From 37a2f3fe2586a37658eb6e92cccb7cef32f67056 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 13 Jul 2016 23:39:16 +0200 Subject: [PATCH] Fix leak if get_constructor returns NULL --- Zend/zend_vm_def.h | 5 +++++ Zend/zend_vm_execute.h | 15 +++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 868e035105..0be1b5726c 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -4922,6 +4922,11 @@ ZEND_VM_HANDLER(68, ZEND_NEW, UNUSED|CLASS_FETCH|CONST|VAR, ANY, NUM) constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index a9e59ebd7d..5943e4b5c7 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -3176,6 +3176,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_CONST_HANDLER(ZEND_OP constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) { @@ -15955,6 +15960,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_VAR_HANDLER(ZEND_OPCO constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) { @@ -27567,6 +27577,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_NEW_SPEC_UNUSED_HANDLER(ZEND_O constructor = Z_OBJ_HT_P(result)->get_constructor(Z_OBJ_P(result)); if (constructor == NULL) { + if (UNEXPECTED(EG(exception))) { + zval_ptr_dtor(result); + HANDLE_EXCEPTION(); + } + /* If there are no arguments, skip over the DO_FCALL opcode. We check if the next * opcode is DO_FCALL in case EXT instructions are used. */ if (EXPECTED(opline->extended_value == 0 && (opline+1)->opcode == ZEND_DO_FCALL)) { -- 2.40.0