From 1e3333e4bd84d84524c0671b63801b5ad5e1b200 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Wed, 23 Sep 2015 14:10:23 +0800 Subject: [PATCH] Fixed Bug #70557 (Memleak on return type verifying failed) --- NEWS | 1 + Zend/tests/return_types/bug70557.phpt | 19 +++++++++++++++++++ Zend/zend_vm_def.h | 6 +++++- Zend/zend_vm_execute.h | 24 ++++++++++++++++++++++-- 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 Zend/tests/return_types/bug70557.phpt diff --git a/NEWS b/NEWS index ebb26cdab9..5d276ec71b 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,7 @@ PHP NEWS 01 Oct 2015, PHP 7.0.0 RC 4 - Core: + . Fixed bug #70557 (Memleak on return type verifying failed). (Laruence) . Fixed bug #70555 (fun_get_arg() on unsetted vars return UNKNOW). (Laruence) . Fixed bug #70548 (Redundant information printed in case of uncaught engine exception). (Laruence) diff --git a/Zend/tests/return_types/bug70557.phpt b/Zend/tests/return_types/bug70557.phpt new file mode 100644 index 0000000000..8cc123a581 --- /dev/null +++ b/Zend/tests/return_types/bug70557.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #70557 (Memleak on return type verifying failed). +--INI-- +opcache.enable=0 +--FILE-- +getMessage()); +} +?> +--EXPECT-- +string(72) "Return value of getNumber() must be of the type integer, string returned" diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 62d9bbf98c..e59337ec73 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -3923,7 +3923,11 @@ ZEND_VM_HANDLER(124, ZEND_VERIFY_RETURN_TYPE, CONST|TMP|VAR|UNUSED|CV, UNUSED) zend_verify_return_type(EX(func), retval_ptr, CACHE_ADDR(opline->op2.num)); if (UNEXPECTED(EG(exception) != NULL)) { - FREE_OP1(); + if (OP1_TYPE == IS_CONST) { + zval_ptr_dtor_nogc(retval_ptr); + } else { + FREE_OP1(); + } } #endif } diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index b9fa6f586f..eeaf27930d 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -7745,7 +7745,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_CONST_ zend_verify_return_type(EX(func), retval_ptr, CACHE_ADDR(opline->op2.num)); if (UNEXPECTED(EG(exception) != NULL)) { + if (IS_CONST == IS_CONST) { + zval_ptr_dtor_nogc(retval_ptr); + } else { + } } #endif } @@ -13551,7 +13555,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_TMP_UN zend_verify_return_type(EX(func), retval_ptr, CACHE_ADDR(opline->op2.num)); if (UNEXPECTED(EG(exception) != NULL)) { - zval_ptr_dtor_nogc(free_op1); + if (IS_TMP_VAR == IS_CONST) { + zval_ptr_dtor_nogc(retval_ptr); + } else { + zval_ptr_dtor_nogc(free_op1); + } } #endif } @@ -19287,7 +19295,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_VAR_UN zend_verify_return_type(EX(func), retval_ptr, CACHE_ADDR(opline->op2.num)); if (UNEXPECTED(EG(exception) != NULL)) { - zval_ptr_dtor_nogc(free_op1); + if (IS_VAR == IS_CONST) { + zval_ptr_dtor_nogc(retval_ptr); + } else { + zval_ptr_dtor_nogc(free_op1); + } } #endif } @@ -25049,7 +25061,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_UNUSED zend_verify_return_type(EX(func), retval_ptr, CACHE_ADDR(opline->op2.num)); if (UNEXPECTED(EG(exception) != NULL)) { + if (IS_UNUSED == IS_CONST) { + zval_ptr_dtor_nogc(retval_ptr); + } else { + } } #endif } @@ -34546,7 +34562,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_CV_UNU zend_verify_return_type(EX(func), retval_ptr, CACHE_ADDR(opline->op2.num)); if (UNEXPECTED(EG(exception) != NULL)) { + if (IS_CV == IS_CONST) { + zval_ptr_dtor_nogc(retval_ptr); + } else { + } } #endif } -- 2.50.1