From: Nikita Popov Date: Wed, 13 Jul 2016 21:39:16 +0000 (+0200) Subject: Fix leak if get_constructor returns NULL X-Git-Tag: php-7.1.0beta1~61^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=37a2f3fe2586a37658eb6e92cccb7cef32f67056;p=php Fix leak if get_constructor returns NULL --- diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 868e035105..0be1b5726c 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -4922,6 +4922,11 @@ ZEND_VM_HANDLER(68, ZEND_NEW, UNUSED|CLASS_FETCH|CONST|VAR, ANY, NUM) constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index a9e59ebd7d..5943e4b5c7 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -3176,6 +3176,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_CONST_HANDLER(ZEND_OP constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) { @@ -15955,6 +15960,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_VAR_HANDLER(ZEND_OPCO constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) { @@ -27567,6 +27577,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_UNUSED_HANDLER(ZEND_O constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) {