV || opline->op1.var != cv_var; } + if (opline->opcode == ZEND_INIT_ARRAY) { + /* INIT_ARRAY initializes the result array before reading key/value. */ + return (opline->op1_type != IS_CV || opline->op1.var != cv_var) + && (opline->op2_type != IS_CV || opline->op2.var != cv_var); + } + return 1; } diff --git a/ext/opcache/tests/bug73847.phpt b/ext/opcache/tests/bug73847.phpt new file mode 100644 index 0000000000..7010dfbfb7 --- /dev/null +++ b/ext/opcache/tests/bug73847.phpt @@ -0,0 +1,44 @@ +--TEST-- +Bug #73847: Recursion when a variable is redefined as array +--FILE-- + 24); + var_dump($a); + + $a = 42; + $a = array($a, 24); + var_dump($a); + + $a = 42; + $a = array(24, $a); + var_dump($a); +} +test(); +?> +--EXPECT-- +array(1) { + [0]=> + int(42) +} +array(1) { + [42]=> + int(24) +} +array(2) { + [0]=> + int(42) + [1]=> + int(24) +} +array(2) { + [0]=> + int(24) + [1]=> + int(42) +}