diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2014-12-10 23:24:11 +0300 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2014-12-10 23:24:11 +0300 |
| commit | e087d3ac7f78a2bfea01ce7c94e18b4c89073003 (patch) | |
| tree | e5b1f6f1beb6098ff245385f8737de9bc1690f14 | |
| parent | ba35b22bc4a7af791ff2ab7c2ca8e9f4aa6d64df (diff) | |
| parent | 92a9477cc399c78f6570beec22b8f1408179aefe (diff) | |
| download | php-git-e087d3ac7f78a2bfea01ce7c94e18b4c89073003.tar.gz | |
Merge branch 'master' into native-tls
* master: (23 commits)
move the test to the right place
fix TS build and C89 compat
updated NEWS
Fixed bug #68545 NULL pointer dereference in unserialize.c
Updated NEWS
Updated NEWS
Updated NEWS
NEWS
Fix bug #68526 Implement POSIX Access Control List for UDS
Improved basic zval copying primitives: ZVAL_COPY_VALUE(), ZVAL_COPY(), ZVAL_DUP()
Wrap RETURN_VALUE_USED() with EXPECTED() or UNEXPECTED() macros according to more frequent usage patterns.
Improved ASSIGN_<OP>, ASSIGN_DIM and UNSET_DIM
drop dead/unused code
simplified code
Move ZVAL_DEREF() and make_real_object() into slow paths.
Pass znode_op structure by value (it fits into one word) instead of pointer to structure.
Move checks for references into slow paths.
Improved ASSIGN_DIM and ASSIGN_OBJ
Fixed typo
Move checks for references into slow paths of handlers or helpers. Remove duplicate opcode handlers.
...
33 files changed, 5446 insertions, 7366 deletions
@@ -23,6 +23,10 @@ PHP NEWS . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien) . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien) +- Date: + . Fixed day_of_week function as it could sometimes return negative values + internally. (Derick) + - DBA: . Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike) @@ -44,6 +48,9 @@ PHP NEWS - LiteSpeed: . Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang) +- Mcrypt: + . Fixed possible read after end of buffer and use after free. (Dmitry) + - pcntl: . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien) diff --git a/Zend/tests/generators/yield_precedence.phpt b/Zend/tests/generators/yield_precedence.phpt new file mode 100644 index 0000000000..6b87fa0364 --- /dev/null +++ b/Zend/tests/generators/yield_precedence.phpt @@ -0,0 +1,51 @@ +--TEST-- +Precedence of yield and arrow operators +--FILE-- +<?php + +function gen() { + yield "a" . "b"; + yield "a" or die; + yield "k" => "a" . "b"; + yield "k" => "a" or die; + var_dump([yield "k" => "a" . "b"]); + yield yield "k1" => yield "k2" => "a" . "b"; + yield yield "k1" => (yield "k2") => "a" . "b"; + var_dump([yield "k1" => yield "k2" => "a" . "b"]); + var_dump([yield "k1" => (yield "k2") => "a" . "b"]); +} + +$g = gen(); +for ($g->rewind(), $i = 1; $g->valid(); $g->send($i), $i++) { + echo "{$g->key()} => {$g->current()}\n"; +} + +?> +--EXPECT-- +0 => ab +1 => a +k => ab +k => a +k => ab +array(1) { + [0]=> + int(5) +} +k2 => ab +k1 => 6 +2 => 7 +3 => k2 +k1 => 9 +10 => ab +k2 => ab +k1 => 12 +array(1) { + [0]=> + int(13) +} +11 => k2 +k1 => 14 +array(1) { + [15]=> + string(2) "ab" +} diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index b5ad563590..fbe52fe95a 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -390,41 +390,43 @@ static zend_always_inline zval *_get_zval_ptr_cv_deref_BP_VAR_W(const zend_execu return ret; } -static inline zval *_get_zval_ptr(int op_type, const znode_op *node, const zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) +static zend_always_inline zval *_get_zval_ptr(int op_type, znode_op node, const zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) { - switch (op_type) { - case IS_CONST: - *should_free = NULL; - return node->zv; - case IS_TMP_VAR: - return _get_zval_ptr_tmp(node->var, execute_data, should_free); - case IS_VAR: - return _get_zval_ptr_var(node->var, execute_data, should_free); - case IS_CV: - *should_free = NULL; - return _get_zval_ptr_cv(execute_data, node->var, type TSRMLS_CC); - default: - *should_free = NULL; - return NULL; + if (op_type & (IS_TMP_VAR|IS_VAR)) { + if (op_type == IS_TMP_VAR) { + return _get_zval_ptr_tmp(node.var, execute_data, should_free); + } else { + ZEND_ASSERT(op_type == IS_VAR); + return _get_zval_ptr_var(node.var, execute_data, should_free); + } + } else { + *should_free = NULL; + if (op_type == IS_CONST) { + return node.zv; + } else { + ZEND_ASSERT(op_type == IS_CV); + return _get_zval_ptr_cv(execute_data, node.var, type TSRMLS_CC); + } } } -static inline zval *_get_zval_ptr_deref(int op_type, const znode_op *node, const zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) +static zend_always_inline zval *_get_zval_ptr_deref(int op_type, znode_op node, const zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) { - switch (op_type) { - case IS_CONST: - *should_free = NULL; - return node->zv; - case IS_TMP_VAR: - return _get_zval_ptr_tmp(node->var, execute_data, should_free); - case IS_VAR: - return _get_zval_ptr_var_deref(node->var, execute_data, should_free); - case IS_CV: - *should_free = NULL; - return _get_zval_ptr_cv_deref(execute_data, node->var, type TSRMLS_CC); - default: - *should_free = NULL; - return NULL; + if (op_type & (IS_TMP_VAR|IS_VAR)) { + if (op_type == IS_TMP_VAR) { + return _get_zval_ptr_tmp(node.var, execute_data, should_free); + } else { + ZEND_ASSERT(op_type == IS_VAR); + return _get_zval_ptr_var_deref(node.var, execute_data, should_free); + } + } else { + *should_free = NULL; + if (op_type == IS_CONST) { + return node.zv; + } else { + ZEND_ASSERT(op_type == IS_CV); + return _get_zval_ptr_cv_deref(execute_data, node.var, type TSRMLS_CC); + } } } @@ -445,14 +447,14 @@ static zend_always_inline zval *_get_zval_ptr_ptr_var(uint32_t var, const zend_e return ret; } -static inline zval *_get_zval_ptr_ptr(int op_type, const znode_op *node, const zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) +static inline zval *_get_zval_ptr_ptr(int op_type, znode_op node, const zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) { if (op_type == IS_CV) { *should_free = NULL; - return _get_zval_ptr_cv(execute_data, node->var, type TSRMLS_CC); + return _get_zval_ptr_cv(execute_data, node.var, type TSRMLS_CC); } else /* if (op_type == IS_VAR) */ { ZEND_ASSERT(op_type == IS_VAR); - return _get_zval_ptr_ptr_var(node->var, execute_data, should_free); + return _get_zval_ptr_ptr_var(node.var, execute_data, should_free); } } @@ -466,7 +468,7 @@ static zend_always_inline zval *_get_obj_zval_ptr_unused(zend_execute_data *exec } } -static inline zval *_get_obj_zval_ptr(int op_type, znode_op *op, zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) +static inline zval *_get_obj_zval_ptr(int op_type, znode_op op, zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) { if (op_type == IS_UNUSED) { if (EXPECTED(Z_OBJ(EX(This)) != NULL)) { @@ -479,7 +481,7 @@ static inline zval *_get_obj_zval_ptr(int op_type, znode_op *op, zend_execute_da return get_zval_ptr(op_type, op, execute_data, should_free, type); } -static inline zval *_get_obj_zval_ptr_ptr(int op_type, const znode_op *node, zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) +static inline zval *_get_obj_zval_ptr_ptr(int op_type, znode_op node, zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) { if (op_type == IS_UNUSED) { if (EXPECTED(Z_OBJ(EX(This)) != NULL)) { @@ -508,21 +510,23 @@ static inline void zend_assign_to_variable_reference(zval *variable_ptr, zval *v } /* this should modify object only if it's empty */ -static inline zval* make_real_object(zval *object_ptr TSRMLS_DC) +static inline int make_real_object(zval **object_ptr TSRMLS_DC) { - zval *object = object_ptr; + zval *object = *object_ptr; ZVAL_DEREF(object); if (UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - if (Z_TYPE_P(object) == IS_NULL - || Z_TYPE_P(object) == IS_FALSE + if (EXPECTED(Z_TYPE_P(object) <= IS_FALSE) || (Z_TYPE_P(object) == IS_STRING && Z_STRLEN_P(object) == 0)) { zval_ptr_dtor_nogc(object); object_init(object); zend_error(E_WARNING, "Creating default object from empty value"); + } else { + return 0; } } - return object; + *object_ptr = object; + return 1; } ZEND_API char * zend_verify_internal_arg_class_kind(const zend_internal_arg_info *cur_arg_info, char **class_name, zend_class_entry **pce TSRMLS_DC) @@ -759,25 +763,29 @@ static void zend_verify_missing_arg(zend_execute_data *execute_data, uint32_t ar } } -static zend_always_inline void zend_assign_to_object(zval *retval, zval *object, uint32_t object_op_type, zval *property_name, int value_type, const znode_op *value_op, const zend_execute_data *execute_data, int opcode, void **cache_slot TSRMLS_DC) +static zend_always_inline void zend_assign_to_object(zval *retval, zval *object, uint32_t object_op_type, zval *property_name, uint32_t property_op_type, int value_type, znode_op value_op, const zend_execute_data *execute_data, void **cache_slot TSRMLS_DC) { zend_free_op free_value; zval *value = get_zval_ptr_deref(value_type, value_op, execute_data, &free_value, BP_VAR_R); zval tmp; - if (object_op_type != IS_UNUSED) { - ZVAL_DEREF(object); - if (UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - if (UNEXPECTED(object == &EG(error_zval))) { - if (retval) { - ZVAL_NULL(retval); + if (object_op_type != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + do { + if (object_op_type == IS_VAR && UNEXPECTED(object == &EG(error_zval))) { + if (retval) { + ZVAL_NULL(retval); } FREE_OP(free_value); return; } - if (EXPECTED(Z_TYPE_P(object) == IS_NULL || - Z_TYPE_P(object) == IS_FALSE || - (Z_TYPE_P(object) == IS_STRING && Z_STRLEN_P(object) == 0))) { + if (Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } + if (EXPECTED(Z_TYPE_P(object) <= IS_FALSE || + (Z_TYPE_P(object) == IS_STRING && Z_STRLEN_P(object) == 0))) { zend_object *obj; zval_ptr_dtor(object); @@ -803,107 +811,120 @@ static zend_always_inline void zend_assign_to_object(zval *retval, zval *object, FREE_OP(free_value); return; } - } + } while (0); } - if (opcode == ZEND_ASSIGN_OBJ) { - if (!Z_OBJ_HT_P(object)->write_property) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (retval) { - ZVAL_NULL(retval); - } - FREE_OP(free_value); - return; - } - - if (cache_slot && - EXPECTED(Z_OBJCE_P(object) == CACHED_PTR_EX(cache_slot))) { - zend_property_info *prop_info = CACHED_PTR_EX(cache_slot + 1); - zend_object *zobj = Z_OBJ_P(object); - zval *property; + if (property_op_type == IS_CONST && + EXPECTED(Z_OBJCE_P(object) == CACHED_PTR_EX(cache_slot))) { + zend_property_info *prop_info = CACHED_PTR_EX(cache_slot + 1); + zend_object *zobj = Z_OBJ_P(object); + zval *property; - if (EXPECTED(prop_info)) { - property = OBJ_PROP(zobj, prop_info->offset); - if (Z_TYPE_P(property) != IS_UNDEF) { + if (EXPECTED(prop_info)) { + property = OBJ_PROP(zobj, prop_info->offset); + if (Z_TYPE_P(property) != IS_UNDEF) { fast_assign: - value = zend_assign_to_variable(property, value, value_type TSRMLS_CC); - if (retval && !EG(exception)) { - ZVAL_COPY(retval, value); - } - if (value_type == IS_VAR) { - FREE_OP(free_value); - } - return; + value = zend_assign_to_variable(property, value, value_type TSRMLS_CC); + if (retval && !EG(exception)) { + ZVAL_COPY(retval, value); } - } else { - if (EXPECTED(zobj->properties != NULL)) { - property = zend_hash_find(zobj->properties, Z_STR_P(property_name)); - if (property) { - goto fast_assign; - } + if (value_type == IS_VAR) { + FREE_OP(free_value); } + return; + } + } else { + if (EXPECTED(zobj->properties != NULL)) { + property = zend_hash_find(zobj->properties, Z_STR_P(property_name)); + if (property) { + goto fast_assign; + } + } - if (!zobj->ce->__set) { - if (EXPECTED(zobj->properties == NULL)) { - rebuild_object_properties(zobj); - } - /* separate our value if necessary */ - if (value_type == IS_CONST) { - if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) { - ZVAL_COPY_VALUE(&tmp, value); - zval_copy_ctor_func(&tmp); - value = &tmp; - } - } else if (value_type != IS_TMP_VAR && - Z_REFCOUNTED_P(value)) { - Z_ADDREF_P(value); - } - zend_hash_add_new(zobj->properties, Z_STR_P(property_name), value); - if (retval && !EG(exception)) { - ZVAL_COPY(retval, value); - } - if (value_type == IS_VAR) { - FREE_OP(free_value); + if (!zobj->ce->__set) { + if (EXPECTED(zobj->properties == NULL)) { + rebuild_object_properties(zobj); + } + /* separate our value if necessary */ + if (value_type == IS_CONST) { + if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) { + ZVAL_COPY_VALUE(&tmp, value); + zval_copy_ctor_func(&tmp); + value = &tmp; } - return; + } else if (value_type != IS_TMP_VAR && + Z_REFCOUNTED_P(value)) { + Z_ADDREF_P(value); } - } - } - - /* separate our value if necessary */ - if (value_type == IS_CONST) { - if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) { - ZVAL_COPY_VALUE(&tmp, value); - zval_copy_ctor_func(&tmp); - value = &tmp; + zend_hash_add_new(zobj->properties, Z_STR_P(property_name), value); + if (retval && !EG(exception)) { + ZVAL_COPY(retval, value); + } + if (value_type == IS_VAR) { + FREE_OP(free_value); + } + return; } - } else if (value_type != IS_TMP_VAR && - Z_REFCOUNTED_P(value)) { - Z_ADDREF_P(value); - } + } + } - Z_OBJ_HT_P(object)->write_property(object, property_name, value, cache_slot TSRMLS_CC); - } else { - /* Note: property_name in this case is really the array index! */ - if (!Z_OBJ_HT_P(object)->write_dimension) { - zend_error_noreturn(E_ERROR, "Cannot use object as array"); + if (!Z_OBJ_HT_P(object)->write_property) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (retval) { + ZVAL_NULL(retval); } + FREE_OP(free_value); + return; + } - /* separate our value if necessary */ - if (value_type == IS_CONST) { - if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) { - ZVAL_COPY_VALUE(&tmp, value); - zval_copy_ctor_func(&tmp); - value = &tmp; - } - } else if (value_type != IS_TMP_VAR && - Z_REFCOUNTED_P(value)) { - Z_ADDREF_P(value); + /* separate our value if necessary */ + if (value_type == IS_CONST) { + if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) { + ZVAL_COPY_VALUE(&tmp, value); + zval_copy_ctor_func(&tmp); + value = &tmp; } + } else if (value_type != IS_TMP_VAR && + Z_REFCOUNTED_P(value)) { + Z_ADDREF_P(value); + } - Z_OBJ_HT_P(object)->write_dimension(object, property_name, value TSRMLS_CC); + Z_OBJ_HT_P(object)->write_property(object, property_name, value, cache_slot TSRMLS_CC); + + if (retval && !EG(exception)) { + ZVAL_COPY(retval, value); + } + zval_ptr_dtor(value); + if (value_type == IS_VAR) { + FREE_OP(free_value); + } +} + +static zend_always_inline void zend_assign_to_object_dim(zval *retval, zval *object, zval *property_name, int value_type, znode_op value_op, const zend_execute_data *execute_data TSRMLS_DC) +{ + zend_free_op free_value; + zval *value = get_zval_ptr_deref(value_type, value_op, execute_data, &free_value, BP_VAR_R); + zval tmp; + + /* Note: property_name in this case is really the array index! */ + if (!Z_OBJ_HT_P(object)->write_dimension) { + zend_error_noreturn(E_ERROR, "Cannot use object as array"); + } + + /* separate our value if necessary */ + if (value_type == IS_CONST) { + if (UNEXPECTED(Z_OPT_COPYABLE_P(value))) { + ZVAL_COPY_VALUE(&tmp, value); + zval_copy_ctor_func(&tmp); + value = &tmp; + } + } else if (value_type != IS_TMP_VAR && + Z_REFCOUNTED_P(value)) { + Z_ADDREF_P(value); } + Z_OBJ_HT_P(object)->write_dimension(object, property_name, value TSRMLS_CC); + if (retval && !EG(exception)) { ZVAL_COPY(retval, value); } @@ -913,6 +934,39 @@ fast_assign: } } +static void zend_binary_assign_op_obj_dim(zval *object, zval *property, zval *value, zval *retval, int (*binary_op)(zval *result, zval *op1, zval *op2 TSRMLS_DC) TSRMLS_DC) +{ + zval *z; + zval rv; + + if (Z_OBJ_HT_P(object)->read_dimension && + (z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC)) != NULL) { + + if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + binary_op(z, z, value TSRMLS_CC); + Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); + if (retval) { + ZVAL_COPY(retval, z); + } + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (retval) { + ZVAL_NULL(retval); + } + } +} + static void zend_assign_to_string_offset(zval *str, zend_long offset, zval *value, zval *result TSRMLS_DC) { zend_string *old_str; @@ -1173,6 +1227,7 @@ static zend_always_inline void zend_fetch_dimension_address(zval *result, zval * { zval *retval; +try_again: if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { SEPARATE_ARRAY(container); fetch_from_array: @@ -1234,7 +1289,7 @@ convert_to_array: ZVAL_INDIRECT(result, &EG(error_zval)); } } - } else if (EXPECTED(Z_TYPE_P(container) == IS_NULL)) { + } else if (EXPECTED(Z_TYPE_P(container) <= IS_FALSE)) { if (UNEXPECTED(container == &EG(error_zval))) { ZVAL_INDIRECT(result, &EG(error_zval)); } else if (type != BP_VAR_UNSET) { @@ -1243,11 +1298,10 @@ convert_to_array: /* for read-mode only */ ZVAL_NULL(result); } + } else if (EXPECTED(Z_TYPE_P(container) == IS_REFERENCE)) { + container = Z_REFVAL_P(container); + goto try_again; } else { - if (type != BP_VAR_UNSET && - Z_TYPE_P(container) == IS_FALSE) { - goto convert_to_array; - } if (type == BP_VAR_UNSET) { zend_error(E_WARNING, "Cannot unset offset in a non-array variable"); ZVAL_NULL(result); @@ -1277,13 +1331,14 @@ static zend_always_inline void zend_fetch_dimension_address_read(zval *result, z { zval *retval; +try_again: if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { retval = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), dim, dim_type, type TSRMLS_CC); ZVAL_COPY(result, retval); } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_long offset; -try_again: +try_string_offset: if (UNEXPECTED(Z_TYPE_P(dim) != IS_LONG)) { switch(Z_TYPE_P(dim)) { /* case IS_LONG: */ @@ -1305,7 +1360,7 @@ try_again: break; case IS_REFERENCE: dim = Z_REFVAL_P(dim); - goto try_again; + goto try_string_offset; default: zend_error(E_WARNING, "Illegal offset type"); break; @@ -1345,6 +1400,9 @@ try_again: ZVAL_NULL(result); } } + } else if (EXPECTED(Z_TYPE_P(container) == IS_REFERENCE)) { + container = Z_REFVAL_P(container); + goto try_again; } else { ZVAL_NULL(result); } @@ -1367,19 +1425,24 @@ ZEND_API void zend_fetch_dimension_by_zval(zval *result, zval *container, zval * static zend_always_inline void zend_fetch_property_address(zval *result, zval *container, uint32_t container_op_type, zval *prop_ptr, uint32_t prop_op_type, void **cache_slot, int type TSRMLS_DC) { - if (container_op_type != IS_UNUSED) { - ZVAL_DEREF(container); - if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { - if (UNEXPECTED(container == &EG(error_zval))) { + if (container_op_type != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + do { + if (container_op_type != IS_VAR && UNEXPECTED(container == &EG(error_zval))) { ZVAL_INDIRECT(result, &EG(error_zval)); return; } + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + break; + } + } + /* this should modify object only if it's empty */ if (type != BP_VAR_UNSET && - EXPECTED((Z_TYPE_P(container) == IS_NULL || - Z_TYPE_P(container) == IS_FALSE || - (Z_TYPE_P(container) == IS_STRING && Z_STRLEN_P(container)==0)))) { + EXPECTED(Z_TYPE_P(container) <= IS_FALSE || + (Z_TYPE_P(container) == IS_STRING && Z_STRLEN_P(container)==0))) { zval_ptr_dtor_nogc(container); object_init(container); } else { @@ -1387,7 +1450,7 @@ static zend_always_inline void zend_fetch_property_address(zval *result, zval *c ZVAL_INDIRECT(result, &EG(error_zval)); return; } - } + } while (0); } if (prop_op_type == IS_CONST && EXPECTED(Z_OBJCE_P(container) == CACHED_PTR_EX(cache_slot))) { @@ -1877,7 +1940,7 @@ ZEND_API user_opcode_handler_t zend_get_user_opcode_handler(zend_uchar opcode) } ZEND_API zval *zend_get_zval_ptr(int op_type, const znode_op *node, const zend_execute_data *execute_data, zend_free_op *should_free, int type TSRMLS_DC) { - return get_zval_ptr(op_type, node, execute_data, should_free, type); + return get_zval_ptr(op_type, *node, execute_data, should_free, type); } /* diff --git a/Zend/zend_language_parser.y b/Zend/zend_language_parser.y index b133fdfeea..11c9827d5b 100644 --- a/Zend/zend_language_parser.y +++ b/Zend/zend_language_parser.y @@ -66,6 +66,7 @@ static YYSIZE_T zend_yytnamerr(char*, const char*); %left T_LOGICAL_AND %right T_PRINT %right T_YIELD +%right T_DOUBLE_ARROW %left '=' T_PLUS_EQUAL T_MINUS_EQUAL T_MUL_EQUAL T_DIV_EQUAL T_CONCAT_EQUAL T_MOD_EQUAL T_AND_EQUAL T_OR_EQUAL T_XOR_EQUAL T_SL_EQUAL T_SR_EQUAL T_POW_EQUAL %left '?' ':' %right T_COALESCE @@ -89,7 +90,6 @@ static YYSIZE_T zend_yytnamerr(char*, const char*); %left T_ELSE %left T_ENDIF %right T_STATIC T_ABSTRACT T_FINAL T_PRIVATE T_PROTECTED T_PUBLIC -%right T_DOUBLE_ARROW %token <ast> T_LNUMBER "integer number (T_LNUMBER)" %token <ast> T_DNUMBER "floating-point number (T_DNUMBER)" diff --git a/Zend/zend_types.h b/Zend/zend_types.h index 77c914b209..c7591d6414 100644 --- a/Zend/zend_types.h +++ b/Zend/zend_types.h @@ -102,6 +102,11 @@ typedef union _zend_value { void *ptr; zend_class_entry *ce; zend_function *func; + struct { + ZEND_ENDIAN_LOHI( + uint32_t w1, + uint32_t w2) + } ww; } zend_value; struct _zval_struct { @@ -695,30 +700,64 @@ static zend_always_inline uint32_t zval_delref_p(zval* pz) { return --GC_REFCOUNT(Z_COUNTED_P(pz)); } +#if SIZEOF_ZEND_LONG == 4 +# define ZVAL_COPY_VALUE_EX(z, v, gc, t) \ + do { \ + uint32_t _w2; \ + gc = v->value.counted; \ + _w2 = v->value.ww.w2; \ + t = Z_TYPE_INFO_P(v); \ + z->value.counted = gc; \ + z->value.ww.w2 = _w2; \ + Z_TYPE_INFO_P(z) = t; \ + } while (0) +#elif SIZEOF_ZEND_LONG == 8 +# define ZVAL_COPY_VALUE_EX(z, v, gc, t) \ + do { \ + gc = v->value.counted; \ + t = Z_TYPE_INFO_P(v); \ + z->value.counted = gc; \ + Z_TYPE_INFO_P(z) = t; \ + } while (0) +#else +# error "Unknbown SIZEOF_ZEND_LONG" +#endif + #define ZVAL_COPY_VALUE(z, v) \ do { \ zval *_z1 = (z); \ const zval *_z2 = (v); \ - (_z1)->value = (_z2)->value; \ - Z_TYPE_INFO_P(_z1) = Z_TYPE_INFO_P(_z2); \ + zend_refcounted *_gc; \ + uint32_t _t; \ + ZVAL_COPY_VALUE_EX(_z1, _z2, _gc, _t); \ } while (0) #define ZVAL_COPY(z, v) \ do { \ - zval *__z1 = (z); \ - const zval *__z2 = (v); \ - ZVAL_COPY_VALUE(__z1, __z2); \ - if (Z_OPT_REFCOUNTED_P(__z1)) { \ - Z_ADDREF_P(__z1); \ + zval *_z1 = (z); \ + const zval *_z2 = (v); \ + zend_refcounted *_gc; \ + uint32_t _t; \ + ZVAL_COPY_VALUE_EX(_z1, _z2, _gc, _t); \ + if ((_t & (IS_TYPE_REFCOUNTED << Z_TYPE_FLAGS_SHIFT)) != 0) { \ + GC_REFCOUNT(_gc)++; \ } \ } while (0) #define ZVAL_DUP(z, v) \ do { \ - zval *__z1 = (z); \ - const zval *__z2 = (v); \ - ZVAL_COPY_VALUE(__z1, __z2); \ - zval_opt_copy_ctor(__z1); \ + zval *_z1 = (z); \ + const zval *_z2 = (v); \ + zend_refcounted *_gc; \ + uint32_t _t; \ + ZVAL_COPY_VALUE_EX(_z1, _z2, _gc, _t); \ + if ((_t & ((IS_TYPE_REFCOUNTED|IS_TYPE_IMMUTABLE) << Z_TYPE_FLAGS_SHIFT)) != 0) { \ + if ((_t & ((IS_TYPE_COPYABLE|IS_TYPE_IMMUTABLE) << Z_TYPE_FLAGS_SHIFT)) != 0) { \ + _zval_copy_ctor_func(_z1 ZEND_FILE_LINE_CC); \ + } else { \ + GC_REFCOUNT(_gc)++; \ + } \ + } \ } while (0) #define ZVAL_DEREF(z) do { \ diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 09f5e22281..7490e577d7 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -346,47 +346,36 @@ ZEND_VM_HELPER_EX(zend_binary_assign_op_obj_helper, VAR|UNUSED|CV, CONST|TMPVAR| zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (OP1_TYPE != