From 4aeae157062f69deb36e16f13ff0ddff62fd487c Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Mon, 10 Mar 2014 11:29:28 +0800 Subject: [PATCH] An demo(for review) to show how to fix the problem we meet --- Zend/zend_execute.c | 79 +++-- Zend/zend_execute_API.c | 7 +- Zend/zend_vm_def.h | 57 ++-- Zend/zend_vm_execute.h | 684 ++++++++++++++++++++++++---------------- 4 files changed, 504 insertions(+), 323 deletions(-) diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 7977c873b3..b9f710cce3 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -214,8 +214,9 @@ static zend_never_inline zval *_get_zval_cv_lookup(zval *ptr, zend_uint var, int if (EG(active_symbol_table)) { ret = zend_hash_find(EG(active_symbol_table), cv); if (ret) { - ZVAL_INDIRECT(ptr, ret); - return ret; + ZEND_ASSERT(Z_TYPE_P(ret) == IS_INDIRECT); + ZVAL_INDIRECT(ptr, Z_INDIRECT_P(ret)); + return Z_INDIRECT_P(ptr); } } @@ -231,12 +232,14 @@ static zend_never_inline zval *_get_zval_cv_lookup(zval *ptr, zend_uint var, int /* break missing intentionally */ case BP_VAR_W: if (EG(active_symbol_table)) { - ret = zend_hash_update(EG(active_symbol_table), cv, ret); - ZVAL_INDIRECT(ptr, ret); + zval zv; + ZVAL_COPY_VALUE(ptr, &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, ptr); + zend_hash_update(EG(active_symbol_table), cv, &zv); } else { ZVAL_NULL(ptr); - ret = ptr; } + ret = ptr; break; } return ret; @@ -250,8 +253,9 @@ static zend_never_inline zval *_get_zval_cv_lookup_BP_VAR_R(zval *ptr, zend_uint if (EG(active_symbol_table)) { ret = zend_hash_find(EG(active_symbol_table), cv); if (ret) { - ZVAL_INDIRECT(ptr, ret); - return ret; + ZEND_ASSERT(Z_TYPE_P(ret) == IS_INDIRECT); + ZVAL_INDIRECT(ptr, Z_INDIRECT_P(ret)); + return Z_INDIRECT_P(ptr); } } @@ -267,8 +271,9 @@ static zend_never_inline zval *_get_zval_cv_lookup_BP_VAR_UNSET(zval *ptr, zend_ if (EG(active_symbol_table)) { ret = zend_hash_find(EG(active_symbol_table), cv); if (ret) { - ZVAL_INDIRECT(ptr, ret); - return ret; + ZEND_ASSERT(Z_TYPE_P(ret) == IS_INDIRECT); + ZVAL_INDIRECT(ptr, Z_INDIRECT_P(ret)); + return Z_INDIRECT_P(ptr); } } @@ -284,8 +289,9 @@ static zend_never_inline zval *_get_zval_cv_lookup_BP_VAR_IS(zval *ptr, zend_uin if (EG(active_symbol_table)) { ret = zend_hash_find(EG(active_symbol_table), cv); if (ret) { - ZVAL_INDIRECT(ptr, ret); - return ret; + ZEND_ASSERT(Z_TYPE_P(ret) == IS_INDIRECT); + ZVAL_INDIRECT(ptr, Z_INDIRECT_P(ret)); + return Z_INDIRECT_P(ptr); } } @@ -300,13 +306,17 @@ static zend_never_inline zval *_get_zval_cv_lookup_BP_VAR_RW(zval *ptr, zend_uin if (EG(active_symbol_table)) { ret = zend_hash_find(EG(active_symbol_table), cv); if (ret) { - ZVAL_INDIRECT(ptr, ret); - return ret; + ZEND_ASSERT(Z_TYPE_P(ret) == IS_INDIRECT); + ZVAL_INDIRECT(ptr, Z_INDIRECT_P(ret)); + return Z_INDIRECT_P(ptr); + } else { + zval zv; + ZVAL_COPY_VALUE(ptr, &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, ptr); + zend_hash_update(EG(active_symbol_table), cv, &zv); + zend_error(E_NOTICE, "Undefined variable: %s", cv->val); + return ptr; } - ret = zend_hash_update(EG(active_symbol_table), cv, &EG(uninitialized_zval)); - ZVAL_INDIRECT(ptr, ret); - zend_error(E_NOTICE, "Undefined variable: %s", cv->val); - return ret; } else { ZVAL_NULL(ptr); zend_error(E_NOTICE, "Undefined variable: %s", cv->val); @@ -322,12 +332,16 @@ static zend_never_inline zval *_get_zval_cv_lookup_BP_VAR_W(zval *ptr, zend_uint if (EG(active_symbol_table)) { ret = zend_hash_find(EG(active_symbol_table), cv); if (ret) { - ZVAL_INDIRECT(ptr, ret); - return ret; + ZEND_ASSERT(Z_TYPE_P(ret) == IS_INDIRECT); + ZVAL_INDIRECT(ptr, Z_INDIRECT_P(ret)); + return Z_INDIRECT_P(ptr); + } else { + zval zv; + ZVAL_COPY_VALUE(ptr, &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, ptr); + zend_hash_update(EG(active_symbol_table), cv, &zv); + return ptr; } - ret = zend_hash_update(EG(active_symbol_table), cv, &EG(uninitialized_zval)); - ZVAL_INDIRECT(ptr, ret); - return ret; } else { ZVAL_NULL(ptr); return ptr; @@ -1525,20 +1539,20 @@ static inline zend_brk_cont_element* zend_brk_cont(int nest_levels, int array_of zend_hash_apply(EG(active_symbol_table), (apply_func_t) zend_check_symbol TSRMLS_CC); \ } -static int zend_check_symbol(zval **pz TSRMLS_DC) +static int zend_check_symbol(zval *zv TSRMLS_DC) { - if (Z_TYPE_PP(pz) > 9) { - fprintf(stderr, "Warning! %x has invalid type!