From: Dmitry Stogov Date: Mon, 25 Apr 2011 07:50:07 +0000 (+0000) Subject: Fixed bug #54585 (track_errors causes segfault) X-Git-Tag: php-5.3.7RC1~167 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e510daf20bb8fefb06421e1dd368062beb3e350b;p=php Fixed bug #54585 (track_errors causes segfault) --- diff --git a/NEWS b/NEWS index ed3e8578b9..b7bb64ba7e 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,7 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2011, PHP 5.3.7 - Zend Engine: + . Fixed bug #54585 (track_errors causes segfault). (Dmitry) . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). (Tony, Dmitry) . Fixed bug #54372 (Crash accessing global object itself returned from its diff --git a/Zend/tests/bug54585.phpt b/Zend/tests/bug54585.phpt new file mode 100644 index 0000000000..2ca11f3e6a --- /dev/null +++ b/Zend/tests/bug54585.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #54585 (track_errors causes segfault) +--INI-- +track_errors=On +--FILE-- + +--EXPECTF-- +Notice: Undefined variable: cos in %sbug54585.php on line 3 +ok diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 5f2ebff151..deab17b65d 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -3430,12 +3430,14 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV) zend_op *opline = EX(opline); zend_free_op free_op1, free_op2; zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET); - zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R); + zval *offset; + + if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = GET_OP2_ZVAL_PTR(BP_VAR_R); if (OP1_TYPE != IS_VAR || container) { - if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 888ba953da..3ac52d3a30 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -10725,12 +10725,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAND zend_op *opline = EX(opline); zend_free_op free_op1; zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); - zval *offset = &opline->op2.u.constant; + zval *offset; + + if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = &opline->op2.u.constant; if (IS_VAR != IS_VAR || container) { - if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -12474,12 +12476,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLE zend_op *opline = EX(opline); zend_free_op free_op1, free_op2; zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); - zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); + zval *offset; + + if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); if (IS_VAR != IS_VAR || container) { - if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -14274,12 +14278,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDLE zend_op *opline = EX(opline); zend_free_op free_op1, free_op2; zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); - zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); + zval *offset; + + if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); if (IS_VAR != IS_VAR || container) { - if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -16660,12 +16666,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER zend_op *opline = EX(opline); zend_free_op free_op1; zval **container = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); - zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); + zval *offset; + + if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); if (IS_VAR != IS_VAR || container) { - if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -17852,12 +17860,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_H zend_op *opline = EX(opline); zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C); - zval *offset = &opline->op2.u.constant; + zval *offset; + + if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = &opline->op2.u.constant; if (IS_UNUSED != IS_VAR || container) { - if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -18909,12 +18919,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_TMP_HANDLER(ZEND_OPCODE_HAN zend_op *opline = EX(opline); zend_free_op free_op2; zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C); - zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); + zval *offset; + + if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); if (IS_UNUSED != IS_VAR || container) { - if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -19966,12 +19978,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_VAR_HANDLER(ZEND_OPCODE_HAN zend_op *opline = EX(opline); zend_free_op free_op2; zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C); - zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); + zval *offset; + + if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); if (IS_UNUSED != IS_VAR || container) { - if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -21282,12 +21296,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAND zend_op *opline = EX(opline); zval **container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C); - zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); + zval *offset; + + if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); if (IS_UNUSED != IS_VAR || container) { - if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -24280,12 +24296,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDL zend_op *opline = EX(opline); zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC); - zval *offset = &opline->op2.u.constant; + zval *offset; + + if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = &opline->op2.u.constant; if (IS_CV != IS_VAR || container) { - if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -25920,12 +25938,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDLER zend_op *opline = EX(opline); zend_free_op free_op2; zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC); - zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); + zval *offset; + + if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); if (IS_CV != IS_VAR || container) { - if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -27610,12 +27630,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLER zend_op *opline = EX(opline); zend_free_op free_op2; zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC); - zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); + zval *offset; + + if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); if (IS_CV != IS_VAR || container) { - if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container); @@ -29787,12 +29809,14 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ zend_op *opline = EX(opline); zval **container = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_UNSET TSRMLS_CC); - zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); + zval *offset; + + if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { + SEPARATE_ZVAL_IF_NOT_REF(container); + } + offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); if (IS_CV != IS_VAR || container) { - if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) { - SEPARATE_ZVAL_IF_NOT_REF(container); - } switch (Z_TYPE_PP(container)) { case IS_ARRAY: { HashTable *ht = Z_ARRVAL_PP(container);