From: Dmitry Stogov Date: Fri, 28 Dec 2007 13:22:00 +0000 (+0000) Subject: Fixed bug #38469 (unexpected creation of cycle, json tests failed, leaks memory) X-Git-Tag: RELEASE_1_3_1~460 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5a3eb537231a8d674ec57feeecb54f3188510061;p=php Fixed bug #38469 (unexpected creation of cycle, json tests failed, leaks memory) --- diff --git a/NEWS b/NEWS index e68a144e82..598e3bd2b2 100644 --- a/NEWS +++ b/NEWS @@ -91,6 +91,7 @@ PHP NEWS (Lars W) - Fixed bug #39397 (invalid statement handle in Unknown on line 0). (Lars W) - Fixed bug #39056 (Interbase NUMERIC data type error). (Lars W) +- Fixed bug #38468 (Unexpected creation of cycle). (Dmitry) - Fixed bug #37911 (preg_replace_callback() ignores named groups). (Nuno) - Fixed bug #36128 (Interbase PDO - timestamp columns return NULL). (Lars W) - Fixed bug #35386 (firebird: first row is null). (Lars W) diff --git a/Zend/tests/bug38469.phpt b/Zend/tests/bug38469.phpt new file mode 100644 index 0000000000..51fffb3008 --- /dev/null +++ b/Zend/tests/bug38469.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #38469 Unexpected creation of cycle +--FILE-- + +--EXPECT-- +array(1) { + [0]=> + array(0) { + } +} +array(1) { + [0]=> + array(1) { + [0]=> + array(1) { + [0]=> + array(0) { + } + } + } +} diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index e807df00fc..3ac034b07b 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -546,8 +546,39 @@ static zend_bool opline_is_fetch_this(zend_op *opline TSRMLS_DC) void zend_do_assign(znode *result, znode *variable, znode *value TSRMLS_DC) { - int last_op_number = get_next_op_number(CG(active_op_array)); - zend_op *opline = get_next_op(CG(active_op_array) TSRMLS_CC); + int last_op_number; + zend_op *opline; + + if (value->op_type == IS_CV) { + zend_llist *fetch_list_ptr; + + zend_stack_top(&CG(bp_stack), (void **) &fetch_list_ptr); + if (fetch_list_ptr && fetch_list_ptr->head) { + opline = (zend_op *)fetch_list_ptr->head->data; + + if (opline->opcode == ZEND_FETCH_DIM_W && + opline->op1.op_type == IS_CV && + opline->op1.u.var == value->u.var) { + + opline = get_next_op(CG(active_op_array) TSRMLS_CC); + opline->opcode = ZEND_FETCH_R; + opline->result.op_type = IS_VAR; + opline->result.u.EA.type = 0; + opline->result.u.var = get_temporary_variable(CG(active_op_array)); + opline->op1.op_type = IS_CONST; + ZVAL_STRINGL(&opline->op1.u.constant, + CG(active_op_array)->vars[value->u.var].name, + CG(active_op_array)->vars[value->u.var].name_len, 1); + SET_UNUSED(opline->op2); + value = &opline->result; + } + } + } + + zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); + + last_op_number = get_next_op_number(CG(active_op_array)); + opline = get_next_op(CG(active_op_array) TSRMLS_CC); if (variable->op_type == IS_VAR) { int n = 0; @@ -3840,8 +3871,6 @@ void zend_do_list_end(znode *result, znode *expr TSRMLS_DC) zend_llist_element *dimension; zend_op *opline; znode last_container; - int last_op_number; - zend_op *last_op; le = CG(list_llist).head; while (le) { @@ -3881,9 +3910,6 @@ void zend_do_list_end(znode *result, znode *expr TSRMLS_DC) } ((list_llist_element *) le->data)->value = last_container; zend_llist_destroy(&((list_llist_element *) le->data)->dimensions); - zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); - last_op_number = get_next_op_number(CG(active_op_array))-1; - last_op = &CG(active_op_array)->opcodes[last_op_number]; zend_do_assign(result, &((list_llist_element *) le->data)->var, &((list_llist_element *) le->data)->value TSRMLS_CC); zend_do_free(result TSRMLS_CC); le = le->next; @@ -4244,8 +4270,8 @@ void zend_do_foreach_cont(znode *foreach_token, znode *open_brackets_token, znod value_node = opline->result; - zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); if (assign_by_ref) { + zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); /* Mark FE_FETCH as IS_VAR as it holds the data directly as a value */ zend_do_assign_ref(NULL, value, &value_node TSRMLS_CC); } else { @@ -4256,7 +4282,6 @@ void zend_do_foreach_cont(znode *foreach_token, znode *open_brackets_token, znod if (key->op_type != IS_UNUSED) { znode key_node; - zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); opline = &CG(active_op_array)->opcodes[as_token->u.opline_num+1]; opline->result.op_type = IS_TMP_VAR; opline->result.u.EA.type = 0; diff --git a/Zend/zend_language_parser.y b/Zend/zend_language_parser.y index fe260c99d8..0f112974f7 100644 --- a/Zend/zend_language_parser.y +++ b/Zend/zend_language_parser.y @@ -560,7 +560,7 @@ non_empty_for_expr: expr_without_variable: T_LIST '(' { zend_do_list_init(TSRMLS_C); } assignment_list ')' '=' expr { zend_do_list_end(&$$, &$7 TSRMLS_CC); } - | variable '=' expr { zend_check_writable_variable(&$1); zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); zend_do_assign(&$$, &$1, &$3 TSRMLS_CC); } + | variable '=' expr { zend_check_writable_variable(&$1); zend_do_assign(&$$, &$1, &$3 TSRMLS_CC); } | variable '=' '&' variable { zend_check_writable_variable(&$1); zend_do_end_variable_parse(BP_VAR_W, 1 TSRMLS_CC); zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); zend_do_assign_ref(&$$, &$1, &$4 TSRMLS_CC); } | variable '=' '&' T_NEW class_name_reference { zend_error(E_STRICT, "Assigning the return value of new by reference is deprecated"); zend_check_writable_variable(&$1); zend_do_extended_fcall_begin(TSRMLS_C); zend_do_begin_new_object(&$4, &$5 TSRMLS_CC); } ctor_arguments { zend_do_end_new_object(&$3, &$4, &$7 TSRMLS_CC); zend_do_extended_fcall_end(TSRMLS_C); zend_do_end_variable_parse(BP_VAR_W, 0 TSRMLS_CC); zend_do_assign_ref(&$$, &$1, &$3 TSRMLS_CC); } | T_NEW class_name_reference { zend_do_extended_fcall_begin(TSRMLS_C); zend_do_begin_new_object(&$1, &$2 TSRMLS_CC); } ctor_arguments { zend_do_end_new_object(&$$, &$1, &$4 TSRMLS_CC); zend_do_extended_fcall_end(TSRMLS_C);}