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - FREE_OP2(); - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -396,29 +385,22 @@ ZEND_VM_HELPER_EX(zend_binary_assign_op_obj_helper, VAR|UNUSED|CV, CONST|TMPVAR| } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - FREE_OP2(); - FREE_OP(free_op_data1); - } + } while (0); FREE_OP1_VAR_PTR(); /* assign_obj has two opcodes! */ @@ -439,44 +421,47 @@ ZEND_VM_HELPER_EX(zend_binary_assign_op_dim_helper, VAR|UNUSED|CV, CONST|TMPVAR| if (OP1_TYPE == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (OP1_TYPE != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) - if (OP1_TYPE == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (OP1_TYPE == IS_VAR && !OP1_FREE) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_obj_helper, binary_op, binary_op); - } -#endif dim = GET_OP2_ZVAL_PTR(BP_VAR_R); - zend_fetch_dimension_address_RW(&rv, container, dim, OP2_TYPE TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (OP1_TYPE == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (OP1_TYPE != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) + if (OP1_TYPE == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, OP2_TYPE TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP2(); FREE_OP(free_op_data1); @@ -524,9 +509,9 @@ ZEND_VM_HELPER_EX(zend_binary_assign_op_helper, VAR|CV, CONST|TMPVAR|CV, int (*b ZEND_VM_HANDLER(23, ZEND_ASSIGN_ADD, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, add_function); @@ -544,9 +529,9 @@ ZEND_VM_HANDLER(23, ZEND_ASSIGN_ADD, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(24, ZEND_ASSIGN_SUB, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, sub_function); @@ -564,9 +549,9 @@ ZEND_VM_HANDLER(24, ZEND_ASSIGN_SUB, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(25, ZEND_ASSIGN_MUL, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, mul_function); @@ -584,9 +569,9 @@ ZEND_VM_HANDLER(25, ZEND_ASSIGN_MUL, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(26, ZEND_ASSIGN_DIV, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, div_function); @@ -604,9 +589,9 @@ ZEND_VM_HANDLER(26, ZEND_ASSIGN_DIV, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(27, ZEND_ASSIGN_MOD, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, mod_function); @@ -624,9 +609,9 @@ ZEND_VM_HANDLER(27, ZEND_ASSIGN_MOD, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(28, ZEND_ASSIGN_SL, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, shift_left_function); @@ -644,9 +629,9 @@ ZEND_VM_HANDLER(28, ZEND_ASSIGN_SL, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(29, ZEND_ASSIGN_SR, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, shift_right_function); @@ -664,9 +649,9 @@ ZEND_VM_HANDLER(29, ZEND_ASSIGN_SR, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(30, ZEND_ASSIGN_CONCAT, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, concat_function); @@ -684,9 +669,9 @@ ZEND_VM_HANDLER(30, ZEND_ASSIGN_CONCAT, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(31, ZEND_ASSIGN_BW_OR, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, bitwise_or_function); @@ -704,9 +689,9 @@ ZEND_VM_HANDLER(31, ZEND_ASSIGN_BW_OR, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(32, ZEND_ASSIGN_BW_AND, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, bitwise_and_function); @@ -724,9 +709,9 @@ ZEND_VM_HANDLER(32, ZEND_ASSIGN_BW_AND, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_HANDLER(33, ZEND_ASSIGN_BW_XOR, VAR|UNUSED|CV, CONST|TMPVAR|UNUSED|CV) { +#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) USE_OPLINE -#if !defined(ZEND_VM_SPEC) || (OP2_TYPE != IS_UNUSED) # if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, bitwise_xor_function); @@ -760,62 +745,60 @@ ZEND_VM_HELPER_EX(zend_pre_incdec_property_helper, VAR|UNUSED|CV, CONST|TMPVAR|C zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (OP1_TYPE != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - FREE_OP2(); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - FREE_OP1_VAR_PTR(); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); FREE_OP2(); FREE_OP1_VAR_PTR(); @@ -851,56 +834,53 @@ ZEND_VM_HELPER_EX(zend_post_incdec_property_helper, VAR|UNUSED|CV, CONST|TMPVAR| zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (OP1_TYPE != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - FREE_OP2(); - ZVAL_NULL(retval); - FREE_OP1_VAR_PTR(); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; + + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); - } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + } } - } + } while (0); FREE_OP2(); FREE_OP1_VAR_PTR(); @@ -933,14 +913,14 @@ ZEND_VM_HANDLER(34, ZEND_PRE_INC, VAR|CV, ANY) if (EXPECTED(Z_TYPE_P(var_ptr) == IS_LONG)) { fast_increment_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), var_ptr); } ZEND_VM_NEXT_OPCODE(); } if (OP1_TYPE == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) { - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } CHECK_EXCEPTION(); @@ -952,7 +932,7 @@ ZEND_VM_HANDLER(34, ZEND_PRE_INC, VAR|CV, ANY) increment_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); } @@ -976,14 +956,14 @@ ZEND_VM_HANDLER(35, ZEND_PRE_DEC, VAR|CV, ANY) if (EXPECTED(Z_TYPE_P(var_ptr) == IS_LONG)) { fast_decrement_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), var_ptr); } ZEND_VM_NEXT_OPCODE(); } if (OP1_TYPE == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) { - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } CHECK_EXCEPTION(); @@ -995,7 +975,7 @@ ZEND_VM_HANDLER(35, ZEND_PRE_DEC, VAR|CV, ANY) decrement_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); } @@ -1261,14 +1241,14 @@ ZEND_VM_HANDLER(89, ZEND_FETCH_IS, CONST|TMPVAR|CV, UNUSED|CONST|VAR) ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_var_address_helper, type, BP_VAR_IS); } -ZEND_VM_HANDLER(81, ZEND_FETCH_DIM_R, CONST|TMP|VAR|CV, CONST|TMPVAR|CV) +ZEND_VM_HANDLER(81, ZEND_FETCH_DIM_R, CONST|TMPVAR|CV, CONST|TMPVAR|CV) { USE_OPLINE zend_free_op free_op1, free_op2; zval *container; SAVE_OPLINE(); - container = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R); + container = GET_OP1_ZVAL_PTR(BP_VAR_R); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE TSRMLS_CC); FREE_OP2(); FREE_OP1(); @@ -1283,12 +1263,11 @@ ZEND_VM_HANDLER(84, ZEND_FETCH_DIM_W, VAR|CV, CONST|TMPVAR|UNUSED|CV) zval *container; SAVE_OPLINE(); - container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W); + container = GET_OP1_ZVAL_PTR_PTR_UNDEF(BP_VAR_W); if (OP1_TYPE == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE TSRMLS_CC); FREE_OP2(); if (OP1_TYPE == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -1311,7 +1290,6 @@ ZEND_VM_HANDLER(87, ZEND_FETCH_DIM_RW, VAR|CV, CONST|TMPVAR|UNUSED|CV) if (OP1_TYPE == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE TSRMLS_CC); FREE_OP2(); if (OP1_TYPE == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -1322,14 +1300,14 @@ ZEND_VM_HANDLER(87, ZEND_FETCH_DIM_RW, VAR|CV, CONST|TMPVAR|UNUSED|CV) ZEND_VM_NEXT_OPCODE(); } -ZEND_VM_HANDLER(90, ZEND_FETCH_DIM_IS, CONST|TMP|VAR|CV, CONST|TMPVAR|CV) +ZEND_VM_HANDLER(90, ZEND_FETCH_DIM_IS, CONST|TMPVAR|CV, CONST|TMPVAR|CV) { USE_OPLINE zend_free_op free_op1, free_op2; zval *container; SAVE_OPLINE(); - container = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_IS); + container = GET_OP1_ZVAL_PTR(BP_VAR_IS); zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE TSRMLS_CC); FREE_OP2(); FREE_OP1(); @@ -1349,11 +1327,10 @@ ZEND_VM_HANDLER(93, ZEND_FETCH_DIM_FUNC_ARG, CONST|TMP|VAR|CV, CONST|TMPVAR|UNUS if (OP1_TYPE == IS_CONST || OP1_TYPE == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); } - container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W); + container = GET_OP1_ZVAL_PTR_PTR_UNDEF(BP_VAR_W); if (OP1_TYPE == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE TSRMLS_CC); if (OP1_TYPE == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -1364,7 +1341,7 @@ ZEND_VM_HANDLER(93, ZEND_FETCH_DIM_FUNC_ARG, CONST|TMP|VAR|CV, CONST|TMPVAR|UNUS if (OP2_TYPE == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R); + container = GET_OP1_ZVAL_PTR(BP_VAR_R); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE TSRMLS_CC); FREE_OP2(); FREE_OP1(); @@ -1385,7 +1362,6 @@ ZEND_VM_HANDLER(96, ZEND_FETCH_DIM_UNSET, VAR|CV, CONST|TMPVAR|CV) if (OP1_TYPE == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_UNSET(EX_VAR(opline->result.var), container, GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE TSRMLS_CC); FREE_OP2(); if (OP1_TYPE == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -1405,11 +1381,21 @@ ZEND_VM_HANDLER(82, ZEND_FETCH_OBJ_R, CONST|TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) zval *offset; SAVE_OPLINE(); - container = GET_OP1_OBJ_ZVAL_PTR_DEREF(BP_VAR_R); + container = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_R); offset = GET_OP2_ZVAL_PTR(BP_VAR_R); - if ((OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + ZEND_VM_C_GOTO(fetch_obj_r_no_object); + } + } else { + ZEND_VM_C_GOTO(fetch_obj_r_no_object); + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +ZEND_VM_C_LABEL(fetch_obj_r_no_object): zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -1461,7 +1447,7 @@ ZEND_VM_HANDLER(85, ZEND_FETCH_OBJ_W, VAR|UNUSED|CV, CONST|TMPVAR|CV) SAVE_OPLINE(); property = GET_OP2_ZVAL_PTR(BP_VAR_R); - container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W); + container = GET_OP1_OBJ_ZVAL_PTR_PTR_UNDEF(BP_VAR_W); if (OP1_TYPE == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } @@ -1500,7 +1486,7 @@ ZEND_VM_HANDLER(88, ZEND_FETCH_OBJ_RW, VAR|UNUSED|CV, CONST|TMPVAR|CV) ZEND_VM_NEXT_OPCODE(); } -ZEND_VM_HANDLER(91, ZEND_FETCH_OBJ_IS, CONST|TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) +ZEND_VM_HANDLER(91, ZEND_FETCH_OBJ_IS, CONST|TMPVAR|UNUSED|CV, CONST|TMPVAR|CV) { USE_OPLINE zend_free_op free_op1; @@ -1509,11 +1495,21 @@ ZEND_VM_HANDLER(91, ZEND_FETCH_OBJ_IS, CONST|TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) zval *offset; SAVE_OPLINE(); - container = GET_OP1_OBJ_ZVAL_PTR_DEREF(BP_VAR_IS); + container = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_IS); offset = GET_OP2_ZVAL_PTR(BP_VAR_R); - if ((OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + ZEND_VM_C_GOTO(fetch_obj_is_no_object); + } + } else { + ZEND_VM_C_GOTO(fetch_obj_is_no_object); + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +ZEND_VM_C_LABEL(fetch_obj_is_no_object): ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -1566,7 +1562,7 @@ ZEND_VM_HANDLER(94, ZEND_FETCH_OBJ_FUNC_ARG, CONST|TMP|VAR|UNUSED|CV, CONST|TMPV SAVE_OPLINE(); property = GET_OP2_ZVAL_PTR(BP_VAR_R); - container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W); + container = GET_OP1_OBJ_ZVAL_PTR_PTR_UNDEF(BP_VAR_W); if (OP1_TYPE == IS_CONST || OP1_TYPE == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); @@ -1610,15 +1606,16 @@ ZEND_VM_HANDLER(97, ZEND_FETCH_OBJ_UNSET, VAR|UNUSED|CV, CONST|TMPVAR|CV) ZEND_VM_NEXT_OPCODE(); } -ZEND_VM_HANDLER(98, ZEND_FETCH_LIST, CONST|TMP|VAR|CV, CONST) +ZEND_VM_HANDLER(98, ZEND_FETCH_LIST, CONST|TMPVAR|CV, CONST) { USE_OPLINE zend_free_op free_op1; zval *container; SAVE_OPLINE(); - container = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R); + container = GET_OP1_ZVAL_PTR(BP_VAR_R); +ZEND_VM_C_LABEL(try_fetch_list): if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { zend_free_op free_op2; zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE, BP_VAR_R TSRMLS_CC); @@ -1636,6 +1633,9 @@ ZEND_VM_HANDLER(98, ZEND_FETCH_LIST, CONST|TMP|VAR|CV, CONST) } else { ZVAL_NULL(result); } + } else if (Z_TYPE_P(container) == IS_REFERENCE) { + container = Z_REFVAL_P(container); + ZEND_VM_C_GOTO(try_fetch_list); } else { ZVAL_NULL(EX_VAR(opline->result.var)); } @@ -1651,13 +1651,13 @@ ZEND_VM_HANDLER(136, ZEND_ASSIGN_OBJ, VAR|UNUSED|CV, CONST|TMPVAR|CV) zval *property_name; SAVE_OPLINE(); - object = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W); + object = GET_OP1_OBJ_ZVAL_PTR_PTR_UNDEF(BP_VAR_W); property_name = GET_OP2_ZVAL_PTR(BP_VAR_R); if (OP1_TYPE == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, OP1_TYPE, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, OP1_TYPE, property_name, OP2_TYPE, (opline+1)->op1_type, (opline+1)->op1, execute_data, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); FREE_OP2(); FREE_OP1_VAR_PTR(); /* assign_obj has two opcodes! */ @@ -1671,55 +1671,63 @@ ZEND_VM_HANDLER(147, ZEND_ASSIGN_DIM, VAR|CV, CONST|TMPVAR|UNUSED|CV) USE_OPLINE zend_free_op free_op1; zval *object_ptr; + zend_free_op free_op2, free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); - object_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W); + object_ptr = GET_OP1_ZVAL_PTR_PTR_UNDEF(BP_VAR_W); if (OP1_TYPE == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - zend_free_op free_op2; - zval *property_name = GET_OP2_ZVAL_PTR(BP_VAR_R); - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, OP1_TYPE, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); +ZEND_VM_C_LABEL(try_assign_dim): + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +ZEND_VM_C_LABEL(try_assign_dim_array): + dim = GET_OP2_ZVAL_PTR(BP_VAR_R); + zend_fetch_dimension_address_W(&rv, object_ptr, dim, OP2_TYPE TSRMLS_CC); FREE_OP2(); - } else { - zend_free_op free_op2, free_op_data1; - zval rv; - zval *value; - zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R); - zval *variable_ptr; - - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); - FREE_OP2(); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, OP2_TYPE TSRMLS_CC); - FREE_OP2(); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + zend_free_op free_op2; + zval *property_name = GET_OP2_ZVAL_PTR(BP_VAR_R); + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + FREE_OP2(); + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = GET_OP2_ZVAL_PTR(BP_VAR_R); + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + FREE_OP2(); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + ZEND_VM_C_GOTO(try_assign_dim); + } else { + ZEND_VM_C_GOTO(try_assign_dim_array); } FREE_OP1_VAR_PTR(); /* assign_dim has two opcodes! */ @@ -1743,12 +1751,12 @@ ZEND_VM_HANDLER(38, ZEND_ASSIGN, VAR|CV, CONST|TMP|VAR|CV) if (OP2_TYPE == IS_TMP_VAR) { FREE_OP2(); } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, OP2_TYPE TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } FREE_OP1_VAR_PTR(); @@ -1815,7 +1823,7 @@ ZEND_VM_HANDLER(39, ZEND_ASSIGN_REF, VAR|CV, VAR|CV) } } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), variable_ptr); } @@ -2237,7 +2245,7 @@ ZEND_VM_C_LABEL(try_class_name): } } -ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) +ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMPVAR|UNUSED|CV, CONST|TMPVAR|CV) { USE_OPLINE zval *function_name; @@ -2259,52 +2267,61 @@ ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) zend_error_noreturn(E_ERROR, "Method name must be a string"); } - object = GET_OP1_OBJ_ZVAL_PTR_DEREF(BP_VAR_R); + object = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_R); - if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; + do { + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; - if (UNEXPECTED(EG(exception) != NULL)) { - FREE_OP2(); - HANDLE_EXCEPTION(); - } + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - FREE_OP2(); - FREE_OP1_IF_VAR(); + if (UNEXPECTED(EG(exception) != NULL)) { + FREE_OP2(); + HANDLE_EXCEPTION(); + } - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + FREE_OP2(); + FREE_OP1(); - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); } - ZEND_VM_JMP(++opline); - } + } while (0); obj = Z_OBJ_P(object); called_scope = obj->ce; @@ -2340,7 +2357,7 @@ ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); FREE_OP2(); - FREE_OP1_IF_VAR(); + FREE_OP1(); CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -3022,14 +3039,22 @@ ZEND_VM_HANDLER(108, ZEND_THROW, CONST|TMP|VAR|CV, ANY) zend_free_op free_op1; SAVE_OPLINE(); - value = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R); + value = GET_OP1_ZVAL_PTR(BP_VAR_R); - if (OP1_TYPE == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (OP1_TYPE == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(value)) { + value = Z_REFVAL_P(value); + if (EXPECTED(Z_TYPE_P(value) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Can only throw objects"); } - zend_error_noreturn(E_ERROR, "Can only throw objects"); - } + } while (0); zend_exception_save(TSRMLS_C); if (OP1_TYPE != IS_TMP_VAR) { @@ -3427,9 +3452,15 @@ ZEND_VM_HANDLER(119, ZEND_SEND_ARRAY, ANY, ANY) zval *args; SAVE_OPLINE(); - args = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R); + args = GET_OP1_ZVAL_PTR(BP_VAR_R); - if (Z_TYPE_P(args) != IS_ARRAY) { + if (UNEXPECTED(Z_TYPE_P(args) != IS_ARRAY)) { + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(args)) { + args = Z_REFVAL_P(args); + if (EXPECTED(Z_TYPE_P(args) == IS_ARRAY)) { + ZEND_VM_C_GOTO(send_array); + } + } zend_error(E_WARNING, "call_user_func_array() expects parameter 2 to be array, %s given", zend_get_type_by_const(Z_TYPE_P(args))); if (EX(call)->func->common.fn_flags & ZEND_ACC_CLOSURE) { OBJ_RELEASE((zend_object*)EX(call)->func->common.prototype); @@ -3441,11 +3472,13 @@ ZEND_VM_HANDLER(119, ZEND_SEND_ARRAY, ANY, ANY) EX(call)->called_scope = NULL; Z_OBJ(EX(call)->This) = NULL; } else { - uint32_t arg_num = 1; - - HashTable *ht = Z_ARRVAL_P(args); + uint32_t arg_num; + HashTable *ht; zval *arg, *param, tmp; +ZEND_VM_C_LABEL(send_array): + arg_num = 1; + ht = Z_ARRVAL_P(args); zend_vm_stack_extend_call_frame(&EX(call), 0, zend_hash_num_elements(ht) TSRMLS_CC); if (OP1_TYPE != IS_CONST && OP1_TYPE != IS_TMP_VAR && Z_IMMUTABLE_P(args)) { @@ -3814,7 +3847,7 @@ ZEND_VM_HANDLER(68, ZEND_NEW, CONST|VAR, ANY) constructor = Z_OBJ_HT(object_zval)->get_constructor(Z_OBJ(object_zval) TSRMLS_CC); if (constructor == NULL) { - if (RETURN_VALUE_USED(opline)) { + if (EXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &object_zval); } else { OBJ_RELEASE(Z_OBJ(object_zval)); @@ -3824,14 +3857,14 @@ ZEND_VM_HANDLER(68, ZEND_NEW, CONST|VAR, ANY) /* We are not handling overloaded classes right now */ EX(call) = zend_vm_stack_push_call_frame( ZEND_CALL_FUNCTION | ZEND_CALL_CTOR | - (RETURN_VALUE_USED(opline) ? 0 : ZEND_CALL_CTOR_RESULT_UNUSED), + (EXPECTED(RETURN_VALUE_USED(opline)) ? 0 : ZEND_CALL_CTOR_RESULT_UNUSED), constructor, opline->extended_value, ce, Z_OBJ(object_zval), EX(call) TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (EXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), &object_zval); EX(call)->return_value = EX_VAR(opline->result.var); } else { @@ -3843,7 +3876,7 @@ ZEND_VM_HANDLER(68, ZEND_NEW, CONST|VAR, ANY) } } -ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMP|VAR|UNUSED|CV, ANY) +ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMPVAR|UNUSED|CV, ANY) { USE_OPLINE zend_free_op free_op1; @@ -3853,15 +3886,23 @@ ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMP|VAR|UNUSED|CV, ANY) zend_object_clone_obj_t clone_call; SAVE_OPLINE(); - obj = GET_OP1_OBJ_ZVAL_PTR_DEREF(BP_VAR_R); + obj = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_R); - if (OP1_TYPE == IS_CONST || - (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (OP1_TYPE == IS_CONST || + (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(obj)) { + obj = Z_REFVAL_P(obj); + if (EXPECTED(Z_TYPE_P(obj) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "__clone method called on non-object"); } - zend_error_noreturn(E_ERROR, "__clone method called on non-object"); - } + } while (0); ce = Z_OBJCE_P(obj); clone = ce ? ce->clone : NULL; @@ -3892,11 +3933,11 @@ ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMP|VAR|UNUSED|CV, ANY) if (EXPECTED(EG(exception) == NULL)) { ZVAL_OBJ(EX_VAR(opline->result.var), clone_call(obj TSRMLS_CC)); - if (!RETURN_VALUE_USED(opline) || UNEXPECTED(EG(exception) != NULL)) { + if (UNEXPECTED(!RETURN_VALUE_USED(opline)) || UNEXPECTED(EG(exception) != NULL)) { OBJ_RELEASE(Z_OBJ_P(EX_VAR(opline->result.var))); } } - FREE_OP1_IF_VAR(); + FREE_OP1(); CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); } @@ -4126,7 +4167,7 @@ ZEND_VM_HANDLER(21, ZEND_CAST, CONST|TMP|VAR|CV, ANY) zval *result = EX_VAR(opline->result.var); SAVE_OPLINE(); - expr = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R); + expr = GET_OP1_ZVAL_PTR(BP_VAR_R); switch (opline->extended_value) { case IS_NULL: @@ -4159,6 +4200,9 @@ ZEND_VM_HANDLER(21, ZEND_CAST, CONST|TMP|VAR|CV, ANY) ZVAL_STR(result, zval_get_string(expr)); break; default: + if (OP1_TYPE & (IS_VAR|IS_CV)) { + ZVAL_DEREF(expr); + } /* If value is already of correct type, return it directly */ if (Z_TYPE_P(expr) == opline->extended_value) { ZVAL_COPY_VALUE(result, expr); @@ -4434,15 +4478,15 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMPVAR|CV) if (OP1_TYPE == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (OP1_TYPE != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = GET_OP2_ZVAL_PTR(BP_VAR_R); +ZEND_VM_C_LABEL(unset_dim_again): if (OP1_TYPE != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + ZEND_VM_C_LABEL(offset_again): + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -4495,7 +4539,10 @@ ZEND_VM_C_LABEL(num_index_dim): //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); FREE_OP2(); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (OP1_TYPE != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + ZEND_VM_C_GOTO(unset_dim_again); + } else if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -4520,16 +4567,24 @@ ZEND_VM_HANDLER(76, ZEND_UNSET_OBJ, VAR|UNUSED|CV, CONST|TMPVAR|CV) } offset = GET_OP2_ZVAL_PTR(BP_VAR_R); - if (OP1_TYPE != