From: Dmitry Stogov <dmitry@php.net>
Date: Sun, 25 Feb 2007 16:12:18 +0000 (+0000)
Subject: Fixed bug #40591 (list()="string"; gives invalid opcode)
X-Git-Tag: RELEASE_1_0_1~159
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=64dcd4af8113a6b27dbdd1ad4742af8305623656;p=php

Fixed bug #40591 (list()="string"; gives invalid opcode)
---

diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index d4cc862f65..19d31abd9b 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1383,7 +1383,7 @@ ZEND_VM_HANDLER(97, ZEND_FETCH_OBJ_UNSET, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
 	ZEND_VM_NEXT_OPCODE();
 }
 
-ZEND_VM_HANDLER(98, ZEND_FETCH_DIM_TMP_VAR, TMP, CONST)
+ZEND_VM_HANDLER(98, ZEND_FETCH_DIM_TMP_VAR, CONST|TMP, CONST)
 {
 	zend_op *opline = EX(opline);
 	zend_free_op free_op1;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index f01bf067d2..aa053f4e9f 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2646,6 +2646,29 @@ static int ZEND_BOOL_XOR_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	ZEND_VM_NEXT_OPCODE();
 }
 
+static int ZEND_FETCH_DIM_TMP_VAR_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
+{
+	zend_op *opline = EX(opline);
+
+	zval *container = &opline->op1.u.constant;
+
+	if (Z_TYPE_P(container) != IS_ARRAY) {
+		if (!RETURN_VALUE_UNUSED(&opline->result)) {
+			EX_T(opline->result.u.var).var.ptr_ptr = &EG(uninitialized_zval_ptr);
+			PZVAL_LOCK(*EX_T(opline->result.u.var).var.ptr_ptr);
+		}
+	} else {
+
+		zval *dim = &opline->op2.u.constant;
+
+		EX_T(opline->result.u.var).var.ptr_ptr = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), dim, BP_VAR_R TSRMLS_CC);
+		SELECTIVE_PZVAL_LOCK(*EX_T(opline->result.u.var).var.ptr_ptr, &opline->result);
+
+	}
+	AI_USE_PTR(EX_T(opline->result.u.var).var);
+	ZEND_VM_NEXT_OPCODE();
+}
+
 static int ZEND_CASE_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 {
 	zend_op *opline = EX(opline);
@@ -29966,7 +29989,7 @@ void zend_init_opcodes_handlers()
   	ZEND_FETCH_OBJ_UNSET_SPEC_CV_VAR_HANDLER,
   	ZEND_NULL_HANDLER,
   	ZEND_FETCH_OBJ_UNSET_SPEC_CV_CV_HANDLER,
-  	ZEND_NULL_HANDLER,
+  	ZEND_FETCH_DIM_TMP_VAR_SPEC_CONST_CONST_HANDLER,
   	ZEND_NULL_HANDLER,
   	ZEND_NULL_HANDLER,
   	ZEND_NULL_HANDLER,