diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-07-07 09:57:07 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-07-07 09:57:07 +0200 |
| commit | 1e39469678ab94c174c2a2abc476717febc12438 (patch) | |
| tree | 054b24208018021941d2a80273a0748d4ed1da31 | |
| parent | 302933daea77663f5759b10accd1d0231393b24c (diff) | |
| parent | 971e5c5186a2a2339b0dbad4f2a057a9deed5aa2 (diff) | |
| download | php-git-1e39469678ab94c174c2a2abc476717febc12438.tar.gz | |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fixed bug #79783
| -rw-r--r-- | Zend/tests/bug79783.phpt | 11 | ||||
| -rw-r--r-- | Zend/zend_compile.c | 6 |
2 files changed, 16 insertions, 1 deletions
diff --git a/Zend/tests/bug79783.phpt b/Zend/tests/bug79783.phpt new file mode 100644 index 0000000000..959e90b06d --- /dev/null +++ b/Zend/tests/bug79783.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #79783: Segfault in php_str_replace_common +--FILE-- +<?php +str_replace("a", "b", "c", strlen("d")); +?> +--EXPECTF-- +Fatal error: Uncaught Error: Cannot pass parameter 4 by reference in %s:%d +Stack trace: +#0 {main} + thrown in %s on line %d diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index ea5baf2a12..95342cc8e2 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -3201,7 +3201,11 @@ uint32_t zend_compile_args(zend_ast *ast, zend_function *fbc) /* {{{ */ zend_compile_var(&arg_node, arg, BP_VAR_R, 0); if (arg_node.op_type & (IS_CONST|IS_TMP_VAR)) { /* Function call was converted into builtin instruction */ - opcode = ZEND_SEND_VAL; + if (!fbc || ARG_MUST_BE_SENT_BY_REF(fbc, arg_num)) { + opcode = ZEND_SEND_VAL_EX; + } else { + opcode = ZEND_SEND_VAL; + } } else { if (fbc) { if (ARG_MUST_BE_SENT_BY_REF(fbc, arg_num)) { |