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (OP1_TYPE == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { + do { + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { + break; + } + } else { + break; + } + } if (Z_OBJ_HT_P(container)->unset_property) { Z_OBJ_HT_P(container)->unset_property(container, offset, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } + } while (0); + FREE_OP2(); FREE_OP1_VAR_PTR(); CHECK_EXCEPTION(); @@ -5049,7 +5104,7 @@ ZEND_VM_HANDLER(114, ZEND_ISSET_ISEMPTY_VAR, CONST|TMPVAR|CV, UNUSED|CONST|VAR) } } -ZEND_VM_HANDLER(115, ZEND_ISSET_ISEMPTY_DIM_OBJ, CONST|TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) +ZEND_VM_HANDLER(115, ZEND_ISSET_ISEMPTY_DIM_OBJ, CONST|TMPVAR|UNUSED|CV, CONST|TMPVAR|CV) { USE_OPLINE zend_free_op free_op1, free_op2; @@ -5059,9 +5114,10 @@ ZEND_VM_HANDLER(115, ZEND_ISSET_ISEMPTY_DIM_OBJ, CONST|TMP|VAR|UNUSED|CV, CONST| zval *offset; SAVE_OPLINE(); - container = GET_OP1_OBJ_ZVAL_PTR_DEREF(BP_VAR_IS); + container = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_IS); offset = GET_OP2_ZVAL_PTR(BP_VAR_R); +ZEND_VM_C_LABEL(isset_dim_obj_again): if (OP1_TYPE != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -5152,6 +5208,9 @@ ZEND_VM_C_LABEL(num_index_prop): if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + ZEND_VM_C_GOTO(isset_dim_obj_again); } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -5163,7 +5222,7 @@ ZEND_VM_C_LABEL(num_index_prop): ZEND_VM_NEXT_OPCODE(); } -ZEND_VM_HANDLER(148, ZEND_ISSET_ISEMPTY_PROP_OBJ, CONST|TMP|VAR|UNUSED|CV, CONST|TMPVAR|CV) +ZEND_VM_HANDLER(148, ZEND_ISSET_ISEMPTY_PROP_OBJ, CONST|TMPVAR|UNUSED|CV, CONST|TMPVAR|CV) { USE_OPLINE zend_free_op free_op1, free_op2; @@ -5172,21 +5231,28 @@ ZEND_VM_HANDLER(148, ZEND_ISSET_ISEMPTY_PROP_OBJ, CONST|TMP|VAR|UNUSED|CV, CONST zval *offset; SAVE_OPLINE(); - container = GET_OP1_OBJ_ZVAL_PTR_DEREF(BP_VAR_IS); + container = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_IS); offset = GET_OP2_ZVAL_PTR(BP_VAR_R); - if (OP1_TYPE == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (OP1_TYPE != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + ZEND_VM_C_GOTO(isset_no_object); + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + ZEND_VM_C_GOTO(isset_no_object); } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +ZEND_VM_C_LABEL(isset_no_object): + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((OP2_TYPE == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } FREE_OP2(); @@ -5196,7 +5262,7 @@ ZEND_VM_HANDLER(148, ZEND_ISSET_ISEMPTY_PROP_OBJ, CONST|TMP|VAR|UNUSED|CV, CONST ZEND_VM_NEXT_OPCODE(); } -ZEND_VM_HANDLER(79, ZEND_EXIT, CONST|TMP|VAR|UNUSED|CV, ANY) +ZEND_VM_HANDLER(79, ZEND_EXIT, CONST|TMPVAR|UNUSED|CV, ANY) { #if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) USE_OPLINE @@ -5204,13 +5270,22 @@ ZEND_VM_HANDLER(79, ZEND_EXIT, CONST|TMP|VAR|UNUSED|CV, ANY) SAVE_OPLINE(); if (OP1_TYPE != IS_UNUSED) { zend_free_op free_op1; - zval *ptr = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R); + zval *ptr = GET_OP1_ZVAL_PTR(BP_VAR_R); - if (Z_TYPE_P(ptr) == IS_LONG) { - EG(exit_status) = Z_LVAL_P(ptr); - } else { - zend_print_variable(ptr TSRMLS_CC); - } + do { + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + } else { + if ((OP1_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(ptr)) { + ptr = Z_REFVAL_P(ptr); + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + break; + } + } + zend_print_variable(ptr TSRMLS_CC); + } + } while (0); FREE_OP1(); } #endif diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 2f0de8e38d..e542fd538d 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -689,7 +689,7 @@ static int ZEND_FASTCALL ZEND_SEND_UNPACK_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS int arg_num; SAVE_OPLINE(); - args = get_zval_ptr(opline->op1_type, &opline->op1, execute_data, &free_op1, BP_VAR_R); + args = get_zval_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, BP_VAR_R); arg_num = ZEND_CALL_NUM_ARGS(EX(call)) + 1; send_again: @@ -854,9 +854,15 @@ static int ZEND_FASTCALL ZEND_SEND_ARRAY_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval *args; SAVE_OPLINE(); - args = get_zval_ptr_deref(opline->op1_type, &opline->op1, execute_data, &free_op1, BP_VAR_R); + args = get_zval_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, BP_VAR_R); - if (Z_TYPE_P(args) != IS_ARRAY) { + if (UNEXPECTED(Z_TYPE_P(args) != IS_ARRAY)) { + if ((opline->op1_type & (IS_VAR|IS_CV)) && Z_ISREF_P(args)) { + args = Z_REFVAL_P(args); + if (EXPECTED(Z_TYPE_P(args) == IS_ARRAY)) { + goto send_array; + } + } zend_error(E_WARNING, "call_user_func_array() expects parameter 2 to be array, %s given", zend_get_type_by_const(Z_TYPE_P(args))); if (EX(call)->func->common.fn_flags & ZEND_ACC_CLOSURE) { OBJ_RELEASE((zend_object*)EX(call)->func->common.prototype); @@ -868,11 +874,13 @@ static int ZEND_FASTCALL ZEND_SEND_ARRAY_SPEC_HANDLER(ZEND_OPCODE_HANDLER_ARGS) EX(call)->called_scope = NULL; Z_OBJ(EX(call)->This) = NULL; } else { - uint32_t arg_num = 1; - - HashTable *ht = Z_ARRVAL_P(args); + uint32_t arg_num; + HashTable *ht; zval *arg, *param, tmp; +send_array: + arg_num = 1; + ht = Z_ARRVAL_P(args); zend_vm_stack_extend_call_frame(&EX(call), 0, zend_hash_num_elements(ht) TSRMLS_CC); if (opline->op1_type != IS_CONST && opline->op1_type != IS_TMP_VAR && Z_IMMUTABLE_P(args)) { @@ -2517,12 +2525,20 @@ static int ZEND_FASTCALL ZEND_THROW_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS SAVE_OPLINE(); value = opline->op1.zv; - if (IS_CONST == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (IS_CONST == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(value)) { + value = Z_REFVAL_P(value); + if (EXPECTED(Z_TYPE_P(value) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Can only throw objects"); } - zend_error_noreturn(E_ERROR, "Can only throw objects"); - } + } while (0); zend_exception_save(TSRMLS_C); if (IS_CONST != IS_TMP_VAR) { @@ -2631,7 +2647,7 @@ static int ZEND_FASTCALL ZEND_NEW_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) constructor = Z_OBJ_HT(object_zval)->get_constructor(Z_OBJ(object_zval) TSRMLS_CC); if (constructor == NULL) { - if (RETURN_VALUE_USED(opline)) { + if (EXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &object_zval); } else { OBJ_RELEASE(Z_OBJ(object_zval)); @@ -2641,14 +2657,14 @@ static int ZEND_FASTCALL ZEND_NEW_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) /* We are not handling overloaded classes right now */ EX(call) = zend_vm_stack_push_call_frame( ZEND_CALL_FUNCTION | ZEND_CALL_CTOR | - (RETURN_VALUE_USED(opline) ? 0 : ZEND_CALL_CTOR_RESULT_UNUSED), + (EXPECTED(RETURN_VALUE_USED(opline)) ? 0 : ZEND_CALL_CTOR_RESULT_UNUSED), constructor, opline->extended_value, ce, Z_OBJ(object_zval), EX(call) TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (EXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), &object_zval); EX(call)->return_value = EX_VAR(opline->result.var); } else { @@ -2672,13 +2688,21 @@ static int ZEND_FASTCALL ZEND_CLONE_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS SAVE_OPLINE(); obj = opline->op1.zv; - if (IS_CONST == IS_CONST || - (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (IS_CONST == IS_CONST || + (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(obj)) { + obj = Z_REFVAL_P(obj); + if (EXPECTED(Z_TYPE_P(obj) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "__clone method called on non-object"); } - zend_error_noreturn(E_ERROR, "__clone method called on non-object"); - } + } while (0); ce = Z_OBJCE_P(obj); clone = ce ? ce->clone : NULL; @@ -2709,7 +2733,7 @@ static int ZEND_FASTCALL ZEND_CLONE_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS if (EXPECTED(EG(exception) == NULL)) { ZVAL_OBJ(EX_VAR(opline->result.var), clone_call(obj TSRMLS_CC)); - if (!RETURN_VALUE_USED(opline) || UNEXPECTED(EG(exception) != NULL)) { + if (UNEXPECTED(!RETURN_VALUE_USED(opline)) || UNEXPECTED(EG(exception) != NULL)) { OBJ_RELEASE(Z_OBJ_P(EX_VAR(opline->result.var))); } } @@ -2759,6 +2783,9 @@ static int ZEND_FASTCALL ZEND_CAST_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ZVAL_STR(result, zval_get_string(expr)); break; default: + if (IS_CONST & (IS_VAR|IS_CV)) { + ZVAL_DEREF(expr); + } /* If value is already of correct type, return it directly */ if (Z_TYPE_P(expr) == opline->extended_value) { ZVAL_COPY_VALUE(result, expr); @@ -3145,11 +3172,20 @@ static int ZEND_FASTCALL ZEND_EXIT_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval *ptr = opline->op1.zv; - if (Z_TYPE_P(ptr) == IS_LONG) { - EG(exit_status) = Z_LVAL_P(ptr); - } else { - zend_print_variable(ptr TSRMLS_CC); - } + do { + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + } else { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(ptr)) { + ptr = Z_REFVAL_P(ptr); + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + break; + } + } + zend_print_variable(ptr TSRMLS_CC); + } + } while (0); } #endif @@ -3827,7 +3863,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CONST_CONST_HANDLER(ZEND_ if (IS_CONST == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_CONST == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -3859,8 +3894,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_ container = opline->op1.zv; offset = opline->op2.zv; - if ((IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -3913,8 +3958,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE container = opline->op1.zv; offset = opline->op2.zv; - if ((IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -3996,6 +4051,7 @@ static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_H SAVE_OPLINE(); container = opline->op1.zv; +try_fetch_list: if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), opline->op2.zv, IS_CONST, BP_VAR_R TSRMLS_CC); @@ -4013,6 +4069,9 @@ static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_H } else { ZVAL_NULL(result); } + } else if (Z_TYPE_P(container) == IS_REFERENCE) { + container = Z_REFVAL_P(container); + goto try_fetch_list; } else { ZVAL_NULL(EX_VAR(opline->result.var)); } @@ -4588,6 +4647,7 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CONST_CONST_HANDLER(ZE container = opline->op1.zv; offset = opline->op2.zv; +isset_dim_obj_again: if (IS_CONST != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -4678,6 +4738,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -4700,18 +4763,25 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CONST_CONST_HANDLER(Z container = opline->op1.zv; offset = opline->op2.zv; - if (IS_CONST == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } ZVAL_BOOL(EX_VAR(opline->result.var), result); @@ -5681,7 +5751,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CONST_UNUSED_HANDLER(ZEND if (IS_CONST == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_CONST == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -6567,7 +6636,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CONST_CV_HANDLER(ZEND_OPC if (IS_CONST == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_CONST == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -6599,8 +6667,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_CONST_CV_HANDLER(ZEND_OPCODE_HAN container = opline->op1.zv; offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -6653,8 +6731,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_CONST_CV_HANDLER(ZEND_OPCODE_HA container = opline->op1.zv; offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -7102,6 +7190,7 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CONST_CV_HANDLER(ZEND_ container = opline->op1.zv; offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); +isset_dim_obj_again: if (IS_CONST != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -7192,6 +7281,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -7214,18 +7306,25 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CONST_CV_HANDLER(ZEND container = opline->op1.zv; offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_CONST == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } ZVAL_BOOL(EX_VAR(opline->result.var), result); @@ -7670,7 +7769,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CONST_TMPVAR_HANDLER(ZEND if (IS_CONST == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); if (IS_CONST == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -7702,8 +7800,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_CONST_TMPVAR_HANDLER(ZEND_OPCODE container = opline->op1.zv; offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -7757,8 +7865,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_CONST_TMPVAR_HANDLER(ZEND_OPCOD container = opline->op1.zv; offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -8158,6 +8276,7 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CONST_TMPVAR_HANDLER(Z container = opline->op1.zv; offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); +isset_dim_obj_again: if (IS_CONST != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -8248,6 +8367,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -8271,18 +8393,25 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CONST_TMPVAR_HANDLER( container = opline->op1.zv; offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if (IS_CONST == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_CONST != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } zval_ptr_dtor_nogc(free_op2); @@ -8408,12 +8537,20 @@ static int ZEND_FASTCALL ZEND_THROW_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) SAVE_OPLINE(); value = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - if (IS_TMP_VAR == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (IS_TMP_VAR == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { + if ((IS_TMP_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(value)) { + value = Z_REFVAL_P(value); + if (EXPECTED(Z_TYPE_P(value) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Can only throw objects"); } - zend_error_noreturn(E_ERROR, "Can only throw objects"); - } + } while (0); zend_exception_save(TSRMLS_C); if (IS_TMP_VAR != IS_TMP_VAR) { @@ -8467,64 +8604,6 @@ static int ZEND_FASTCALL ZEND_SEND_VAL_EX_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_CLONE_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *obj; - zend_class_entry *ce; - zend_function *clone; - zend_object_clone_obj_t clone_call; - - SAVE_OPLINE(); - obj = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - - if (IS_TMP_VAR == IS_CONST || - (IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "__clone method called on non-object"); - } - - ce = Z_OBJCE_P(obj); - clone = ce ? ce->clone : NULL; - clone_call = Z_OBJ_HT_P(obj)->clone_obj; - if (UNEXPECTED(clone_call == NULL)) { - if (ce) { - zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object of class %s", ce->name->val); - } else { - zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object"); - } - } - - if (ce && clone) { - if (clone->op_array.fn_flags & ZEND_ACC_PRIVATE) { - /* Ensure that if we're calling a private function, we're allowed to do so. - */ - if (UNEXPECTED(ce != EG(scope))) { - zend_error_noreturn(E_ERROR, "Call to private %s::__clone() from context '%s'", ce->name->val, EG(scope) ? EG(scope)->name->val : ""); - } - } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) { - /* Ensure that if we're calling a protected function, we're allowed to do so. - */ - if (UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), EG(scope)))) { - zend_error_noreturn(E_ERROR, "Call to protected %s::__clone() from context '%s'", ce->name->val, EG(scope) ? EG(scope)->name->val : ""); - } - } - } - - if (EXPECTED(EG(exception) == NULL)) { - ZVAL_OBJ(EX_VAR(opline->result.var), clone_call(obj TSRMLS_CC)); - if (!RETURN_VALUE_USED(opline) || UNEXPECTED(EG(exception) != NULL)) { - OBJ_RELEASE(Z_OBJ_P(EX_VAR(opline->result.var))); - } - } - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_CAST_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -8566,6 +8645,9 @@ static int ZEND_FASTCALL ZEND_CAST_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ZVAL_STR(result, zval_get_string(expr)); break; default: + if (IS_TMP_VAR & (IS_VAR|IS_CV)) { + ZVAL_DEREF(expr); + } /* If value is already of correct type, return it directly */ if (Z_TYPE_P(expr) == opline->extended_value) { ZVAL_COPY_VALUE(result, expr); @@ -8817,28 +8899,6 @@ static int ZEND_FASTCALL ZEND_FE_RESET_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARG } } -static int ZEND_FASTCALL ZEND_EXIT_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ -#if 0 || (IS_TMP_VAR != IS_UNUSED) - USE_OPLINE - - SAVE_OPLINE(); - if (IS_TMP_VAR != IS_UNUSED) { - zend_free_op free_op1; - zval *ptr = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - - if (Z_TYPE_P(ptr) == IS_LONG) { - EG(exit_status) = Z_LVAL_P(ptr); - } else { - zend_print_variable(ptr TSRMLS_CC); - } - zval_ptr_dtor_nogc(free_op1); - } -#endif - zend_bailout(); - ZEND_VM_NEXT_OPCODE(); /* Never reached */ -} - static int ZEND_FASTCALL ZEND_END_SILENCE_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -9022,36 +9082,6 @@ static int ZEND_FASTCALL ZEND_IS_NOT_IDENTICAL_SPEC_TMP_CONST_HANDLER(ZEND_OPCO ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -9068,7 +9098,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_CONST_HANDLER(ZEND_OP if (IS_TMP_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_TMP_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -9100,62 +9129,19 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HA container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); offset = opline->op2.zv; - if ((IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { - zend_error(E_NOTICE, "Trying to get property of non-object"); - ZVAL_NULL(EX_VAR(opline->result.var)); - } else { - zval *retval; - - /* here we are sure we are dealing with an object */ - do { - if (IS_CONST == IS_CONST && - EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { - zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); - zend_object *zobj = Z_OBJ_P(container); - - if (EXPECTED(prop_info)) { - retval = OBJ_PROP(zobj, prop_info->offset); - if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } else if (EXPECTED(zobj->properties != NULL)) { - retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); - if (EXPECTED(retval)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } - } - - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); - - if (retval != EX_VAR(opline->result.var)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); + if (IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_TMP_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; } - } while (0); + } else { + goto fetch_obj_r_no_object; + } } - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = opline->op2.zv; - - if ((IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: + zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -9182,7 +9168,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_H } } - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); + retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); if (retval != EX_VAR(opline->result.var)) { ZVAL_COPY(EX_VAR(opline->result.var), retval); @@ -9228,39 +9214,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_FUNC_ARG_SPEC_TMP_CONST_HANDLER(ZEND_OP } } -static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - - if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - - zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), opline->op2.zv, IS_CONST, BP_VAR_R TSRMLS_CC); - - ZVAL_COPY(EX_VAR(opline->result.var), value); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT) && - EXPECTED(Z_OBJ_HT_P(container)->read_dimension)) { - zval *result = EX_VAR(opline->result.var); - zval *retval = Z_OBJ_HT_P(container)->read_dimension(container, opline->op2.zv, BP_VAR_R, result TSRMLS_CC); - - if (retval) { - if (result != retval) { - ZVAL_COPY(result, retval); - } - } else { - ZVAL_NULL(result); - } - } else { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_ADD_CHAR_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -9299,112 +9252,6 @@ static int ZEND_FASTCALL ZEND_ADD_STRING_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HAN ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zval *function_name; - zend_free_op free_op1; - zval *object; - zend_function *fbc; - zend_class_entry *called_scope; - zend_object *obj; - - SAVE_OPLINE(); - - function_name = opline->op2.zv; - - if (IS_CONST != