From 242d924e599d2c92a5d12873ad1564f7d44f7126 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sat, 31 Dec 2016 13:33:21 +0100 Subject: [PATCH] Fix bug #73847 --- NEWS | 1 + ext/opcache/Optimizer/dfa_pass.c | 6 +++++ ext/opcache/tests/bug73847.phpt | 44 ++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 ext/opcache/tests/bug73847.phpt diff --git a/NEWS b/NEWS index 9d1a2c5bc9..d06b6c4ae3 100644 --- a/NEWS +++ b/NEWS @@ -37,6 +37,7 @@ PHP NEWS . Fixed bug #73654 (Segmentation fault in zend_call_function). (Nikita) . Fixed bug #73668 ("SIGFPE Arithmetic exception" in opcache when divide by minus 1). (Nikita) + . Fixed bug #73847 (Recursion when a variable is redefined as array). (Nikita) - PDO_Firebird: . Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning diff --git a/ext/opcache/Optimizer/dfa_pass.c b/ext/opcache/Optimizer/dfa_pass.c index 2780a4cc54..f01e2ecc65 100644 --- a/ext/opcache/Optimizer/dfa_pass.c +++ b/ext/opcache/Optimizer/dfa_pass.c @@ -356,6 +356,12 @@ static zend_bool opline_supports_assign_contraction( return opline->op1_type != IS_CV || opline->op1.var != cv_var; } + if (opline->opcode == ZEND_INIT_ARRAY) { + /* INIT_ARRAY initializes the result array before reading key/value. */ + return (opline->op1_type != IS_CV || opline->op1.var != cv_var) + && (opline->op2_type != IS_CV || opline->op2.var != cv_var); + } + return 1; } diff --git a/ext/opcache/tests/bug73847.phpt b/ext/opcache/tests/bug73847.phpt new file mode 100644 index 0000000000..7010dfbfb7 --- /dev/null +++ b/ext/opcache/tests/bug73847.phpt @@ -0,0 +1,44 @@ +--TEST-- +Bug #73847: Recursion when a variable is redefined as array +--FILE-- + 24); + var_dump($a); + + $a = 42; + $a = array($a, 24); + var_dump($a); + + $a = 42; + $a = array(24, $a); + var_dump($a); +} +test(); +?> +--EXPECT-- +array(1) { + [0]=> + int(42) +} +array(1) { + [42]=> + int(24) +} +array(2) { + [0]=> + int(42) + [1]=> + int(24) +} +array(2) { + [0]=> + int(24) + [1]=> + int(42) +} -- 2.40.0