From 7078627d22c1d32a17b193eb6bfe83242d877371 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Mon, 14 Dec 2015 17:30:45 +0100 Subject: [PATCH] Fix leaks due to UNUSED CE fetch --- .../self_method_or_prop_outside_class.phpt | 36 ++++++ Zend/zend_vm_def.h | 13 ++ Zend/zend_vm_execute.h | 120 ++++++++++++++++++ 3 files changed, 169 insertions(+) create mode 100644 Zend/tests/self_method_or_prop_outside_class.phpt diff --git a/Zend/tests/self_method_or_prop_outside_class.phpt b/Zend/tests/self_method_or_prop_outside_class.phpt new file mode 100644 index 0000000000..e4a499def8 --- /dev/null +++ b/Zend/tests/self_method_or_prop_outside_class.phpt @@ -0,0 +1,36 @@ +--TEST-- +Accessing self:: properties or methods outside a class +--FILE-- +getMessage(), "\n"; + } + try { + unset(self::${$str . "bar"}); + } catch (Error $e) { + echo $e->getMessage(), "\n"; + } + try { + isset(self::${$str . "bar"}); + } catch (Error $e) { + echo $e->getMessage(), "\n"; + } + try { + self::{$str . "bar"}(); + } catch (Error $e) { + echo $e->getMessage(), "\n"; + } +}; +$fn(); + +?> +--EXPECT-- +Cannot access self:: when no class scope is active +Cannot access self:: when no class scope is active +Cannot access self:: when no class scope is active +Cannot access self:: when no class scope is active diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 9d1b1c5204..ce8554107f 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1652,6 +1652,10 @@ ZEND_VM_HELPER(zend_fetch_static_prop_helper, CONST|TMPVAR|CV, UNUSED|CONST|VAR, ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (OP1_TYPE != IS_CONST) { + zend_string_release(name); + } + FREE_OP1(); HANDLE_EXCEPTION(); } } else { @@ -3120,6 +3124,7 @@ ZEND_VM_HANDLER(113, ZEND_INIT_STATIC_METHOD_CALL, UNUSED|CLASS_FETCH|CONST|VAR, ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + FREE_UNFETCHED_OP2(); HANDLE_EXCEPTION(); } } else { @@ -5696,6 +5701,10 @@ ZEND_VM_HANDLER(179, ZEND_UNSET_STATIC_PROP, CONST|TMPVAR|CV, UNUSED|CLASS_FETCH ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (OP1_TYPE != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + FREE_OP1(); HANDLE_EXCEPTION(); } } else { @@ -6589,6 +6598,10 @@ ZEND_VM_HANDLER(180, ZEND_ISSET_ISEMPTY_STATIC_PROP, CONST|TMPVAR|CV, UNUSED|CLA ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (OP1_TYPE != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + FREE_OP1(); HANDLE_EXCEPTION(); } } else { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index c28bc9caba..8c15ff93fe 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -4982,6 +4982,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST) { + zend_string_release(name); + } + HANDLE_EXCEPTION(); } } else { @@ -5580,6 +5584,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_C ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -6067,6 +6072,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_CONST_C ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -6120,6 +6129,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -6785,6 +6798,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST) { + zend_string_release(name); + } + HANDLE_EXCEPTION(); } } else { @@ -6908,6 +6925,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_CONST_V ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -6961,6 +6982,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -7324,6 +7349,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST) { + zend_string_release(name); + } + HANDLE_EXCEPTION(); } } else { @@ -7478,6 +7507,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_C ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -7869,6 +7899,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_CONST_U ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -7979,6 +8013,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CONST != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -9290,6 +9328,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_C ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -11104,6 +11143,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_C ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + zval_ptr_dtor_nogc(EX_VAR(opline->op2.var)); HANDLE_EXCEPTION(); } } else { @@ -17435,6 +17475,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_V ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -19044,6 +19085,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_V ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -20669,6 +20711,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_V ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -22245,6 +22288,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_V ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + zval_ptr_dtor_nogc(EX_VAR(opline->op2.var)); HANDLE_EXCEPTION(); } } else { @@ -23811,6 +23855,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_U ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -25165,6 +25210,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_U ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -26523,6 +26569,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_U ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + HANDLE_EXCEPTION(); } } else { @@ -28156,6 +28203,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_U ce = zend_fetch_class(NULL, opline->op1.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + zval_ptr_dtor_nogc(EX_VAR(opline->op2.var)); HANDLE_EXCEPTION(); } } else { @@ -31572,6 +31620,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST) { + zend_string_release(name); + } + HANDLE_EXCEPTION(); } } else { @@ -32700,6 +32752,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_CV_CONS ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -32894,6 +32950,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -33692,6 +33752,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST) { + zend_string_release(name); + } + HANDLE_EXCEPTION(); } } else { @@ -33902,6 +33966,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_CV_VAR_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -33955,6 +34023,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -34678,6 +34750,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST) { + zend_string_release(name); + } + HANDLE_EXCEPTION(); } } else { @@ -35233,6 +35309,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_CV_UNUS ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -35343,6 +35423,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if (IS_CV != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + HANDLE_EXCEPTION(); } } else { @@ -41931,6 +42015,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST) { + zend_string_release(name); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -42453,6 +42541,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_TMPVAR_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -42506,6 +42598,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -42832,6 +42928,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST) { + zend_string_release(name); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -42957,6 +43057,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_TMPVAR_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -43010,6 +43114,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -43283,6 +43391,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_fetch_static_prop_helper_SPEC_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST) { + zend_string_release(name); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -43463,6 +43575,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_UNSET_STATIC_PROP_SPEC_TMPVAR_ ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { @@ -43574,6 +43690,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ISSET_ISEMPTY_STATIC_PROP_SPEC ce = zend_fetch_class(NULL, opline->op2.num); if (UNEXPECTED(ce == NULL)) { ZEND_ASSERT(EG(exception)); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && Z_TYPE(tmp) != IS_UNDEF) { + zend_string_release(Z_STR(tmp)); + } + zval_ptr_dtor_nogc(free_op1); HANDLE_EXCEPTION(); } } else { -- 2.40.0