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); - } - - object = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - - if (IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; - - if (UNEXPECTED(EG(exception) != NULL)) { - - HANDLE_EXCEPTION(); - } - - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - - - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; - } - ZEND_VM_JMP(++opline); - } - - obj = Z_OBJ_P(object); - called_scope = obj->ce; - - if (IS_CONST != IS_CONST || - EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { - zend_object *orig_obj = obj; - - if (UNEXPECTED(obj->handlers->get_method == NULL)) { - zend_error_noreturn(E_ERROR, "Object does not support method calls"); - } - - /* First, locate the function. */ - fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CONST == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); - if (UNEXPECTED(fbc == NULL)) { - zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); - } - if (IS_CONST == IS_CONST && - EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && - EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && - EXPECTED(obj == orig_obj)) { - CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); - } - } - - if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { - obj = NULL; - } else { - GC_REFCOUNT(obj)++; /* For $this pointer */ - } - - EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, - fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); - - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -9524,151 +9371,6 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HAN } } -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zend_ulong hval; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = opline->op2.zv; - - if (IS_TMP_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); - zval *value; - zend_string *str; - -isset_again: - if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { - str = Z_STR_P(offset); - if (IS_CONST != IS_CONST) { - if (ZEND_HANDLE_NUMERIC(str, hval)) { - goto num_index_prop; - } - } -str_index_prop: - value = zend_hash_find_ind(ht, str); - } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - hval = Z_LVAL_P(offset); -num_index_prop: - value = zend_hash_index_find(ht, hval); - } else { - switch (Z_TYPE_P(offset)) { - case IS_DOUBLE: - hval = zend_dval_to_lval(Z_DVAL_P(offset)); - goto num_index_prop; - case IS_NULL: - str = STR_EMPTY_ALLOC(); - goto str_index_prop; - case IS_FALSE: - hval = 0; - goto num_index_prop; - case IS_TRUE: - hval = 1; - goto num_index_prop; - case IS_RESOURCE: - hval = Z_RES_HANDLE_P(offset); - goto num_index_prop; - case IS_REFERENCE: - offset = Z_REFVAL_P(offset); - goto isset_again; - default: - zend_error(E_WARNING, "Illegal offset type in isset or empty"); - value = NULL; - break; - } - } - - if (opline->extended_value & ZEND_ISSET) { - /* > IS_NULL means not IS_UNDEF and not IS_NULL */ - result = value != NULL && Z_TYPE_P(value) > IS_NULL && - (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); - } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { - result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); - } - } else if (IS_TMP_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { - result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check element of non-array"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ - zval tmp; - - result = 0; - if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { - if (IS_CONST & (IS_CV|IS_VAR)) { - ZVAL_DEREF(offset); - } - if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ - || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ - && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_DUP(&tmp, offset); - convert_to_long(&tmp); - offset = &tmp; - } - } - if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { - if ((opline->extended_value & ZEND_ISSET) || - Z_STRVAL_P(container)[offset->value.lval] != '0') { - result = 1; - } - } - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = opline->op2.zv; - - if (IS_TMP_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_YIELD_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -10140,7 +9842,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_UNUSED_HANDLER(ZEND_O if (IS_TMP_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_TMP_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -10441,36 +10142,6 @@ static int ZEND_FASTCALL ZEND_IS_NOT_IDENTICAL_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_ ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -10487,7 +10158,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_CV_HANDLER(ZEND_OPCOD if (IS_TMP_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_TMP_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -10519,62 +10189,19 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDL container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { - zend_error(E_NOTICE, "Trying to get property of non-object"); - ZVAL_NULL(EX_VAR(opline->result.var)); - } else { - zval *retval; - - /* here we are sure we are dealing with an object */ - do { - if (IS_CV == IS_CONST && - EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { - zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); - zend_object *zobj = Z_OBJ_P(container); - - if (EXPECTED(prop_info)) { - retval = OBJ_PROP(zobj, prop_info->offset); - if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } else if (EXPECTED(zobj->properties != NULL)) { - retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); - if (EXPECTED(retval)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } - } - - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); - - if (retval != EX_VAR(opline->result.var)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); + if (IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_TMP_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; } - } while (0); + } else { + goto fetch_obj_r_no_object; + } } - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if ((IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: + zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -10601,7 +10228,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HAND } } - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); + retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); if (retval != EX_VAR(opline->result.var)) { ZVAL_COPY(EX_VAR(opline->result.var), retval); @@ -10687,112 +10314,6 @@ static int ZEND_FASTCALL ZEND_ADD_VAR_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_A ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zval *function_name; - zend_free_op free_op1; - zval *object; - zend_function *fbc; - zend_class_entry *called_scope; - zend_object *obj; - - SAVE_OPLINE(); - - function_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if (IS_CV != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); - } - - object = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - - if (IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; - - if (UNEXPECTED(EG(exception) != NULL)) { - - HANDLE_EXCEPTION(); - } - - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - - - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; - } - ZEND_VM_JMP(++opline); - } - - obj = Z_OBJ_P(object); - called_scope = obj->ce; - - if (IS_CV != IS_CONST || - EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { - zend_object *orig_obj = obj; - - if (UNEXPECTED(obj->handlers->get_method == NULL)) { - zend_error_noreturn(E_ERROR, "Object does not support method calls"); - } - - /* First, locate the function. */ - fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CV == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); - if (UNEXPECTED(fbc == NULL)) { - zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); - } - if (IS_CV == IS_CONST && - EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && - EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && - EXPECTED(obj == orig_obj)) { - CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); - } - } - - if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { - obj = NULL; - } else { - GC_REFCOUNT(obj)++; /* For $this pointer */ - } - - EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, - fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); - - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -10912,151 +10433,6 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLE } } -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zend_ulong hval; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if (IS_TMP_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); - zval *value; - zend_string *str; - -isset_again: - if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { - str = Z_STR_P(offset); - if (IS_CV != IS_CONST) { - if (ZEND_HANDLE_NUMERIC(str, hval)) { - goto num_index_prop; - } - } -str_index_prop: - value = zend_hash_find_ind(ht, str); - } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - hval = Z_LVAL_P(offset); -num_index_prop: - value = zend_hash_index_find(ht, hval); - } else { - switch (Z_TYPE_P(offset)) { - case IS_DOUBLE: - hval = zend_dval_to_lval(Z_DVAL_P(offset)); - goto num_index_prop; - case IS_NULL: - str = STR_EMPTY_ALLOC(); - goto str_index_prop; - case IS_FALSE: - hval = 0; - goto num_index_prop; - case IS_TRUE: - hval = 1; - goto num_index_prop; - case IS_RESOURCE: - hval = Z_RES_HANDLE_P(offset); - goto num_index_prop; - case IS_REFERENCE: - offset = Z_REFVAL_P(offset); - goto isset_again; - default: - zend_error(E_WARNING, "Illegal offset type in isset or empty"); - value = NULL; - break; - } - } - - if (opline->extended_value & ZEND_ISSET) { - /* > IS_NULL means not IS_UNDEF and not IS_NULL */ - result = value != NULL && Z_TYPE_P(value) > IS_NULL && - (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); - } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { - result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); - } - } else if (IS_TMP_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { - result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check element of non-array"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ - zval tmp; - - result = 0; - if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { - if (IS_CV & (IS_CV|IS_VAR)) { - ZVAL_DEREF(offset); - } - if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ - || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ - && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_DUP(&tmp, offset); - convert_to_long(&tmp); - offset = &tmp; - } - } - if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { - if ((opline->extended_value & ZEND_ISSET) || - Z_STRVAL_P(container)[offset->value.lval] != '0') { - result = 1; - } - } - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if (IS_TMP_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_YIELD_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -11188,36 +10564,6 @@ static int ZEND_FASTCALL ZEND_YIELD_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARG ZEND_VM_RETURN(); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -11234,7 +10580,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_TMPVAR_HANDLER(ZEND_O if (IS_TMP_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); if (IS_TMP_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -11266,63 +10611,19 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_H container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { - zend_error(E_NOTICE, "Trying to get property of non-object"); - ZVAL_NULL(EX_VAR(opline->result.var)); - } else { - zval *retval; - - /* here we are sure we are dealing with an object */ - do { - if ((IS_TMP_VAR|IS_VAR) == IS_CONST && - EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { - zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); - zend_object *zobj = Z_OBJ_P(container); - - if (EXPECTED(prop_info)) { - retval = OBJ_PROP(zobj, prop_info->offset); - if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } else if (EXPECTED(zobj->properties != NULL)) { - retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); - if (EXPECTED(retval)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } - } - - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); - - if (retval != EX_VAR(opline->result.var)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); + if (IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_TMP_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; } - } while (0); + } else { + goto fetch_obj_r_no_object; + } } - - zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - zend_free_op free_op2; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if ((IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: + zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -11349,7 +10650,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_ } } - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); + retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); if (retval != EX_VAR(opline->result.var)) { ZVAL_COPY(EX_VAR(opline->result.var), retval); @@ -11437,113 +10738,6 @@ static int ZEND_FASTCALL ZEND_ADD_VAR_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDL ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zval *function_name; - zend_free_op free_op1, free_op2; - zval *object; - zend_function *fbc; - zend_class_entry *called_scope; - zend_object *obj; - - SAVE_OPLINE(); - - function_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if ((IS_TMP_VAR|IS_VAR) != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); - } - - object = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - - if (IS_TMP_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; - - if (UNEXPECTED(EG(exception) != NULL)) { - zval_ptr_dtor_nogc(free_op2); - HANDLE_EXCEPTION(); - } - - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - zval_ptr_dtor_nogc(free_op2); - - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; - } - ZEND_VM_JMP(++opline); - } - - obj = Z_OBJ_P(object); - called_scope = obj->ce; - - if ((IS_TMP_VAR|IS_VAR) != IS_CONST || - EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { - zend_object *orig_obj = obj; - - if (UNEXPECTED(obj->handlers->get_method == NULL)) { - zend_error_noreturn(E_ERROR, "Object does not support method calls"); - } - - /* First, locate the function. */ - fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); - if (UNEXPECTED(fbc == NULL)) { - zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); - } - if ((IS_TMP_VAR|IS_VAR) == IS_CONST && - EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && - EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && - EXPECTED(obj == orig_obj)) { - CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); - } - } - - if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { - obj = NULL; - } else { - GC_REFCOUNT(obj)++; /* For $this pointer */ - } - - EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, - fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op2); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -11663,153 +10857,6 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HA } } -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - int result; - zend_ulong hval; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if (IS_TMP_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); - zval *value; - zend_string *str; - -isset_again: - if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { - str = Z_STR_P(offset); - if ((IS_TMP_VAR|IS_VAR) != IS_CONST) { - if (ZEND_HANDLE_NUMERIC(str, hval)) { - goto num_index_prop; - } - } -str_index_prop: - value = zend_hash_find_ind(ht, str); - } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - hval = Z_LVAL_P(offset); -num_index_prop: - value = zend_hash_index_find(ht, hval); - } else { - switch (Z_TYPE_P(offset)) { - case IS_DOUBLE: - hval = zend_dval_to_lval(Z_DVAL_P(offset)); - goto num_index_prop; - case IS_NULL: - str = STR_EMPTY_ALLOC(); - goto str_index_prop; - case IS_FALSE: - hval = 0; - goto num_index_prop; - case IS_TRUE: - hval = 1; - goto num_index_prop; - case IS_RESOURCE: - hval = Z_RES_HANDLE_P(offset); - goto num_index_prop; - case IS_REFERENCE: - offset = Z_REFVAL_P(offset); - goto isset_again; - default: - zend_error(E_WARNING, "Illegal offset type in isset or empty"); - value = NULL; - break; - } - } - - if (opline->extended_value & ZEND_ISSET) { - /* > IS_NULL means not IS_UNDEF and not IS_NULL */ - result = value != NULL && Z_TYPE_P(value) > IS_NULL && - (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); - } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { - result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); - } - } else if (IS_TMP_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { - result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check element of non-array"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ - zval tmp; - - result = 0; - if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { - if ((IS_TMP_VAR|IS_VAR) & (IS_CV|IS_VAR)) { - ZVAL_DEREF(offset); - } - if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ - || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ - && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_DUP(&tmp, offset); - convert_to_long(&tmp); - offset = &tmp; - } - } - if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { - if ((opline->extended_value & ZEND_ISSET) || - Z_STRVAL_P(container)[offset->value.lval] != '0') { - result = 1; - } - } - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - zval_ptr_dtor_nogc(free_op2); - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - int result; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if (IS_TMP_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - zval_ptr_dtor_nogc(free_op2); - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_PRE_INC_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -11825,14 +10872,14 @@ static int ZEND_FASTCALL ZEND_PRE_INC_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS if (EXPECTED(Z_TYPE_P(var_ptr) == IS_LONG)) { fast_increment_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), var_ptr); } ZEND_VM_NEXT_OPCODE(); } if (IS_VAR == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) { - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } CHECK_EXCEPTION(); @@ -11844,7 +10891,7 @@ static int ZEND_FASTCALL ZEND_PRE_INC_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS increment_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); } @@ -11868,14 +10915,14 @@ static int ZEND_FASTCALL ZEND_PRE_DEC_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS if (EXPECTED(Z_TYPE_P(var_ptr) == IS_LONG)) { fast_decrement_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), var_ptr); } ZEND_VM_NEXT_OPCODE(); } if (IS_VAR == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) { - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } CHECK_EXCEPTION(); @@ -11887,7 +10934,7 @@ static int ZEND_FASTCALL ZEND_PRE_DEC_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS decrement_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); } @@ -12068,14 +11115,22 @@ static int ZEND_FASTCALL ZEND_THROW_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zend_free_op free_op1; SAVE_OPLINE(); - value = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + value = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); - if (IS_VAR == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (IS_VAR == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { + if ((IS_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(value)) { + value = Z_REFVAL_P(value); + if (EXPECTED(Z_TYPE_P(value) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Can only throw objects"); } - zend_error_noreturn(E_ERROR, "Can only throw objects"); - } + } while (0); zend_exception_save(TSRMLS_C); if (IS_VAR != IS_TMP_VAR) { @@ -12322,7 +11377,7 @@ static int ZEND_FASTCALL ZEND_NEW_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) constructor = Z_OBJ_HT(object_zval)->get_constructor(Z_OBJ(object_zval) TSRMLS_CC); if (constructor == NULL) { - if (RETURN_VALUE_USED(opline)) { + if (EXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), &object_zval); } else { OBJ_RELEASE(Z_OBJ(object_zval)); @@ -12332,14 +11387,14 @@ static int ZEND_FASTCALL ZEND_NEW_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) /* We are not handling overloaded classes right now */ EX(call) = zend_vm_stack_push_call_frame( ZEND_CALL_FUNCTION | ZEND_CALL_CTOR | - (RETURN_VALUE_USED(opline) ? 0 : ZEND_CALL_CTOR_RESULT_UNUSED), + (EXPECTED(RETURN_VALUE_USED(opline)) ? 0 : ZEND_CALL_CTOR_RESULT_UNUSED), constructor, opline->extended_value, ce, Z_OBJ(object_zval), EX(call) TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (EXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), &object_zval); EX(call)->return_value = EX_VAR(opline->result.var); } else { @@ -12351,64 +11406,6 @@ static int ZEND_FASTCALL ZEND_NEW_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) } } -static int ZEND_FASTCALL ZEND_CLONE_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *obj; - zend_class_entry *ce; - zend_function *clone; - zend_object_clone_obj_t clone_call; - - SAVE_OPLINE(); - obj = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - - if (IS_VAR == IS_CONST || - (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "__clone method called on non-object"); - } - - ce = Z_OBJCE_P(obj); - clone = ce ? ce->clone : NULL; - clone_call = Z_OBJ_HT_P(obj)->clone_obj; - if (UNEXPECTED(clone_call == NULL)) { - if (ce) { - zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object of class %s", ce->name->val); - } else { - zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object"); - } - } - - if (ce && clone) { - if (clone->op_array.fn_flags & ZEND_ACC_PRIVATE) { - /* Ensure that if we're calling a private function, we're allowed to do so. - */ - if (UNEXPECTED(ce != EG(scope))) { - zend_error_noreturn(E_ERROR, "Call to private %s::__clone() from context '%s'", ce->name->val, EG(scope) ? EG(scope)->name->val : ""); - } - } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) { - /* Ensure that if we're calling a protected function, we're allowed to do so. - */ - if (UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), EG(scope)))) { - zend_error_noreturn(E_ERROR, "Call to protected %s::__clone() from context '%s'", ce->name->val, EG(scope) ? EG(scope)->name->val : ""); - } - } - } - - if (EXPECTED(EG(exception) == NULL)) { - ZVAL_OBJ(EX_VAR(opline->result.var), clone_call(obj TSRMLS_CC)); - if (!RETURN_VALUE_USED(opline) || UNEXPECTED(EG(exception) != NULL)) { - OBJ_RELEASE(Z_OBJ_P(EX_VAR(opline->result.var))); - } - } - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_CAST_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -12417,7 +11414,7 @@ static int ZEND_FASTCALL ZEND_CAST_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval *result = EX_VAR(opline->result.var); SAVE_OPLINE(); - expr = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + expr = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); switch (opline->extended_value) { case IS_NULL: @@ -12450,6 +11447,9 @@ static int ZEND_FASTCALL ZEND_CAST_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ZVAL_STR(result, zval_get_string(expr)); break; default: + if (IS_VAR & (IS_VAR|IS_CV)) { + ZVAL_DEREF(expr); + } /* If value is already of correct type, return it directly */ if (Z_TYPE_P(expr) == opline->extended_value) { ZVAL_COPY_VALUE(result, expr); @@ -12952,28 +11952,6 @@ static int ZEND_FASTCALL ZEND_FE_FETCH_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARG } } -static int ZEND_FASTCALL ZEND_EXIT_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ -#if 0 || (IS_VAR != IS_UNUSED) - USE_OPLINE - - SAVE_OPLINE(); - if (IS_VAR != IS_UNUSED) { - zend_free_op free_op1; - zval *ptr = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - - if (Z_TYPE_P(ptr) == IS_LONG) { - EG(exit_status) = Z_LVAL_P(ptr); - } else { - zend_print_variable(ptr TSRMLS_CC); - } - zval_ptr_dtor_nogc(free_op1); - } -#endif - zend_bailout(); - ZEND_VM_NEXT_OPCODE(); /* Never reached */ -} - static int ZEND_FASTCALL ZEND_JMP_SET_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -13159,47 +12137,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_VAR_CONST(int (*b zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -13209,28 +12176,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_VAR_CONST(int (*b } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - FREE_OP(free_op_data1); - } + } while (0); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_obj has two opcodes! */ @@ -13251,44 +12212,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_VAR_CONST(int (*b if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_CONST != IS_UNUSED) - if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_VAR == IS_VAR && !