From cae2f1381f0cb110605f39e37b8721fc4794127b Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Thu, 3 Nov 2011 03:59:41 +0000 Subject: [PATCH] Fix bug #60169 Conjunction of ternary and list crashes PHP --- NEWS | 2 ++ Zend/tests/bug60169.phpt | 2 -- Zend/zend_vm_def.h | 8 ++++---- Zend/zend_vm_execute.h | 32 ++++++++++++++++---------------- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/NEWS b/NEWS index e3444cca7d..5a8189c488 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,8 @@ PHP NEWS the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli) . Fixed bug #60174 (Notice when array in method prototype error). (Laruence) + . Fixed bug #60169 (Conjunction of ternary and list crashes PHP). + (Laruence) - Oracle Database extension (OCI8): . Increased maxium Oracle error message buffer length for new 11.2.0.3 size diff --git a/Zend/tests/bug60169.phpt b/Zend/tests/bug60169.phpt index 63b8b395a3..f97574191c 100755 --- a/Zend/tests/bug60169.phpt +++ b/Zend/tests/bug60169.phpt @@ -1,7 +1,5 @@ --TEST-- Bug #60169 (Conjunction of ternary and list crashes PHP) ---XFAIL-- -See Bug #60169, doesn't fixed yet --FILE-- result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!IS_OP1_TMP_FREE()) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -4741,12 +4741,12 @@ ZEND_VM_HANDLER(157, ZEND_QM_ASSIGN_VAR, CONST|TMP|VAR|CV, ANY) if (OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!IS_OP1_TMP_FREE()) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index d90053a55e..ae39a63d67 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -2863,12 +2863,12 @@ static int ZEND_FASTCALL ZEND_JMP_SET_VAR_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLE if (IS_CONST == IS_VAR || IS_CONST == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!0) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -2914,12 +2914,12 @@ static int ZEND_FASTCALL ZEND_QM_ASSIGN_VAR_SPEC_CONST_HANDLER(ZEND_OPCODE_HAND if (IS_CONST == IS_VAR || IS_CONST == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!0) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -7223,12 +7223,12 @@ static int ZEND_FASTCALL ZEND_JMP_SET_VAR_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!1) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -7275,12 +7275,12 @@ static int ZEND_FASTCALL ZEND_QM_ASSIGN_VAR_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLE if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!1) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -11694,12 +11694,12 @@ static int ZEND_FASTCALL ZEND_JMP_SET_VAR_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ if (IS_VAR == IS_VAR || IS_VAR == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!0) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -11746,12 +11746,12 @@ static int ZEND_FASTCALL ZEND_QM_ASSIGN_VAR_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLE if (IS_VAR == IS_VAR || IS_VAR == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!0) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -27346,12 +27346,12 @@ static int ZEND_FASTCALL ZEND_JMP_SET_VAR_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_A if (IS_CV == IS_VAR || IS_CV == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!0) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } @@ -27397,12 +27397,12 @@ static int ZEND_FASTCALL ZEND_QM_ASSIGN_VAR_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER if (IS_CV == IS_VAR || IS_CV == IS_CV) { Z_ADDREF_P(value); EX_T(opline->result.var).var.ptr = value; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; } else { ALLOC_ZVAL(ret); INIT_PZVAL_COPY(ret, value); EX_T(opline->result.var).var.ptr = ret; - EX_T(opline->result.var).var.ptr_ptr = NULL; + EX_T(opline->result.var).var.ptr_ptr = &EX_T(opline->result.var).var.ptr; if (!0) { zval_copy_ctor(EX_T(opline->result.var).var.ptr); } -- 2.50.1