From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 7 Jun 2006 13:43:13 +0000 (+0000)
Subject: MFB: Fixed bug #37707 clone without assigning leaks memory
X-Git-Tag: RELEASE_1_0_0RC1~2761
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=72a4a1362ad1e9f04c288912e689659a4daec834;p=php

MFB: Fixed bug #37707 clone without assigning leaks memory
---

diff --git a/Zend/tests/bug37707.phpt b/Zend/tests/bug37707.phpt
new file mode 100755
index 0000000000..3657fec989
--- /dev/null
+++ b/Zend/tests/bug37707.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #37707 (clone without assigning leaks memory)
+--FILE--
+<?php
+class testme {}
+clone new testme();
+echo "NO LEAK\n";
+?>
+--EXPECT--
+NO LEAK
+
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 0007203bfa..b7e57c7318 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2536,11 +2536,9 @@ ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMP|VAR|UNUSED|CV, ANY)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index d957738d08..b414f747e5 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1781,11 +1781,9 @@ static int ZEND_CLONE_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -4291,11 +4289,9 @@ static int ZEND_CLONE_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -7398,11 +7394,9 @@ static int ZEND_CLONE_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -14530,11 +14524,9 @@ static int ZEND_CLONE_SPEC_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -20039,11 +20031,9 @@ static int ZEND_CLONE_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;