\n", *pz); + if (Z_TYPE_P(zv) > 17) { + fprintf(stderr, "Warning! %x has invalid type!\n", *zv); /* See http://support.microsoft.com/kb/190351 */ #ifdef PHP_WIN32 fflush(stderr); #endif - } else if (Z_TYPE_PP(pz) == IS_ARRAY) { - zend_hash_apply(Z_ARRVAL_PP(pz), (apply_func_t) zend_check_symbol TSRMLS_CC); - } else if (Z_TYPE_PP(pz) == IS_OBJECT) { + } else if (Z_TYPE_P(zv) == IS_ARRAY) { + zend_hash_apply(Z_ARRVAL_P(zv), (apply_func_t) zend_check_symbol TSRMLS_CC); + } else if (Z_TYPE_P(zv) == IS_OBJECT) { /* OBJ-TBI - doesn't support new object model! */ - zend_hash_apply(Z_OBJPROP_PP(pz), (apply_func_t) zend_check_symbol TSRMLS_CC); + zend_hash_apply(Z_OBJPROP_P(zv), (apply_func_t) zend_check_symbol TSRMLS_CC); } return 0; @@ -1728,11 +1742,10 @@ static zend_always_inline zend_execute_data *i_create_execute_data_from_op_array if (!EG(active_symbol_table)) { ZVAL_COPY(EX_VAR_NUM(op_array->this_var), &EG(This)); } else { + zval zv; ZVAL_COPY(EX_VAR_NUM(op_array->this_var), &EG(This)); - zval *zv = zend_hash_str_add(EG(active_symbol_table), "this", sizeof("this")-1, EX_VAR(op_array->this_var)); - if (zv) { - ZVAL_INDIRECT(EX_VAR_NUM(op_array->this_var), zv); - } + ZVAL_INDIRECT(&zv, EX_VAR_NUM(op_array->this_var)); + zend_hash_str_add(EG(active_symbol_table), "this", sizeof("this")-1, &zv); } } diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 8faba97fc7..9721fbda7b 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -1728,10 +1728,9 @@ ZEND_API void zend_rebuild_symbol_table(TSRMLS_D) /* {{{ */ } for (i = 0; i < ex->op_array->last_var; i++) { if (Z_TYPE_P(EX_VAR_NUM_2(ex, i)) != IS_UNDEF) { - zval *zv = zend_hash_update(EG(active_symbol_table), - ex->op_array->vars[i], - EX_VAR_NUM_2(ex, i)); - ZVAL_INDIRECT(EX_VAR_NUM_2(ex, i), zv); + zval zv; + ZVAL_INDIRECT(&zv, EX_VAR_NUM_2(ex, i)); + zend_hash_update(EG(active_symbol_table), ex->op_array->vars[i], &zv); } } } diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 6049f658f0..9d4a1f92b6 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1069,30 +1069,16 @@ ZEND_VM_HELPER_EX(zend_fetch_var_address_helper, CONST|TMP|VAR|CV, UNUSED|CONST| case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (OP1_TYPE != IS_TMP_VAR) { - FREE_OP1(); - } - break; - case ZEND_FETCH_LOCAL: - FREE_OP1(); - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (OP1_TYPE == IS_VAR && !OP1_FREE) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -1100,11 +1086,35 @@ ZEND_VM_HELPER_EX(zend_fetch_var_address_helper, CONST|TMP|VAR|CV, UNUSED|CONST| zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (OP1_TYPE != IS_TMP_VAR) { + FREE_OP1(); + } + break; + case ZEND_FETCH_LOCAL: + FREE_OP1(); + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (OP1_TYPE == IS_VAR && !OP1_FREE) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -4620,6 +4630,9 @@ ZEND_VM_HANDLER(114, ZEND_ISSET_ISEMPTY_VAR, CONST|TMP|VAR|CV, UNUSED|CONST|VAR) if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (OP1_TYPE != IS_CONST && varname == &tmp) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 32042fc548..494c917aa0 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -3622,30 +3622,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_CONST(int type case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_CONST != IS_TMP_VAR) { - - } - break; - case ZEND_FETCH_LOCAL: - - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_CONST == IS_VAR && !0) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -3653,11 +3639,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_CONST(int type zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_CONST != IS_TMP_VAR) { + + } + break; + case ZEND_FETCH_LOCAL: + + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_CONST == IS_VAR && !0) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -4213,6 +4223,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_CONST_CONST_HANDLER(ZEND_O if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_CONST != IS_CONST && varname == &tmp) { @@ -5404,30 +5417,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_VAR(int type, case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_CONST != IS_TMP_VAR) { - - } - break; - case ZEND_FETCH_LOCAL: - - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_CONST == IS_VAR && !0) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -5435,11 +5434,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_VAR(int type, zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_CONST != IS_TMP_VAR) { + + } + break; + case ZEND_FETCH_LOCAL: + + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_CONST == IS_VAR && !0) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -5881,6 +5904,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_CONST_VAR_HANDLER(ZEND_OPC if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_CONST != IS_CONST && varname == &tmp) { @@ -6113,30 +6139,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_UNUSED(int typ case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_CONST != IS_TMP_VAR) { - - } - break; - case ZEND_FETCH_LOCAL: - - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_CONST == IS_VAR && !0) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -6144,11 +6156,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_UNUSED(int typ zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_CONST != IS_TMP_VAR) { + + } + break; + case ZEND_FETCH_LOCAL: + + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_CONST == IS_VAR && !0) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -6558,6 +6594,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_CONST_UNUSED_HANDLER(ZEND_ if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_CONST != IS_CONST && varname == &tmp) { @@ -8771,30 +8810,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_CONST(int type, case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_TMP_VAR != IS_TMP_VAR) { - zval_dtor(free_op1.var); - } - break; - case ZEND_FETCH_LOCAL: - zval_dtor(free_op1.var); - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_TMP_VAR == IS_VAR && !1) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -8802,11 +8827,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_CONST(int type, zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_TMP_VAR != IS_TMP_VAR) { + zval_dtor(free_op1.var); + } + break; + case ZEND_FETCH_LOCAL: + zval_dtor(free_op1.var); + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_TMP_VAR == IS_VAR && !1) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -9270,6 +9319,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_TMP_CONST_HANDLER(ZEND_OPC if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_TMP_VAR != IS_CONST && varname == &tmp) { @@ -10438,30 +10490,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_VAR(int type, ZE case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_TMP_VAR != IS_TMP_VAR) { - zval_dtor(free_op1.var); - } - break; - case ZEND_FETCH_LOCAL: - zval_dtor(free_op1.var); - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_TMP_VAR == IS_VAR && !1) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -10469,11 +10507,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_VAR(int type, ZE zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_TMP_VAR != IS_TMP_VAR) { + zval_dtor(free_op1.var); + } + break; + case ZEND_FETCH_LOCAL: + zval_dtor(free_op1.var); + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_TMP_VAR == IS_VAR && !1) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -10925,6 +10987,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_TMP_VAR_HANDLER(ZEND_OPCOD if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_TMP_VAR != IS_CONST && varname == &tmp) { @@ -11157,30 +11222,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_UNUSED(int type, case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_TMP_VAR != IS_TMP_VAR) { - zval_dtor(free_op1.var); - } - break; - case ZEND_FETCH_LOCAL: - zval_dtor(free_op1.var); - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_TMP_VAR == IS_VAR && !1) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -11188,11 +11239,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_UNUSED(int type, zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_TMP_VAR != IS_TMP_VAR) { + zval_dtor(free_op1.var); + } + break; + case ZEND_FETCH_LOCAL: + zval_dtor(free_op1.var); + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_TMP_VAR == IS_VAR && !1) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -11491,6 +11566,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_TMP_UNUSED_HANDLER(ZEND_OP if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_TMP_VAR != IS_CONST && varname == &tmp) { @@ -14494,30 +14572,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_CONST(int type, case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_VAR != IS_TMP_VAR) { - zval_ptr_dtor_nogc(free_op1.var); - } - break; - case ZEND_FETCH_LOCAL: - zval_ptr_dtor_nogc(free_op1.var); - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_VAR == IS_VAR && !(free_op1.var != NULL)) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -14525,11 +14589,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_CONST(int type, zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_VAR != IS_TMP_VAR) { + zval_ptr_dtor_nogc(free_op1.var); + } + break; + case ZEND_FETCH_LOCAL: + zval_ptr_dtor_nogc(free_op1.var); + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_VAR == IS_VAR && !(free_op1.var != NULL)) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -15862,6 +15950,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_VAR_CONST_HANDLER(ZEND_OPC if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_VAR != IS_CONST && varname == &tmp) { @@ -19029,30 +19120,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_VAR(int type, ZE case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_VAR != IS_TMP_VAR) { - zval_ptr_dtor_nogc(free_op1.var); - } - break; - case ZEND_FETCH_LOCAL: - zval_ptr_dtor_nogc(free_op1.var); - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_VAR == IS_VAR && !(free_op1.var != NULL)) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -19060,11 +19137,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_VAR(int type, ZE zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_VAR != IS_TMP_VAR) { + zval_ptr_dtor_nogc(free_op1.var); + } + break; + case ZEND_FETCH_LOCAL: + zval_ptr_dtor_nogc(free_op1.var); + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_VAR == IS_VAR && !(free_op1.var != NULL)) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -20361,6 +20462,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_VAR_VAR_HANDLER(ZEND_OPCOD if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_VAR != IS_CONST && varname == &tmp) { @@ -21000,30 +21104,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_UNUSED(int type, case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_VAR != IS_TMP_VAR) { - zval_ptr_dtor_nogc(free_op1.var); - } - break; - case ZEND_FETCH_LOCAL: - zval_ptr_dtor_nogc(free_op1.var); - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_VAR == IS_VAR && !(free_op1.var != NULL)) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -21031,11 +21121,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_UNUSED(int type, zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_VAR != IS_TMP_VAR) { + zval_ptr_dtor_nogc(free_op1.var); + } + break; + case ZEND_FETCH_LOCAL: + zval_ptr_dtor_nogc(free_op1.var); + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_VAR == IS_VAR && !