(free_op1 != NULL)) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_VAR_CONST(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = opline->op2.zv; - zend_fetch_dimension_address_RW(&rv, container, dim, IS_CONST TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_VAR != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_CONST != IS_UNUSED) + if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_CONST TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -13334,9 +12298,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_helper_SPEC_VAR_CONST(int (*binar static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13354,9 +12318,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13374,9 +12338,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13394,9 +12358,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13414,9 +12378,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13434,9 +12398,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13454,9 +12418,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13474,9 +12438,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13494,9 +12458,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13514,9 +12478,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13534,9 +12498,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CONST(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -13570,62 +12534,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_VAR_CONST(incdec_t zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; CHECK_EXCEPTION(); @@ -13660,56 +12622,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_VAR_CONST(incdec_ zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - ZVAL_NULL(retval); - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; + + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; CHECK_EXCEPTION(); @@ -13726,21 +12685,6 @@ static int ZEND_FASTCALL ZEND_POST_DEC_OBJ_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_H return zend_post_incdec_property_helper_SPEC_VAR_CONST(decrement_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -13753,7 +12697,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HA if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -13776,7 +12719,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_H if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -13787,21 +12729,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_H ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -13818,7 +12745,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_CONST_HANDLER(ZEND_OP if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -13829,7 +12755,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_CONST_HANDLER(ZEND_OP if (IS_CONST == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); zval_ptr_dtor_nogc(free_op1); @@ -13850,7 +12776,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_UNSET_SPEC_VAR_CONST_HANDLER(ZEND_OPCOD if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_UNSET(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -13870,11 +12795,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HA zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); offset = opline->op2.zv; - if ((IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -13964,59 +12899,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_RW_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_H ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = opline->op2.zv; - - if ((IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } else { - zval *retval; - - /* here we are sure we are dealing with an object */ - do { - if (IS_CONST == IS_CONST && - EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { - zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); - zend_object *zobj = Z_OBJ_P(container); - - if (EXPECTED(prop_info)) { - retval = OBJ_PROP(zobj, prop_info->offset); - if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } else if (EXPECTED(zobj->properties != NULL)) { - retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); - if (EXPECTED(retval)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } - } - - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); - - if (retval != EX_VAR(opline->result.var)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - } - } while (0); - } - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_OBJ_FUNC_ARG_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -14073,39 +12955,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_UNSET_SPEC_VAR_CONST_HANDLER(ZEND_OPCOD ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - - if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - - zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), opline->op2.zv, IS_CONST, BP_VAR_R TSRMLS_CC); - - ZVAL_COPY(EX_VAR(opline->result.var), value); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT) && - EXPECTED(Z_OBJ_HT_P(container)->read_dimension)) { - zval *result = EX_VAR(opline->result.var); - zval *retval = Z_OBJ_HT_P(container)->read_dimension(container, opline->op2.zv, BP_VAR_R, result TSRMLS_CC); - - if (retval) { - if (result != retval) { - ZVAL_COPY(result, retval); - } - } else { - ZVAL_NULL(result); - } - } else { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -14120,7 +12969,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN if (IS_VAR == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_VAR, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_VAR, property_name, IS_CONST, (opline+1)->op1_type, (opline+1)->op1, execute_data, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_obj has two opcodes! */ @@ -14134,6 +12983,11 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN USE_OPLINE zend_free_op free_op1; zval *object_ptr; + zend_free_op free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); object_ptr = _get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1); @@ -14141,48 +12995,51 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN if (IS_VAR == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - - zval *property_name = opline->op2.zv; - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_VAR, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = opline->op2.zv; + zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CONST TSRMLS_CC); - } else { - zend_free_op free_op_data1; - zval rv; - zval *value; - zval *dim = opline->op2.zv; - zval *variable_ptr; - - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CONST TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + + zval *property_name = opline->op2.zv; + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = opline->op2.zv; + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; + } else { + goto try_assign_dim_array; } if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_dim has two opcodes! */ @@ -14206,12 +13063,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER if (IS_CONST == IS_TMP_VAR) { } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_CONST TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -14223,114 +13080,6 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zval *function_name; - zend_free_op free_op1; - zval *object; - zend_function *fbc; - zend_class_entry *called_scope; - zend_object *obj; - - SAVE_OPLINE(); - - function_name = opline->op2.zv; - - if (IS_CONST != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); - } - - object = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; - - if (UNEXPECTED(EG(exception) != NULL)) { - - HANDLE_EXCEPTION(); - } - - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - - zval_ptr_dtor_nogc(free_op1); - - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; - } - ZEND_VM_JMP(++opline); - } - - obj = Z_OBJ_P(object); - called_scope = obj->ce; - - if (IS_CONST != IS_CONST || - EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { - zend_object *orig_obj = obj; - - if (UNEXPECTED(obj->handlers->get_method == NULL)) { - zend_error_noreturn(E_ERROR, "Object does not support method calls"); - } - - /* First, locate the function. */ - fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CONST == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); - if (UNEXPECTED(fbc == NULL)) { - zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); - } - if (IS_CONST == IS_CONST && - EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && - EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && - EXPECTED(obj == orig_obj)) { - CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); - } - } - - if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { - obj = NULL; - } else { - GC_REFCOUNT(obj)++; /* For $this pointer */ - } - - EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, - fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -14685,15 +13434,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAND if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = opline->op2.zv; +unset_dim_again: if (IS_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -14746,7 +13495,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_VAR != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -14771,163 +13523,25 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAND } offset = opline->op2.zv; - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_VAR == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { - if (Z_OBJ_HT_P(container)->unset_property) { - Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to unset property of non-object"); - } - } - - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zend_ulong hval; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = opline->op2.zv; - - if (IS_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); - zval *value; - zend_string *str; - -isset_again: - if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { - str = Z_STR_P(offset); - if (IS_CONST != IS_CONST) { - if (ZEND_HANDLE_NUMERIC(str, hval)) { - goto num_index_prop; - } - } -str_index_prop: - value = zend_hash_find_ind(ht, str); - } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - hval = Z_LVAL_P(offset); -num_index_prop: - value = zend_hash_index_find(ht, hval); - } else { - switch (Z_TYPE_P(offset)) { - case IS_DOUBLE: - hval = zend_dval_to_lval(Z_DVAL_P(offset)); - goto num_index_prop; - case IS_NULL: - str = STR_EMPTY_ALLOC(); - goto str_index_prop; - case IS_FALSE: - hval = 0; - goto num_index_prop; - case IS_TRUE: - hval = 1; - goto num_index_prop; - case IS_RESOURCE: - hval = Z_RES_HANDLE_P(offset); - goto num_index_prop; - case IS_REFERENCE: - offset = Z_REFVAL_P(offset); - goto isset_again; - default: - zend_error(E_WARNING, "Illegal offset type in isset or empty"); - value = NULL; + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { break; - } - } - - if (opline->extended_value & ZEND_ISSET) { - /* > IS_NULL means not IS_UNDEF and not IS_NULL */ - result = value != NULL && Z_TYPE_P(value) > IS_NULL && - (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); - } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { - result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); - } - } else if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { - result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check element of non-array"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ - zval tmp; - - result = 0; - if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { - if (IS_CONST & (IS_CV|IS_VAR)) { - ZVAL_DEREF(offset); - } - if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ - || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ - && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_DUP(&tmp, offset); - convert_to_long(&tmp); - offset = &tmp; - } - } - if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { - if ((opline->extended_value & ZEND_ISSET) || - Z_STRVAL_P(container)[offset->value.lval] != '0') { - result = 1; } + } else { + break; } } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = opline->op2.zv; - - if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (Z_OBJ_HT_P(container)->unset_property) { + Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; + zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } + } while (0); - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); + if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); } @@ -15115,12 +13729,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLER_A if (IS_TMP_VAR == IS_TMP_VAR) { zval_ptr_dtor_nogc(free_op2); } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_TMP_VAR TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -15310,12 +13924,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDLER_A if (IS_VAR == IS_TMP_VAR) { zval_ptr_dtor_nogc(free_op2); } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_VAR TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -15382,7 +13996,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDL } } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), variable_ptr); } @@ -15537,44 +14151,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_VAR_UNUSED(int (* if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_UNUSED != IS_UNUSED) - if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_VAR == IS_VAR && !(free_op1 != NULL)) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_VAR_UNUSED(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = NULL; - zend_fetch_dimension_address_RW(&rv, container, dim, IS_UNUSED TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_VAR != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_UNUSED != IS_UNUSED) + if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_UNUSED TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -15585,9 +14202,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_VAR_UNUSED(int (* static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15605,9 +14222,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15625,9 +14242,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15645,9 +14262,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15665,9 +14282,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15685,9 +14302,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15705,9 +14322,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15725,9 +14342,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15745,9 +14362,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15765,9 +14382,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15785,9 +14402,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_UNUSED(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -15815,7 +14432,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_H if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -15838,7 +14454,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_ if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -15865,7 +14480,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_UNUSED_HANDLER(ZEND_O if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -15876,7 +14490,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_UNUSED_HANDLER(ZEND_O if (IS_UNUSED == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); zval_ptr_dtor_nogc(free_op1); @@ -15890,6 +14504,11 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA USE_OPLINE zend_free_op free_op1; zval *object_ptr; + zend_free_op free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); object_ptr = _get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1); @@ -15897,48 +14516,51 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA if (IS_VAR == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - zval *property_name = NULL; - - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_VAR, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, ((IS_UNUSED == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); - - } else { - zend_free_op free_op_data1; - zval rv; - zval *value; - zval *dim = NULL; - zval *variable_ptr; - - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = NULL; + zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_UNUSED TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_UNUSED TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + + zval *property_name = NULL; + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = NULL; + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; + } else { + goto try_assign_dim_array; } if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_dim has two opcodes! */ @@ -16384,47 +15006,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_VAR_CV(int (*bina zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -16434,28 +15045,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_VAR_CV(int (*bina } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - FREE_OP(free_op_data1); - } + } while (0); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_obj has two opcodes! */ @@ -16476,44 +15081,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_VAR_CV(int (*bina if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_CV != IS_UNUSED) - if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_VAR == IS_VAR && !(free_op1 != NULL)) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_VAR_CV(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - zend_fetch_dimension_address_RW(&rv, container, dim, IS_CV TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_VAR != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_CV != IS_UNUSED) + if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_CV TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -16559,9 +15167,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_helper_SPEC_VAR_CV(int (*binary_o static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16579,9 +15187,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16599,9 +15207,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16619,9 +15227,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16639,9 +15247,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16659,9 +15267,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16679,9 +15287,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16699,9 +15307,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16719,9 +15327,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16739,9 +15347,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16759,9 +15367,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_CV(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -16795,62 +15403,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_VAR_CV(incdec_t in zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; CHECK_EXCEPTION(); @@ -16885,56 +15491,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_VAR_CV(incdec_t i zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - ZVAL_NULL(retval); - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; CHECK_EXCEPTION(); @@ -16951,21 +15554,6 @@ static int ZEND_FASTCALL ZEND_POST_DEC_OBJ_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HAND return zend_post_incdec_property_helper_SPEC_VAR_CV(decrement_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -16978,7 +15566,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDL if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -17001,7 +15588,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HAND if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -17012,21 +15598,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HAND ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -17043,7 +15614,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_CV_HANDLER(ZEND_OPCOD if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -17054,7 +15624,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_CV_HANDLER(ZEND_OPCOD if (IS_CV == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); zval_ptr_dtor_nogc(free_op1); @@ -17075,7 +15645,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_UNSET_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_H if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_UNSET(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -17095,11 +15664,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDL zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -17189,59 +15768,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_RW_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HAND ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if ((IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } else { - zval *retval; - - /* here we are sure we are dealing with an object */ - do { - if (IS_CV == IS_CONST && - EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { - zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); - zend_object *zobj = Z_OBJ_P(container); - - if (EXPECTED(prop_info)) { - retval = OBJ_PROP(zobj, prop_info->offset); - if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } else if (EXPECTED(zobj->properties != NULL)) { - retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); - if (EXPECTED(retval)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } - } - - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); - - if (retval != EX_VAR(opline->result.var)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - } - } while (0); - } - - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_OBJ_FUNC_ARG_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -17312,7 +15838,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE if (IS_VAR == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_VAR, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_VAR, property_name, IS_CV, (opline+1)->op1_type, (opline+1)->op1, execute_data, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_obj has two opcodes! */ @@ -17326,6 +15852,11 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE USE_OPLINE zend_free_op free_op1; zval *object_ptr; + zend_free_op free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); object_ptr = _get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1); @@ -17333,48 +15864,51 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE if (IS_VAR == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - zval *property_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CV TSRMLS_CC); - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_VAR, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); - - } else { - zend_free_op free_op_data1; - zval rv; - zval *value; - zval *dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - zval *variable_ptr; - - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CV TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + + zval *property_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; + } else { + goto try_assign_dim_array; } if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_dim has two opcodes! */ @@ -17398,12 +15932,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_AR if (IS_CV == IS_TMP_VAR) { } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_CV TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -17469,7 +16003,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE } } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), variable_ptr); } @@ -17479,114 +16013,6 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zval *function_name; - zend_free_op free_op1; - zval *object; - zend_function *fbc; - zend_class_entry *called_scope; - zend_object *obj; - - SAVE_OPLINE(); - - function_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if (IS_CV != