From f491dabe403646a751dde52679bc817967477914 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Tue, 11 Aug 2020 15:11:36 +0200 Subject: [PATCH] Fix nullsafe operator on reference Dereference the value before checking the type. As the happy path necessarily has to check for references, I'm not bothering to delay the comparison. --- Zend/tests/nullsafe_operator/031.phpt | 18 ++++++++++++++++++ Zend/zend_vm_def.h | 3 +++ Zend/zend_vm_execute.h | 6 ++++++ 3 files changed, 27 insertions(+) create mode 100644 Zend/tests/nullsafe_operator/031.phpt diff --git a/Zend/tests/nullsafe_operator/031.phpt b/Zend/tests/nullsafe_operator/031.phpt new file mode 100644 index 0000000000..5d287ce05d --- /dev/null +++ b/Zend/tests/nullsafe_operator/031.phpt @@ -0,0 +1,18 @@ +--TEST-- +Nullsafe operator on referenced value +--FILE-- +foo); + +$val = new stdClass; +var_dump($ref?->foo); + +?> +--EXPECTF-- +NULL + +Warning: Undefined property: stdClass::$foo in %s on line %d +NULL diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index c5583feb66..f06713d5ac 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -7325,6 +7325,9 @@ ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMPVARCV, JMP_ADDR) zval *val; val = GET_OP1_ZVAL_PTR_UNDEF(BP_VAR_R); + if (OP1_TYPE != IS_CONST) { + ZVAL_DEREF(val); + } if (Z_TYPE_INFO_P(val) > IS_NULL) { ZEND_VM_NEXT_OPCODE(); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index b9ccb2226c..e564ec3c18 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -4375,6 +4375,9 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_CON zval *val; val = RT_CONSTANT(opline, opline->op1); + if (IS_CONST != IS_CONST) { + ZVAL_DEREF(val); + } if (Z_TYPE_INFO_P(val) > IS_NULL) { ZEND_VM_NEXT_OPCODE(); @@ -11095,6 +11098,9 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_TMPV zval *val; val = EX_VAR(opline->op1.var); + if ((IS_TMP_VAR|IS_VAR|IS_CV) != IS_CONST) { + ZVAL_DEREF(val); + } if (Z_TYPE_INFO_P(val) > IS_NULL) { ZEND_VM_NEXT_OPCODE(); -- 2.40.0