(free_op1.var != NULL)) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -21623,6 +21737,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_VAR_UNUSED_HANDLER(ZEND_OP if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_VAR != IS_CONST && varname == &tmp) { @@ -31728,30 +31845,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_CONST(int type, Z case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_CV != IS_TMP_VAR) { - - } - break; - case ZEND_FETCH_LOCAL: - - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_CV == IS_VAR && !0) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -31759,11 +31862,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_CONST(int type, Z zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_CV != IS_TMP_VAR) { + + } + break; + case ZEND_FETCH_LOCAL: + + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_CV == IS_VAR && !0) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -32883,6 +33010,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_CV_CONST_HANDLER(ZEND_OPCO if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_CV != IS_CONST && varname == &tmp) { @@ -35920,30 +36050,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_VAR(int type, ZEN case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_CV != IS_TMP_VAR) { - - } - break; - case ZEND_FETCH_LOCAL: - - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_CV == IS_VAR && !0) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -35951,11 +36067,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_VAR(int type, ZEN zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_CV != IS_TMP_VAR) { + + } + break; + case ZEND_FETCH_LOCAL: + + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_CV == IS_VAR && !0) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -37131,6 +37271,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_CV_VAR_HANDLER(ZEND_OPCODE if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_CV != IS_CONST && varname == &tmp) { @@ -37765,30 +37908,16 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_UNUSED(int type, case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ - case BP_VAR_W: - retval = zend_hash_update(target_symbol_table, Z_STR_P(varname), &EG(uninitialized_zval)); + case BP_VAR_W: { + zval zv; + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &EG(uninitialized_zval)); + ZVAL_INDIRECT(&zv, EX_VAR(opline->result.var)); + zend_hash_update(target_symbol_table, Z_STR_P(varname), &zv); + } break; EMPTY_SWITCH_DEFAULT_CASE() } } - switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { - case ZEND_FETCH_GLOBAL: - if (IS_CV != IS_TMP_VAR) { - - } - break; - case ZEND_FETCH_LOCAL: - - break; - case ZEND_FETCH_STATIC: - zval_update_constant(retval, (void*) 1 TSRMLS_CC); - break; - case ZEND_FETCH_GLOBAL_LOCK: - if (IS_CV == IS_VAR && !0) { - Z_ADDREF_P(EX_VAR(opline->op1.var)); - } - break; - } } @@ -37796,11 +37925,35 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_UNUSED(int type, zval_dtor(&tmp_varname); } - if (opline->extended_value & ZEND_FETCH_MAKE_REF) { - SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + if (retval && UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) { + retval = Z_INDIRECT_P(retval); + } + + switch (opline->extended_value & ZEND_FETCH_TYPE_MASK) { + case ZEND_FETCH_GLOBAL: + if (IS_CV != IS_TMP_VAR) { + + } + break; + case ZEND_FETCH_LOCAL: + + break; + case ZEND_FETCH_STATIC: + if (retval) { + zval_update_constant(retval, (void*) 1 TSRMLS_CC); + } + break; + case ZEND_FETCH_GLOBAL_LOCK: + if (IS_CV == IS_VAR && !0) { + Z_ADDREF_P(EX_VAR(opline->op1.var)); + } + break; } if (EXPECTED(retval != NULL)) { + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { + SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); + } if (Z_REFCOUNTED_P(retval)) Z_ADDREF_P(retval); switch (type) { case BP_VAR_R: @@ -38275,6 +38428,9 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_CV_UNUSED_HANDLER(ZEND_OPC if ((value = zend_hash_find(target_symbol_table, Z_STR_P(varname))) == NULL) { isset = 0; } + if (UNEXPECTED(Z_TYPE_P(value) == IS_INDIRECT)) { + value = Z_INDIRECT_P(value); + } } if (IS_CV != IS_CONST && varname == &tmp) { -- 2.40.0