From ca82574d7cefb05b15e13d0b91eb86b3dffa323f Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sat, 30 Jul 2016 00:36:06 +0200 Subject: [PATCH] Fix invalid free on undef const in update_const() Also clean up the control flow a bit -- move all unqualified constant handling in one branch. --- Zend/zend_execute_API.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index c039bb85d2..3432064eaf 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -597,26 +597,24 @@ ZEND_API int zval_update_constant_ex(zval *p, zend_class_entry *scope) /* {{{ */ RESET_CONSTANT_VISITED(p); return FAILURE; } else { - zend_string *save = Z_STR_P(p); - char *slash; - size_t actual_len = Z_STRLEN_P(p); - if ((Z_CONST_FLAGS_P(p) & IS_CONSTANT_UNQUALIFIED) && (slash = (char *)zend_memrchr(actual, '\\', actual_len))) { - actual = slash + 1; - actual_len -= (actual - Z_STRVAL_P(p)); - if (inline_change) { - zend_string *s = zend_string_init(actual, actual_len, 0); - Z_STR_P(p) = s; - Z_TYPE_FLAGS_P(p) = IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE; - } - } if ((Z_CONST_FLAGS_P(p) & IS_CONSTANT_UNQUALIFIED) == 0) { - zend_throw_error(NULL, "Undefined constant '%s'", ZSTR_VAL(save)); - if (inline_change) { - zend_string_release(save); - } + zend_throw_error(NULL, "Undefined constant '%s'", Z_STRVAL_P(p)); RESET_CONSTANT_VISITED(p); return FAILURE; } else { + zend_string *save = Z_STR_P(p); + size_t actual_len = Z_STRLEN_P(p); + char *slash = (char *) zend_memrchr(actual, '\\', actual_len); + if (slash) { + actual = slash + 1; + actual_len -= (actual - Z_STRVAL_P(p)); + if (inline_change) { + zend_string *s = zend_string_init(actual, actual_len, 0); + Z_STR_P(p) = s; + Z_TYPE_FLAGS_P(p) = IS_TYPE_REFCOUNTED | IS_TYPE_COPYABLE; + } + } + zend_error(E_NOTICE, "Use of undefined constant %s - assumed '%s'", actual, actual); if (!inline_change) { ZVAL_STRINGL(p, actual, actual_len); -- 2.40.0