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); - } - - object = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; - - if (UNEXPECTED(EG(exception) != NULL)) { - - HANDLE_EXCEPTION(); - } - - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - - zval_ptr_dtor_nogc(free_op1); - - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; - } - ZEND_VM_JMP(++opline); - } - - obj = Z_OBJ_P(object); - called_scope = obj->ce; - - if (IS_CV != IS_CONST || - EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { - zend_object *orig_obj = obj; - - if (UNEXPECTED(obj->handlers->get_method == NULL)) { - zend_error_noreturn(E_ERROR, "Object does not support method calls"); - } - - /* First, locate the function. */ - fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CV == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); - if (UNEXPECTED(fbc == NULL)) { - zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); - } - if (IS_CV == IS_CONST && - EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && - EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && - EXPECTED(obj == orig_obj)) { - CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); - } - } - - if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { - obj = NULL; - } else { - GC_REFCOUNT(obj)++; /* For $this pointer */ - } - - EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, - fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op1); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -17843,15 +16269,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); +unset_dim_again: if (IS_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -17904,7 +16330,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_VAR != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -17929,163 +16358,25 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER } offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_VAR == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { - if (Z_OBJ_HT_P(container)->unset_property) { - Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to unset property of non-object"); - } - } - - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zend_ulong hval; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if (IS_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); - zval *value; - zend_string *str; - -isset_again: - if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { - str = Z_STR_P(offset); - if (IS_CV != IS_CONST) { - if (ZEND_HANDLE_NUMERIC(str, hval)) { - goto num_index_prop; - } - } -str_index_prop: - value = zend_hash_find_ind(ht, str); - } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - hval = Z_LVAL_P(offset); -num_index_prop: - value = zend_hash_index_find(ht, hval); - } else { - switch (Z_TYPE_P(offset)) { - case IS_DOUBLE: - hval = zend_dval_to_lval(Z_DVAL_P(offset)); - goto num_index_prop; - case IS_NULL: - str = STR_EMPTY_ALLOC(); - goto str_index_prop; - case IS_FALSE: - hval = 0; - goto num_index_prop; - case IS_TRUE: - hval = 1; - goto num_index_prop; - case IS_RESOURCE: - hval = Z_RES_HANDLE_P(offset); - goto num_index_prop; - case IS_REFERENCE: - offset = Z_REFVAL_P(offset); - goto isset_again; - default: - zend_error(E_WARNING, "Illegal offset type in isset or empty"); - value = NULL; + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { break; - } - } - - if (opline->extended_value & ZEND_ISSET) { - /* > IS_NULL means not IS_UNDEF and not IS_NULL */ - result = value != NULL && Z_TYPE_P(value) > IS_NULL && - (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); - } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { - result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); - } - } else if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { - result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check element of non-array"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ - zval tmp; - - result = 0; - if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { - if (IS_CV & (IS_CV|IS_VAR)) { - ZVAL_DEREF(offset); - } - if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ - || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ - && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_DUP(&tmp, offset); - convert_to_long(&tmp); - offset = &tmp; - } - } - if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { - if ((opline->extended_value & ZEND_ISSET) || - Z_STRVAL_P(container)[offset->value.lval] != '0') { - result = 1; } + } else { + break; } } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - int result; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (Z_OBJ_HT_P(container)->unset_property) { + Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; + zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } + } while (0); - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); + if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); } @@ -18240,47 +16531,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_VAR_TMPVAR(int (* zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - zval_ptr_dtor_nogc(free_op2); - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -18290,29 +16570,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_VAR_TMPVAR(int (* } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - zval_ptr_dtor_nogc(free_op2); - FREE_OP(free_op_data1); - } + } while (0); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_obj has two opcodes! */ @@ -18333,44 +16606,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_VAR_TMPVAR(int (* if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) - if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_VAR == IS_VAR && !(free_op1 != NULL)) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_VAR_TMPVAR(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zend_fetch_dimension_address_RW(&rv, container, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_VAR == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_VAR != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) + if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); zval_ptr_dtor_nogc(free_op2); FREE_OP(free_op_data1); @@ -18418,9 +16694,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(int (*bina static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18438,9 +16714,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18458,9 +16734,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18478,9 +16754,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18498,9 +16774,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18518,9 +16794,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18538,9 +16814,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18558,9 +16834,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18578,9 +16854,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18598,9 +16874,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18618,9 +16894,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_VAR != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_VAR_TMPVAR(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -18654,62 +16930,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_VAR_TMPVAR(incdec_ zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - zval_ptr_dtor_nogc(free_op2); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); zval_ptr_dtor_nogc(free_op2); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -18745,56 +17019,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_VAR_TMPVAR(incdec zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_VAR != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - zval_ptr_dtor_nogc(free_op2); - ZVAL_NULL(retval); - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; + + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); zval_ptr_dtor_nogc(free_op2); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; @@ -18812,21 +17083,6 @@ static int ZEND_FASTCALL ZEND_POST_DEC_OBJ_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_ return zend_post_incdec_property_helper_SPEC_VAR_TMPVAR(decrement_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -18839,7 +17095,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_H if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -18862,7 +17117,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_ if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -18873,21 +17127,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_ ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -18904,7 +17143,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_TMPVAR_HANDLER(ZEND_O if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -18915,7 +17153,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_VAR_TMPVAR_HANDLER(ZEND_O if ((IS_TMP_VAR|IS_VAR) == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); zval_ptr_dtor_nogc(free_op1); @@ -18936,7 +17174,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_UNSET_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCO if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_UNSET(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); if (IS_VAR == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -18956,11 +17193,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_H zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_VAR & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -19051,60 +17298,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_RW_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_ ZEND_VM_NEXT_OPCODE(); } -static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1; - zval *container; - zend_free_op free_op2; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if ((IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } else { - zval *retval; - - /* here we are sure we are dealing with an object */ - do { - if ((IS_TMP_VAR|IS_VAR) == IS_CONST && - EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { - zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); - zend_object *zobj = Z_OBJ_P(container); - - if (EXPECTED(prop_info)) { - retval = OBJ_PROP(zobj, prop_info->offset); - if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } else if (EXPECTED(zobj->properties != NULL)) { - retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); - if (EXPECTED(retval)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - break; - } - } - } - - retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); - - if (retval != EX_VAR(opline->result.var)) { - ZVAL_COPY(EX_VAR(opline->result.var), retval); - } - } while (0); - } - - zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - static int ZEND_FASTCALL ZEND_FETCH_OBJ_FUNC_ARG_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -19175,7 +17368,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA if (IS_VAR == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_VAR, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_VAR, property_name, (IS_TMP_VAR|IS_VAR), (opline+1)->op1_type, (opline+1)->op1, execute_data, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; /* assign_obj has two opcodes! */ @@ -19189,6 +17382,11 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA USE_OPLINE zend_free_op free_op1; zval *object_ptr; + zend_free_op free_op2, free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); object_ptr = _get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1); @@ -19196,162 +17394,56 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA if (IS_VAR == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - zend_free_op free_op2; - zval *property_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_VAR, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + zend_fetch_dimension_address_W(&rv, object_ptr, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); - } else { - zend_free_op free_op2, free_op_data1; - zval rv; - zval *value; - zval *dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zval *variable_ptr; - - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } - } - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - /* assign_dim has two opcodes! */ - CHECK_EXCEPTION(); - ZEND_VM_INC_OPCODE(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zval *function_name; - zend_free_op free_op1, free_op2; - zval *object; - zend_function *fbc; - zend_class_entry *called_scope; - zend_object *obj; - - SAVE_OPLINE(); - - function_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if ((IS_TMP_VAR|IS_VAR) != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); - } - - object = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - - if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; - - if (UNEXPECTED(EG(exception) != NULL)) { - zval_ptr_dtor_nogc(free_op2); - HANDLE_EXCEPTION(); - } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + zend_free_op free_op2; + zval *property_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; - } - ZEND_VM_JMP(++opline); - } - - obj = Z_OBJ_P(object); - called_scope = obj->ce; - - if ((IS_TMP_VAR|IS_VAR) != IS_CONST || - EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { - zend_object *orig_obj = obj; - - if (UNEXPECTED(obj->handlers->get_method == NULL)) { - zend_error_noreturn(E_ERROR, "Object does not support method calls"); - } - - /* First, locate the function. */ - fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); - if (UNEXPECTED(fbc == NULL)) { - zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); - } - if ((IS_TMP_VAR|IS_VAR) == IS_CONST && - EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && - EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && - EXPECTED(obj == orig_obj)) { - CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); - } - } - - if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { - obj = NULL; + dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + zval_ptr_dtor_nogc(free_op2); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; } else { - GC_REFCOUNT(obj)++; /* For $this pointer */ + goto try_assign_dim_array; } - - EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, - fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); - - zval_ptr_dtor_nogc(free_op2); - zval_ptr_dtor_nogc(free_op1); - + if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; + /* assign_dim has two opcodes! */ CHECK_EXCEPTION(); + ZEND_VM_INC_OPCODE(); ZEND_VM_NEXT_OPCODE(); } @@ -19611,15 +17703,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HAN if (IS_VAR == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); +unset_dim_again: if (IS_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -19672,7 +17764,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_VAR != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -19697,165 +17792,26 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HAN } offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if (IS_VAR != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_VAR == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { - if (Z_OBJ_HT_P(container)->unset_property) { - Z_OBJ_HT_P(container)->unset_property(container, offset, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to unset property of non-object"); - } - } - zval_ptr_dtor_nogc(free_op2); - if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - int result; - zend_ulong hval; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if (IS_VAR != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); - zval *value; - zend_string *str; - -isset_again: - if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { - str = Z_STR_P(offset); - if ((IS_TMP_VAR|IS_VAR) != IS_CONST) { - if (ZEND_HANDLE_NUMERIC(str, hval)) { - goto num_index_prop; - } - } -str_index_prop: - value = zend_hash_find_ind(ht, str); - } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - hval = Z_LVAL_P(offset); -num_index_prop: - value = zend_hash_index_find(ht, hval); - } else { - switch (Z_TYPE_P(offset)) { - case IS_DOUBLE: - hval = zend_dval_to_lval(Z_DVAL_P(offset)); - goto num_index_prop; - case IS_NULL: - str = STR_EMPTY_ALLOC(); - goto str_index_prop; - case IS_FALSE: - hval = 0; - goto num_index_prop; - case IS_TRUE: - hval = 1; - goto num_index_prop; - case IS_RESOURCE: - hval = Z_RES_HANDLE_P(offset); - goto num_index_prop; - case IS_REFERENCE: - offset = Z_REFVAL_P(offset); - goto isset_again; - default: - zend_error(E_WARNING, "Illegal offset type in isset or empty"); - value = NULL; + do { + if (IS_VAR != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { break; - } - } - - if (opline->extended_value & ZEND_ISSET) { - /* > IS_NULL means not IS_UNDEF and not IS_NULL */ - result = value != NULL && Z_TYPE_P(value) > IS_NULL && - (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); - } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { - result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); - } - } else if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { - result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); - } else { - zend_error(E_NOTICE, "Trying to check element of non-array"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ - zval tmp; - - result = 0; - if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { - if ((IS_TMP_VAR|IS_VAR) & (IS_CV|IS_VAR)) { - ZVAL_DEREF(offset); - } - if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ - || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ - && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { - ZVAL_DUP(&tmp, offset); - convert_to_long(&tmp); - offset = &tmp; - } - } - if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { - if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { - if ((opline->extended_value & ZEND_ISSET) || - Z_STRVAL_P(container)[offset->value.lval] != '0') { - result = 1; } + } else { + break; } } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; - } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } - - zval_ptr_dtor_nogc(free_op2); - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); -} - -static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) -{ - USE_OPLINE - zend_free_op free_op1, free_op2; - zval *container; - int result; - zval *offset; - - SAVE_OPLINE(); - container = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1); - offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - - if (IS_VAR == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (Z_OBJ_HT_P(container)->unset_property) { + Z_OBJ_HT_P(container)->unset_property(container, offset, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; - } - if ((opline->extended_value & ZEND_ISSET) == 0) { - result = !result; + zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); - } + } while (0); zval_ptr_dtor_nogc(free_op2); - ZVAL_BOOL(EX_VAR(opline->result.var), result); - zval_ptr_dtor_nogc(free_op1); + if (free_op1) {zval_ptr_dtor_nogc(free_op1);}; CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); } @@ -19877,13 +17833,21 @@ static int ZEND_FASTCALL ZEND_CLONE_SPEC_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARG SAVE_OPLINE(); obj = _get_obj_zval_ptr_unused(execute_data); - if (IS_UNUSED == IS_CONST || - (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (IS_UNUSED == IS_CONST || + (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(obj)) { + obj = Z_REFVAL_P(obj); + if (EXPECTED(Z_TYPE_P(obj) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "__clone method called on non-object"); } - zend_error_noreturn(E_ERROR, "__clone method called on non-object"); - } + } while (0); ce = Z_OBJCE_P(obj); clone = ce ? ce->clone : NULL; @@ -19914,7 +17878,7 @@ static int ZEND_FASTCALL ZEND_CLONE_SPEC_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARG if (EXPECTED(EG(exception) == NULL)) { ZVAL_OBJ(EX_VAR(opline->result.var), clone_call(obj TSRMLS_CC)); - if (!RETURN_VALUE_USED(opline) || UNEXPECTED(EG(exception) != NULL)) { + if (UNEXPECTED(!RETURN_VALUE_USED(opline)) || UNEXPECTED(EG(exception) != NULL)) { OBJ_RELEASE(Z_OBJ_P(EX_VAR(opline->result.var))); } } @@ -19933,11 +17897,20 @@ static int ZEND_FASTCALL ZEND_EXIT_SPEC_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS zval *ptr = NULL; - if (Z_TYPE_P(ptr) == IS_LONG) { - EG(exit_status) = Z_LVAL_P(ptr); - } else { - zend_print_variable(ptr TSRMLS_CC); - } + do { + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + } else { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(ptr)) { + ptr = Z_REFVAL_P(ptr); + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + break; + } + } + zend_print_variable(ptr TSRMLS_CC); + } + } while (0); } #endif @@ -19958,47 +17931,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_UNUSED_CONST(int zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -20008,28 +17970,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_UNUSED_CONST(int } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - FREE_OP(free_op_data1); - } + } while (0); /* assign_obj has two opcodes! */ CHECK_EXCEPTION(); @@ -20049,44 +18005,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_CONST(int if (IS_UNUSED == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_CONST != IS_UNUSED) - if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_UNUSED == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_UNUSED_CONST(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = opline->op2.zv; - zend_fetch_dimension_address_RW(&rv, container, dim, IS_CONST TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_UNUSED != