From: Xinchen Hui Date: Thu, 17 Mar 2016 11:06:50 +0000 (+0800) Subject: Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER) X-Git-Tag: php-5.6.21RC1~34 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8e2f658f49c76c9feed894414fb3a8edb27beef0;p=php Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER) --- diff --git a/NEWS b/NEWS index 5ffad7624a..9a200f9a10 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,10 @@ PHP NEWS - Core: . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) +- Opcache: + . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER). + (Laruence) + - Standard: . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) diff --git a/ext/opcache/Optimizer/block_pass.c b/ext/opcache/Optimizer/block_pass.c index c146d0cc8c..bf3f144cc1 100644 --- a/ext/opcache/Optimizer/block_pass.c +++ b/ext/opcache/Optimizer/block_pass.c @@ -716,8 +716,11 @@ static void zend_optimize_block(zend_code_block *block, zend_op_array *op_array, if (src->opcode == ZEND_BOOL) { if (ZEND_OP1_TYPE(src) == IS_CONST) { literal_dtor(&ZEND_OP1_LITERAL(src)); + } else if (ZEND_OP1_TYPE(src) == IS_TMP_VAR) { + src->opcode = ZEND_FREE; + } else { + MAKE_NOP(src); } - MAKE_NOP(src); MAKE_NOP(opline); } } diff --git a/ext/opcache/tests/bug71843.phpt b/ext/opcache/tests/bug71843.phpt new file mode 100644 index 0000000000..7fcf32c032 --- /dev/null +++ b/ext/opcache/tests/bug71843.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:3479)) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.optimization_level=0xFFFFBFFF +--SKIPIF-- + +--FILE-- + +okey +--EXPECTF-- +Notice: Use of undefined constant E - assumed 'E' in %sbug71843.php on line %d + +Notice: Use of undefined constant R - assumed 'R' in %sbug71843.php on line %d + +Notice: Use of undefined constant See - assumed 'See' in %sbug71843.php on line %d +okey