From 189f625e2b2a65edf406332bf87c81bab1b463af Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 18 Dec 2019 10:10:30 +0100 Subject: [PATCH] Fix freeing of dynamic call name We need to free op2 if the call construction fails. Also remove a redundant check for !call. --- Zend/tests/dynamic_call_freeing.phpt | 28 ++++++++++++++++++++++++++++ Zend/zend_vm_def.h | 4 +--- Zend/zend_vm_execute.h | 8 +------- 3 files changed, 30 insertions(+), 10 deletions(-) create mode 100644 Zend/tests/dynamic_call_freeing.phpt diff --git a/Zend/tests/dynamic_call_freeing.phpt b/Zend/tests/dynamic_call_freeing.phpt new file mode 100644 index 0000000000..d124009295 --- /dev/null +++ b/Zend/tests/dynamic_call_freeing.phpt @@ -0,0 +1,28 @@ +--TEST-- +Freeing of function "name" when dynamic call fails +--FILE-- +getMessage(), "\n"; +} +try { + $bar = ["bar"]; + (["foo"] + $bar)(); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} +try { + (new stdClass)(); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} + +?> +--EXPECT-- +Call to undefined function foobar() +Function name must be a string +Function name must be a string diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index a1cef14b75..1963760112 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -3344,11 +3344,11 @@ ZEND_VM_C_LABEL(try_function_name): call = NULL; } + FREE_OP2(); if (UNEXPECTED(!call)) { HANDLE_EXCEPTION(); } - FREE_OP2(); if (OP2_TYPE & (IS_VAR|IS_TMP_VAR)) { if (UNEXPECTED(EG(exception))) { if (call) { @@ -3360,8 +3360,6 @@ ZEND_VM_C_LABEL(try_function_name): } HANDLE_EXCEPTION(); } - } else if (UNEXPECTED(!call)) { - HANDLE_EXCEPTION(); } call->prev_execute_data = EX(call); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 11bc82c1c4..d80a5f704d 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -2137,8 +2137,6 @@ try_function_name: } HANDLE_EXCEPTION(); } - } else if (UNEXPECTED(!call)) { - HANDLE_EXCEPTION(); } call->prev_execute_data = EX(call); @@ -2313,11 +2311,11 @@ try_function_name: call = NULL; } + zval_ptr_dtor_nogc(free_op2); if (UNEXPECTED(!call)) { HANDLE_EXCEPTION(); } - zval_ptr_dtor_nogc(free_op2); if ((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_TMP_VAR)) { if (UNEXPECTED(EG(exception))) { if (call) { @@ -2329,8 +2327,6 @@ try_function_name: } HANDLE_EXCEPTION(); } - } else if (UNEXPECTED(!call)) { - HANDLE_EXCEPTION(); } call->prev_execute_data = EX(call); @@ -2446,8 +2442,6 @@ try_function_name: } HANDLE_EXCEPTION(); } - } else if (UNEXPECTED(!call)) { - HANDLE_EXCEPTION(); } call->prev_execute_data = EX(call); -- 2.40.0