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_CONST != IS_UNUSED) + if (IS_UNUSED == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_CONST TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); @@ -20097,9 +18056,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_CONST(int static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20117,9 +18076,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20137,9 +18096,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20157,9 +18116,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20177,9 +18136,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20197,9 +18156,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20217,9 +18176,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20237,9 +18196,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20257,9 +18216,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCO static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20277,9 +18236,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCOD static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20297,9 +18256,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCO static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CONST(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -20333,62 +18292,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_UNUSED_CONST(incde zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); CHECK_EXCEPTION(); @@ -20423,56 +18380,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_UNUSED_CONST(incd zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - ZVAL_NULL(retval); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; + + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); CHECK_EXCEPTION(); @@ -20501,8 +18455,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE container = _get_obj_zval_ptr_unused(execute_data); offset = opline->op2.zv; - if ((IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -20604,8 +18568,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCOD container = _get_obj_zval_ptr_unused(execute_data); offset = opline->op2.zv; - if ((IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -20715,7 +18689,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_ if (IS_UNUSED == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_UNUSED, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_UNUSED, property_name, IS_CONST, (opline+1)->op1_type, (opline+1)->op1, execute_data, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); /* assign_obj has two opcodes! */ @@ -20786,49 +18760,58 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CONST_HANDLER(ZEND_O object = _get_obj_zval_ptr_unused(execute_data); - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; - if (UNEXPECTED(EG(exception) != NULL)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } - HANDLE_EXCEPTION(); - } + if (UNEXPECTED(EG(exception) != NULL)) { - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + HANDLE_EXCEPTION(); + } + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); } - ZEND_VM_JMP(++opline); - } + } while (0); obj = Z_OBJ_P(object); called_scope = obj->ce; @@ -21010,15 +18993,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_H if (IS_UNUSED == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = opline->op2.zv; +unset_dim_again: if (IS_UNUSED != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -21071,7 +19054,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_UNUSED != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -21096,16 +19082,23 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_H } offset = opline->op2.zv; - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_UNUSED == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { + break; + } + } else { + break; + } + } if (Z_OBJ_HT_P(container)->unset_property) { Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } + } while (0); CHECK_EXCEPTION(); @@ -21125,6 +19118,7 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_UNUSED_CONST_HANDLER(Z container = _get_obj_zval_ptr_unused(execute_data); offset = opline->op2.zv; +isset_dim_obj_again: if (IS_UNUSED != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -21215,6 +19209,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -21237,18 +19234,25 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_UNUSED_CONST_HANDLER( container = _get_obj_zval_ptr_unused(execute_data); offset = opline->op2.zv; - if (IS_UNUSED == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } ZVAL_BOOL(EX_VAR(opline->result.var), result); @@ -21662,44 +19666,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_UNUSED(int if (IS_UNUSED == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_UNUSED != IS_UNUSED) - if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_UNUSED == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_UNUSED_UNUSED(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = NULL; - zend_fetch_dimension_address_RW(&rv, container, dim, IS_UNUSED TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_UNUSED != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_UNUSED != IS_UNUSED) + if (IS_UNUSED == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_UNUSED TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); @@ -21710,9 +19717,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_UNUSED(int static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21730,9 +19737,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21750,9 +19757,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21770,9 +19777,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21790,9 +19797,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21810,9 +19817,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21830,9 +19837,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21850,9 +19857,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21870,9 +19877,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPC static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21890,9 +19897,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCO static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -21910,9 +19917,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPC static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_UNUSED(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22103,47 +20110,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_UNUSED_CV(int (*b zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -22153,28 +20149,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_UNUSED_CV(int (*b } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - FREE_OP(free_op_data1); - } + } while (0); /* assign_obj has two opcodes! */ CHECK_EXCEPTION(); @@ -22194,44 +20184,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_CV(int (*b if (IS_UNUSED == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_CV != IS_UNUSED) - if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_UNUSED == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_UNUSED_CV(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - zend_fetch_dimension_address_RW(&rv, container, dim, IS_CV TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_UNUSED != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_CV != IS_UNUSED) + if (IS_UNUSED == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_CV TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); @@ -22242,9 +20235,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_CV(int (*b static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22262,9 +20255,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22282,9 +20275,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22302,9 +20295,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22322,9 +20315,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22342,9 +20335,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22362,9 +20355,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22382,9 +20375,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22402,9 +20395,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22422,9 +20415,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22442,9 +20435,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_CV(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -22478,62 +20471,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_UNUSED_CV(incdec_t zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); CHECK_EXCEPTION(); @@ -22568,56 +20559,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_UNUSED_CV(incdec_ zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - ZVAL_NULL(retval); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; + + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); CHECK_EXCEPTION(); @@ -22646,8 +20634,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HA container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -22749,8 +20747,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_H container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -22860,7 +20868,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAN if (IS_UNUSED == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_UNUSED, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_UNUSED, property_name, IS_CV, (opline+1)->op1_type, (opline+1)->op1, execute_data, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); /* assign_obj has two opcodes! */ @@ -22933,49 +20941,58 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CV_HANDLER(ZEND_OPCO object = _get_obj_zval_ptr_unused(execute_data); - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; - if (UNEXPECTED(EG(exception) != NULL)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } - HANDLE_EXCEPTION(); - } + if (UNEXPECTED(EG(exception) != NULL)) { - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + HANDLE_EXCEPTION(); + } + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); } - ZEND_VM_JMP(++opline); - } + } while (0); obj = Z_OBJ_P(object); called_scope = obj->ce; @@ -23059,15 +21076,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAND if (IS_UNUSED == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); +unset_dim_again: if (IS_UNUSED != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -23120,7 +21137,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_UNUSED != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -23145,16 +21165,23 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAND } offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_UNUSED == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { + break; + } + } else { + break; + } + } if (Z_OBJ_HT_P(container)->unset_property) { Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } + } while (0); CHECK_EXCEPTION(); @@ -23174,6 +21201,7 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_UNUSED_CV_HANDLER(ZEND container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); +isset_dim_obj_again: if (IS_UNUSED != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -23264,6 +21292,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -23286,18 +21317,25 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_UNUSED_CV_HANDLER(ZEN container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_UNUSED == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } ZVAL_BOOL(EX_VAR(opline->result.var), result); @@ -23450,47 +21488,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_UNUSED_TMPVAR(int zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - zval_ptr_dtor_nogc(free_op2); - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -23500,29 +21527,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_UNUSED_TMPVAR(int } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - zval_ptr_dtor_nogc(free_op2); - FREE_OP(free_op_data1); - } + } while (0); /* assign_obj has two opcodes! */ CHECK_EXCEPTION(); @@ -23542,44 +21562,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_TMPVAR(int if (IS_UNUSED == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) - if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_UNUSED == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_UNUSED_TMPVAR(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zend_fetch_dimension_address_RW(&rv, container, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_UNUSED == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_UNUSED != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) + if (IS_UNUSED == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); zval_ptr_dtor_nogc(free_op2); FREE_OP(free_op_data1); @@ -23591,9 +21614,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_UNUSED_TMPVAR(int static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23611,9 +21634,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23631,9 +21654,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23651,9 +21674,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23671,9 +21694,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23691,9 +21714,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23711,9 +21734,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23731,9 +21754,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23751,9 +21774,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPC static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23771,9 +21794,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCO static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23791,9 +21814,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPC static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_UNUSED != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_UNUSED_TMPVAR(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -23827,62 +21850,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_UNUSED_TMPVAR(incd zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - zval_ptr_dtor_nogc(free_op2); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); zval_ptr_dtor_nogc(free_op2); @@ -23918,56 +21939,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_UNUSED_TMPVAR(inc zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - zval_ptr_dtor_nogc(free_op2); - ZVAL_NULL(retval); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); zval_ptr_dtor_nogc(free_op2); @@ -23997,8 +22015,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCOD container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -24101,8 +22129,18 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCO container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -24213,7 +22251,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE if (IS_UNUSED == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_UNUSED, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_UNUSED, property_name, (IS_TMP_VAR|IS_VAR), (opline+1)->op1_type, (opline+1)->op1, execute_data, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); /* assign_obj has two opcodes! */ @@ -24287,49 +22325,58 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_ object = _get_obj_zval_ptr_unused(execute_data); - if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; - if (UNEXPECTED(EG(exception) != NULL)) { - zval_ptr_dtor_nogc(free_op2); - HANDLE_EXCEPTION(); - } + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - zval_ptr_dtor_nogc(free_op2); + if (UNEXPECTED(EG(exception) != NULL)) { + zval_ptr_dtor_nogc(free_op2); + HANDLE_EXCEPTION(); + } - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + zval_ptr_dtor_nogc(free_op2); - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); } - ZEND_VM_JMP(++opline); - } + } while (0); obj = Z_OBJ_P(object); called_scope = obj->ce; @@ -24414,15 +22461,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_ if (IS_UNUSED == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); +unset_dim_again: if (IS_UNUSED != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -24475,7 +22522,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_UNUSED != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -24500,16 +22550,24 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_ } offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if (IS_UNUSED != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_UNUSED == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { + do { + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { + break; + } + } else { + break; + } + } if (Z_OBJ_HT_P(container)->unset_property) { Z_OBJ_HT_P(container)->unset_property(container, offset, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } + } while (0); + zval_ptr_dtor_nogc(free_op2); CHECK_EXCEPTION(); @@ -24529,6 +22587,7 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_UNUSED_TMPVAR_HANDLER( container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); +isset_dim_obj_again: if (IS_UNUSED != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -24619,6 +22678,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -24642,18 +22704,25 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_UNUSED_TMPVAR_HANDLER container = _get_obj_zval_ptr_unused(execute_data); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if (IS_UNUSED == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_UNUSED != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_UNUSED & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } zval_ptr_dtor_nogc(free_op2); @@ -24711,14 +22780,14 @@ static int ZEND_FASTCALL ZEND_PRE_INC_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) if (EXPECTED(Z_TYPE_P(var_ptr) == IS_LONG)) { fast_increment_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), var_ptr); } ZEND_VM_NEXT_OPCODE(); } if (IS_CV == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) { - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } CHECK_EXCEPTION(); @@ -24730,7 +22799,7 @@ static int ZEND_FASTCALL ZEND_PRE_INC_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) increment_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); } @@ -24753,14 +22822,14 @@ static int ZEND_FASTCALL ZEND_PRE_DEC_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) if (EXPECTED(Z_TYPE_P(var_ptr) == IS_LONG)) { fast_decrement_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY_VALUE(EX_VAR(opline->result.var), var_ptr); } ZEND_VM_NEXT_OPCODE(); } if (IS_CV == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) { - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } CHECK_EXCEPTION(); @@ -24772,7 +22841,7 @@ static int ZEND_FASTCALL ZEND_PRE_DEC_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) decrement_function(var_ptr); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); } @@ -25158,14 +23227,22 @@ static int ZEND_FASTCALL ZEND_THROW_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) SAVE_OPLINE(); - value = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + value = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); - if (IS_CV == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (IS_CV == IS_CONST || UNEXPECTED(Z_TYPE_P(value) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(value)) { + value = Z_REFVAL_P(value); + if (EXPECTED(Z_TYPE_P(value) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Can only throw objects"); } - zend_error_noreturn(E_ERROR, "Can only throw objects"); - } + } while (0); zend_exception_save(TSRMLS_C); if (IS_CV != IS_TMP_VAR) { @@ -25404,15 +23481,23 @@ static int ZEND_FASTCALL ZEND_CLONE_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zend_object_clone_obj_t clone_call; SAVE_OPLINE(); - obj = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + obj = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); - if (IS_CV == IS_CONST || - (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); + do { + if (IS_CV == IS_CONST || + (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(obj)) { + obj = Z_REFVAL_P(obj); + if (EXPECTED(Z_TYPE_P(obj) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "__clone method called on non-object"); } - zend_error_noreturn(E_ERROR, "__clone method called on non-object"); - } + } while (0); ce = Z_OBJCE_P(obj); clone = ce ? ce->clone : NULL; @@ -25443,7 +23528,7 @@ static int ZEND_FASTCALL ZEND_CLONE_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) if (EXPECTED(EG(exception) == NULL)) { ZVAL_OBJ(EX_VAR(opline->result.var), clone_call(obj TSRMLS_CC)); - if (!RETURN_VALUE_USED(opline) || UNEXPECTED(EG(exception) != NULL)) { + if (UNEXPECTED(!RETURN_VALUE_USED(opline)) || UNEXPECTED(EG(exception) != NULL)) { OBJ_RELEASE(Z_OBJ_P(EX_VAR(opline->result.var))); } } @@ -25460,7 +23545,7 @@ static int ZEND_FASTCALL ZEND_CAST_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval *result = EX_VAR(opline->result.var); SAVE_OPLINE(); - expr = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + expr = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); switch (opline->extended_value) { case IS_NULL: @@ -25493,6 +23578,9 @@ static int ZEND_FASTCALL ZEND_CAST_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) ZVAL_STR(result, zval_get_string(expr)); break; default: + if (IS_CV & (IS_VAR|IS_CV)) { + ZVAL_DEREF(expr); + } /* If value is already of correct type, return it directly */ if (Z_TYPE_P(expr) == opline->extended_value) { ZVAL_COPY_VALUE(result, expr); @@ -25877,13 +23965,22 @@ static int ZEND_FASTCALL ZEND_EXIT_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) SAVE_OPLINE(); if (IS_CV != IS_UNUSED) { - zval *ptr = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + zval *ptr = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); - if (Z_TYPE_P(ptr) == IS_LONG) { - EG(exit_status) = Z_LVAL_P(ptr); - } else { - zend_print_variable(ptr TSRMLS_CC); - } + do { + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + } else { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(ptr)) { + ptr = Z_REFVAL_P(ptr); + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + break; + } + } + zend_print_variable(ptr TSRMLS_CC); + } + } while (0); } #endif @@ -26362,47 +24459,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_CV_CONST(int (*bi zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -26412,28 +24498,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_CV_CONST(int (*bi } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - FREE_OP(free_op_data1); - } + } while (0); /* assign_obj has two opcodes! */ CHECK_EXCEPTION(); @@ -26453,44 +24533,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_CV_CONST(int (*bi if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_CONST != IS_UNUSED) - if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_CV == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_CV_CONST(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = opline->op2.zv; - zend_fetch_dimension_address_RW(&rv, container, dim, IS_CONST TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_CV != