From 8e2f658f49c76c9feed894414fb3a8edb27beef0 Mon Sep 17 00:00:00 2001 From: Xinchen Hui <laruence@gmail.com> Date: Thu, 17 Mar 2016 19:06:50 +0800 Subject: [PATCH] Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER) --- NEWS | 4 ++++ ext/opcache/Optimizer/block_pass.c | 5 ++++- ext/opcache/tests/bug71843.phpt | 21 +++++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 ext/opcache/tests/bug71843.phpt diff --git a/NEWS b/NEWS index 5ffad7624a..9a200f9a10 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,10 @@ PHP NEWS - Core: . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) +- Opcache: + . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER). + (Laruence) + - Standard: . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) diff --git a/ext/opcache/Optimizer/block_pass.c b/ext/opcache/Optimizer/block_pass.c index c146d0cc8c..bf3f144cc1 100644 --- a/ext/opcache/Optimizer/block_pass.c +++ b/ext/opcache/Optimizer/block_pass.c @@ -716,8 +716,11 @@ static void zend_optimize_block(zend_code_block *block, zend_op_array *op_array, if (src->opcode == ZEND_BOOL) { if (ZEND_OP1_TYPE(src) == IS_CONST) { literal_dtor(&ZEND_OP1_LITERAL(src)); + } else if (ZEND_OP1_TYPE(src) == IS_TMP_VAR) { + src->opcode = ZEND_FREE; + } else { + MAKE_NOP(src); } - MAKE_NOP(src); MAKE_NOP(opline); } } diff --git a/ext/opcache/tests/bug71843.phpt b/ext/opcache/tests/bug71843.phpt new file mode 100644 index 0000000000..7fcf32c032 --- /dev/null +++ b/ext/opcache/tests/bug71843.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:3479)) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.optimization_level=0xFFFFBFFF +--SKIPIF-- +<?php if (!extension_loaded('Zend OPcache')) die("skip"); ?> +--FILE-- +<? +0 & ~E & ~R; +6 && ~See +?> +okey +--EXPECTF-- +Notice: Use of undefined constant E - assumed 'E' in %sbug71843.php on line %d + +Notice: Use of undefined constant R - assumed 'R' in %sbug71843.php on line %d + +Notice: Use of undefined constant See - assumed 'See' in %sbug71843.php on line %d +okey -- 2.40.0