From 8d4bb9ca742c42fc24aa2b816ebbe8771e5c5004 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 7 Jun 2006 13:41:49 +0000
Subject: [PATCH] Fixed bug #37707 clone without assigning leaks memory

# Based on a patch by Nuno
---
 Zend/tests/bug37707.phpt | 11 +++++++++++
 Zend/zend_vm_def.h       |  8 +++-----
 Zend/zend_vm_execute.h   | 40 +++++++++++++++-------------------------
 3 files changed, 29 insertions(+), 30 deletions(-)
 create mode 100755 Zend/tests/bug37707.phpt

diff --git a/Zend/tests/bug37707.phpt b/Zend/tests/bug37707.phpt
new file mode 100755
index 0000000000..3657fec989
--- /dev/null
+++ b/Zend/tests/bug37707.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #37707 (clone without assigning leaks memory)
+--FILE--
+<?php
+class testme {}
+clone new testme();
+echo "NO LEAK\n";
+?>
+--EXPECT--
+NO LEAK
+
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index fe07011bf0..c9d93dbe2c 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2506,11 +2506,9 @@ ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMP|VAR|UNUSED|CV, ANY)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index bf496aca19..7c8e6cc162 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1831,11 +1831,9 @@ static int ZEND_CLONE_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -4285,11 +4283,9 @@ static int ZEND_CLONE_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -7321,11 +7317,9 @@ static int ZEND_CLONE_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -14166,11 +14160,9 @@ static int ZEND_CLONE_SPEC_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
@@ -19451,11 +19443,9 @@ static int ZEND_CLONE_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 	}
 
 	EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-	ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
-	if (EG(exception)) {
-		FREE_ZVAL(EX_T(opline->result.u.var).var.ptr);
-	} else {
+	if (!EG(exception) && RETURN_VALUE_USED(opline)) {
+		ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
+		Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
 		Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
 		EX_T(opline->result.u.var).var.ptr->refcount=1;
 		EX_T(opline->result.u.var).var.ptr->is_ref=1;
-- 
2.40.0