From: Dmitry Stogov Date: Mon, 6 Feb 2006 11:45:56 +0000 (+0000) Subject: Fixed bug #36303 (foreach on error_zval produces segfault) X-Git-Tag: php-5.1.3RC1~144 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=38409e944c3fd7eafc3a078eba93937c93dca1c9;p=php Fixed bug #36303 (foreach on error_zval produces segfault) --- diff --git a/NEWS b/NEWS index bdabf8cdf7..19dc2d88e1 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ PHP NEWS - Added imap_savebody() that allows message body to be written to a file. (Mike) - Fixed imagecolorallocate() and imagecolorallocatelapha() to return FALSE on error. (Pierre) +- Fixed bug #36303 (foreach on error_zval produces segfault). (Dmitry) - Fixed bug #36295 (typo in SplFileObject::flock() parameter name). (Tony) - Fixed bug #36287 (Segfault with SplFileInfo conversion). (Marcus) - Fixed bug #36283 (SOAPClient Compression Broken). (Dmitry) diff --git a/Zend/tests/bug36303.phpt b/Zend/tests/bug36303.phpt new file mode 100755 index 0000000000..612022ad56 --- /dev/null +++ b/Zend/tests/bug36303.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #36303 (foreach on error_zval produces segfault) +--FILE-- +a->b as &$v) { +} +echo "ok\n"; +?> +--EXPECTF-- +Warning: Invalid argument supplied for foreach() in %sbug36303.php on line 3 +ok diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index d26e516d5f..97d705bc12 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -2983,7 +2983,9 @@ ZEND_VM_HANDLER(77, ZEND_FE_RESET, CONST|TMP|VAR|CV, ANY) } array_ptr = *array_ptr_ptr; } else { - SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) { + SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + } array_ptr = *array_ptr_ptr; array_ptr->refcount++; } diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index ef58b0d495..1a2f2c76c9 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -2030,7 +2030,9 @@ static int ZEND_FE_RESET_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) } array_ptr = *array_ptr_ptr; } else { - SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) { + SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + } array_ptr = *array_ptr_ptr; array_ptr->refcount++; } @@ -4446,7 +4448,9 @@ static int ZEND_FE_RESET_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) } array_ptr = *array_ptr_ptr; } else { - SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) { + SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + } array_ptr = *array_ptr_ptr; array_ptr->refcount++; } @@ -7444,7 +7448,9 @@ static int ZEND_FE_RESET_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) } array_ptr = *array_ptr_ptr; } else { - SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) { + SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + } array_ptr = *array_ptr_ptr; array_ptr->refcount++; } @@ -19539,7 +19545,9 @@ static int ZEND_FE_RESET_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) } array_ptr = *array_ptr_ptr; } else { - SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) { + SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr); + } array_ptr = *array_ptr_ptr; array_ptr->refcount++; }