From 82120342542d05c1034e9961274738e214e13541 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 27 Oct 2005 19:25:52 +0000 Subject: [PATCH] Fixed SIGSEGV --- Zend/tests/unset_cv12.phpt | 11 ++++++ Zend/zend_execute_API.c | 4 +- Zend/zend_vm_def.h | 16 ++++---- Zend/zend_vm_execute.h | 80 +++++++++++++++++++++----------------- 4 files changed, 66 insertions(+), 45 deletions(-) create mode 100755 Zend/tests/unset_cv12.phpt diff --git a/Zend/tests/unset_cv12.phpt b/Zend/tests/unset_cv12.phpt new file mode 100755 index 0000000000..a22b13dea7 --- /dev/null +++ b/Zend/tests/unset_cv12.phpt @@ -0,0 +1,11 @@ +--TEST-- +unset() CV 12 (unset() in indirect called function) +--FILE-- + +--EXPECT-- +ok diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index c745e65798..dc75f94714 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -1436,7 +1436,7 @@ ZEND_API void zend_reset_all_cv(HashTable *symbol_table TSRMLS_DC) int i; for (ex = EG(current_execute_data); ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == symbol_table) { + if (ex->op_array && ex->symbol_table == symbol_table) { for (i = 0; i < ex->op_array->last_var; i++) { ex->CVs[i] = NULL; } @@ -1451,7 +1451,7 @@ ZEND_API int zend_delete_global_variable(char *name, int name_len TSRMLS_DC) if (zend_hash_quick_exists(&EG(symbol_table), name, name_len+1, hash_value)) { for (ex = EG(current_execute_data); ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == &EG(symbol_table)) { + if (ex->op_array && ex->symbol_table == &EG(symbol_table)) { int i; for (i = 0; i < ex->op_array->last_var; i++) { if (ex->op_array->vars[i].hash_value == hash_value && diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 5ac7c59464..3d444dc7af 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -2813,12 +2813,14 @@ ZEND_VM_HANDLER(74, ZEND_UNSET_VAR, CONST|TMP|VAR|CV, ANY) do { int i; - for (i = 0; i < ex->op_array->last_var; i++) { - if (ex->op_array->vars[i].hash_value == hash_value && - ex->op_array->vars[i].name_len == varname->value.str.len && - !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { - ex->CVs[i] = NULL; - break; + if (ex->op_array) { + for (i = 0; i < ex->op_array->last_var; i++) { + if (ex->op_array->vars[i].hash_value == hash_value && + ex->op_array->vars[i].name_len == varname->value.str.len && + !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { + ex->CVs[i] = NULL; + break; + } } } ex = ex->prev_execute_data; @@ -2869,7 +2871,7 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = EXECUTE_DATA; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 06ed990348..ea4c13e293 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -1987,12 +1987,14 @@ static int ZEND_UNSET_VAR_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) do { int i; - for (i = 0; i < ex->op_array->last_var; i++) { - if (ex->op_array->vars[i].hash_value == hash_value && - ex->op_array->vars[i].name_len == varname->value.str.len && - !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { - ex->CVs[i] = NULL; - break; + if (ex->op_array) { + for (i = 0; i < ex->op_array->last_var; i++) { + if (ex->op_array->vars[i].hash_value == hash_value && + ex->op_array->vars[i].name_len == varname->value.str.len && + !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { + ex->CVs[i] = NULL; + break; + } } } ex = ex->prev_execute_data; @@ -4404,12 +4406,14 @@ static int ZEND_UNSET_VAR_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) do { int i; - for (i = 0; i < ex->op_array->last_var; i++) { - if (ex->op_array->vars[i].hash_value == hash_value && - ex->op_array->vars[i].name_len == varname->value.str.len && - !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { - ex->CVs[i] = NULL; - break; + if (ex->op_array) { + for (i = 0; i < ex->op_array->last_var; i++) { + if (ex->op_array->vars[i].hash_value == hash_value && + ex->op_array->vars[i].name_len == varname->value.str.len && + !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { + ex->CVs[i] = NULL; + break; + } } } ex = ex->prev_execute_data; @@ -7402,12 +7406,14 @@ static int ZEND_UNSET_VAR_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) do { int i; - for (i = 0; i < ex->op_array->last_var; i++) { - if (ex->op_array->vars[i].hash_value == hash_value && - ex->op_array->vars[i].name_len == varname->value.str.len && - !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { - ex->CVs[i] = NULL; - break; + if (ex->op_array) { + for (i = 0; i < ex->op_array->last_var; i++) { + if (ex->op_array->vars[i].hash_value == hash_value && + ex->op_array->vars[i].name_len == varname->value.str.len && + !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { + ex->CVs[i] = NULL; + break; + } } } ex = ex->prev_execute_data; @@ -8991,7 +8997,7 @@ static int ZEND_UNSET_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -10418,7 +10424,7 @@ static int ZEND_UNSET_DIM_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -11883,7 +11889,7 @@ static int ZEND_UNSET_DIM_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -13750,7 +13756,7 @@ static int ZEND_UNSET_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -14904,7 +14910,7 @@ static int ZEND_UNSET_DIM_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -15942,7 +15948,7 @@ static int ZEND_UNSET_DIM_SPEC_UNUSED_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -16980,7 +16986,7 @@ static int ZEND_UNSET_DIM_SPEC_UNUSED_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -18381,7 +18387,7 @@ static int ZEND_UNSET_DIM_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -19502,12 +19508,14 @@ static int ZEND_UNSET_VAR_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) do { int i; - for (i = 0; i < ex->op_array->last_var; i++) { - if (ex->op_array->vars[i].hash_value == hash_value && - ex->op_array->vars[i].name_len == varname->value.str.len && - !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { - ex->CVs[i] = NULL; - break; + if (ex->op_array) { + for (i = 0; i < ex->op_array->last_var; i++) { + if (ex->op_array->vars[i].hash_value == hash_value && + ex->op_array->vars[i].name_len == varname->value.str.len && + !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) { + ex->CVs[i] = NULL; + break; + } } } ex = ex->prev_execute_data; @@ -20943,7 +20951,7 @@ static int ZEND_UNSET_DIM_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -22362,7 +22370,7 @@ static int ZEND_UNSET_DIM_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -23818,7 +23826,7 @@ static int ZEND_UNSET_DIM_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { @@ -25675,7 +25683,7 @@ static int ZEND_UNSET_DIM_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1); for (ex = execute_data; ex; ex = ex->prev_execute_data) { - if (ex->symbol_table == ht) { + if (ex->op_array && ex->symbol_table == ht) { int i; for (i = 0; i < ex->op_array->last_var; i++) { -- 2.40.0