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_CONST != IS_UNUSED) + if (IS_CV == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_CONST TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); @@ -26536,9 +24619,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_helper_SPEC_CV_CONST(int (*binary static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26556,9 +24639,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26576,9 +24659,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26596,9 +24679,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26616,9 +24699,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26636,9 +24719,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26656,9 +24739,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDL static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26676,9 +24759,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDL static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26696,9 +24779,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26716,9 +24799,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HA static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26736,9 +24819,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CONST != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CONST(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -26772,62 +24855,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_CV_CONST(incdec_t zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); CHECK_EXCEPTION(); @@ -26862,56 +24943,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_CV_CONST(incdec_t zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - ZVAL_NULL(retval); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); CHECK_EXCEPTION(); @@ -27083,7 +25161,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAN zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); @@ -27098,12 +25176,11 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAN zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -27126,7 +25203,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HA if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -27144,7 +25220,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HA zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); @@ -27164,11 +25240,10 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_CONST_HANDLER(ZEND_OPC if (IS_CV == IS_CONST || IS_CV == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); } - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -27179,7 +25254,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_CONST_HANDLER(ZEND_OPC if (IS_CONST == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); @@ -27200,7 +25275,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_UNSET_SPEC_CV_CONST_HANDLER(ZEND_OPCODE if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_UNSET(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -27220,11 +25294,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAN zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); offset = opline->op2.zv; - if ((IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -27275,7 +25359,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAN SAVE_OPLINE(); property = opline->op2.zv; - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } @@ -27323,11 +25407,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HA zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = opline->op2.zv; - if ((IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -27379,7 +25473,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_FUNC_ARG_SPEC_CV_CONST_HANDLER(ZEND_OPC SAVE_OPLINE(); property = opline->op2.zv; - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_CONST || IS_CV == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); @@ -27430,8 +25524,9 @@ static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); +try_fetch_list: if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), opline->op2.zv, IS_CONST, BP_VAR_R TSRMLS_CC); @@ -27449,6 +25544,9 @@ static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND } else { ZVAL_NULL(result); } + } else if (Z_TYPE_P(container) == IS_REFERENCE) { + container = Z_REFVAL_P(container); + goto try_fetch_list; } else { ZVAL_NULL(EX_VAR(opline->result.var)); } @@ -27464,13 +25562,13 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND zval *property_name; SAVE_OPLINE(); - object = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + object = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); property_name = opline->op2.zv; if (IS_CV == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_CV, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_CV, property_name, IS_CONST, (opline+1)->op1_type, (opline+1)->op1, execute_data, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); /* assign_obj has two opcodes! */ @@ -27484,55 +25582,63 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND USE_OPLINE zval *object_ptr; + zend_free_op free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); - object_ptr = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + object_ptr = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - - zval *property_name = opline->op2.zv; - - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_CV, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); - } else { - zend_free_op free_op_data1; - zval rv; - zval *value; - zval *dim = opline->op2.zv; - zval *variable_ptr; - - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = opline->op2.zv; + zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CONST TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CONST TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + + zval *property_name = opline->op2.zv; + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = opline->op2.zv; + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; + } else { + goto try_assign_dim_array; } /* assign_dim has two opcodes! */ @@ -27556,12 +25662,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ if (IS_CONST == IS_TMP_VAR) { } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_CONST TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } @@ -27595,51 +25701,60 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER(ZEND_OPCOD zend_error_noreturn(E_ERROR, "Method name must be a string"); } - object = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + object = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; - if (UNEXPECTED(EG(exception) != NULL)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } - HANDLE_EXCEPTION(); - } + if (UNEXPECTED(EG(exception) != NULL)) { - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + HANDLE_EXCEPTION(); + } + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); } - ZEND_VM_JMP(++opline); - } + } while (0); obj = Z_OBJ_P(object); called_scope = obj->ce; @@ -27901,15 +26016,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDL if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = opline->op2.zv; +unset_dim_again: if (IS_CV != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -27962,7 +26077,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_CV != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -27987,16 +26105,23 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDL } offset = opline->op2.zv; - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_CV == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { + break; + } + } else { + break; + } + } if (Z_OBJ_HT_P(container)->unset_property) { Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } + } while (0); CHECK_EXCEPTION(); @@ -28084,9 +26209,10 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CV_CONST_HANDLER(ZEND_ zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = opline->op2.zv; +isset_dim_obj_again: if (IS_CV != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -28177,6 +26303,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -28196,21 +26325,28 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CV_CONST_HANDLER(ZEND zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = opline->op2.zv; - if (IS_CV == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } ZVAL_BOOL(EX_VAR(opline->result.var), result); @@ -28515,12 +26651,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDLER_AR if (IS_TMP_VAR == IS_TMP_VAR) { zval_ptr_dtor_nogc(free_op2); } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_TMP_VAR TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } @@ -28857,12 +26993,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLER_AR if (IS_VAR == IS_TMP_VAR) { zval_ptr_dtor_nogc(free_op2); } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_VAR TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } @@ -28929,7 +27065,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLE } } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), variable_ptr); } @@ -29271,44 +27407,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_CV_UNUSED(int (*b if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_UNUSED != IS_UNUSED) - if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_CV == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_CV_UNUSED(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = NULL; - zend_fetch_dimension_address_RW(&rv, container, dim, IS_UNUSED TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_CV != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_UNUSED != IS_UNUSED) + if (IS_CV == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_UNUSED TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); @@ -29319,9 +27458,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_CV_UNUSED(int (*b static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29339,9 +27478,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29359,9 +27498,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29379,9 +27518,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29399,9 +27538,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29419,9 +27558,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29439,9 +27578,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29459,9 +27598,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29479,9 +27618,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29499,9 +27638,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29519,9 +27658,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE -#if 0 || (IS_UNUSED != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_UNUSED(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -29692,12 +27831,11 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HA zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -29720,7 +27858,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_H if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -29743,11 +27880,10 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_UNUSED_HANDLER(ZEND_OP if (IS_CV == IS_CONST || IS_CV == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); } - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -29758,7 +27894,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_UNUSED_HANDLER(ZEND_OP if (IS_UNUSED == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, NULL, IS_UNUSED TSRMLS_CC); @@ -29772,55 +27908,63 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAN USE_OPLINE zval *object_ptr; + zend_free_op free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); - object_ptr = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + object_ptr = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - zval *property_name = NULL; - - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_CV, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, ((IS_UNUSED == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); - - } else { - zend_free_op free_op_data1; - zval rv; - zval *value; - zval *dim = NULL; - zval *variable_ptr; +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = NULL; + zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_UNUSED TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_UNUSED TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + + zval *property_name = NULL; + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = NULL; + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; + } else { + goto try_assign_dim_array; } /* assign_dim has two opcodes! */ @@ -30513,47 +28657,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_CV_CV(int (*binar zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -30563,28 +28696,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_CV_CV(int (*binar } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - FREE_OP(free_op_data1); - } + } while (0); /* assign_obj has two opcodes! */ CHECK_EXCEPTION(); @@ -30604,44 +28731,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_CV_CV(int (*binar if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || (IS_CV != IS_UNUSED) - if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_CV == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_CV_CV(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - zend_fetch_dimension_address_RW(&rv, container, dim, IS_CV TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_CV != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || (IS_CV != IS_UNUSED) + if (IS_CV == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, IS_CV TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); FREE_OP(free_op_data1); @@ -30687,9 +28817,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_helper_SPEC_CV_CV(int (*binary_op static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30707,9 +28837,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30727,9 +28857,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30747,9 +28877,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30767,9 +28897,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30787,9 +28917,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30807,9 +28937,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30827,9 +28957,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30847,9 +28977,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30867,9 +28997,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDL static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30887,9 +29017,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE -#if 0 || (IS_CV != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_CV(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -30923,62 +29053,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_CV_CV(incdec_t inc zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); CHECK_EXCEPTION(); @@ -31013,56 +29141,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_CV_CV(incdec_t in zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - - ZVAL_NULL(retval); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; + + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); CHECK_EXCEPTION(); @@ -31086,7 +29211,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLE zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); @@ -31101,12 +29226,11 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLE zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -31129,7 +29253,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDL if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -31147,7 +29270,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDL zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); @@ -31167,11 +29290,10 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_CV_HANDLER(ZEND_OPCODE if (IS_CV == IS_CONST || IS_CV == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); } - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -31182,7 +29304,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_CV_HANDLER(ZEND_OPCODE if (IS_CV == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); @@ -31203,7 +29325,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_UNSET_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HA if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_UNSET(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -31223,11 +29344,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLE zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -31278,7 +29409,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLE SAVE_OPLINE(); property = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } @@ -31326,11 +29457,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDL zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if ((IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -31382,7 +29523,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_FUNC_ARG_SPEC_CV_CV_HANDLER(ZEND_OPCODE SAVE_OPLINE(); property = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_CONST || IS_CV == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); @@ -31434,13 +29575,13 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER zval *property_name; SAVE_OPLINE(); - object = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + object = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); property_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_CV, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_CV, property_name, IS_CV, (opline+1)->op1_type, (opline+1)->op1, execute_data, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); /* assign_obj has two opcodes! */ @@ -31454,55 +29595,63 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER USE_OPLINE zval *object_ptr; + zend_free_op free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); - object_ptr = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + object_ptr = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - zval *property_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_CV, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); - - } else { - zend_free_op free_op_data1; - zval rv; - zval *value; - zval *dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - zval *variable_ptr; +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CV TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, IS_CV TSRMLS_CC); - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + + zval *property_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; + } else { + goto try_assign_dim_array; } /* assign_dim has two opcodes! */ @@ -31526,12 +29675,12 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARG if (IS_CV == IS_TMP_VAR) { } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } else { value = zend_assign_to_variable(variable_ptr, value, IS_CV TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), value); } @@ -31597,7 +29746,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER } } - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), variable_ptr); } @@ -31628,51 +29777,60 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_CV_HANDLER(ZEND_OPCODE_H zend_error_noreturn(E_ERROR, "Method name must be a string"); } - object = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + object = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; - if (UNEXPECTED(EG(exception) != NULL)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } - HANDLE_EXCEPTION(); - } + if (UNEXPECTED(EG(exception) != NULL)) { - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + HANDLE_EXCEPTION(); + } + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); } - ZEND_VM_JMP(++opline); - } + } while (0); obj = Z_OBJ_P(object); called_scope = obj->ce; @@ -31859,15 +30017,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); +unset_dim_again: if (IS_CV != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -31920,7 +30078,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_CV != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -31945,16 +30106,23 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ } offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_CV == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { + break; + } + } else { + break; + } + } if (Z_OBJ_HT_P(container)->unset_property) { Z_OBJ_HT_P(container)->unset_property(container, offset, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } + } while (0); CHECK_EXCEPTION(); @@ -31971,9 +30139,10 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CV_CV_HANDLER(ZEND_OPC zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); +isset_dim_obj_again: if (IS_CV != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -32064,6 +30233,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -32083,21 +30255,28 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CV_CV_HANDLER(ZEND_OP zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_CV == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } ZVAL_BOOL(EX_VAR(opline->result.var), result); @@ -32514,47 +30693,36 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_CV_TMPVAR(int (*b zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); - } - - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to assign property of non-object"); - zval_ptr_dtor_nogc(free_op2); - FREE_OP(free_op_data1); + do { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to assign property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + break; + } } - } else { + /* here we are sure we are dealing with an object */ - if (opline->extended_value == ZEND_ASSIGN_OBJ - && EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { ZVAL_DEREF(zptr); SEPARATE_ZVAL_NOREF(zptr); binary_op(zptr, zptr, value TSRMLS_CC); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), zptr); } } else { - zval *z = NULL; + zval *z; zval rv; - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - if (Z_OBJ_HT_P(object)->read_property) { - z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - } - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - if (Z_OBJ_HT_P(object)->read_dimension) { - z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv TSRMLS_CC); - } - } - if (z) { + if (Z_OBJ_HT_P(object)->read_property && + (z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC)) != NULL) { if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) { zval rv; zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); @@ -32564,29 +30732,22 @@ static int ZEND_FASTCALL zend_binary_assign_op_obj_helper_SPEC_CV_TMPVAR(int (*b } ZVAL_COPY_VALUE(z, value); } -//??? if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); binary_op(z, z, value TSRMLS_CC); - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ { - Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC); - } - if (RETURN_VALUE_USED(opline)) { + Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_COPY(EX_VAR(opline->result.var), z); } zval_ptr_dtor(z); } else { zend_error(E_WARNING, "Attempt to assign property of non-object"); - if (RETURN_VALUE_USED(opline)) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { ZVAL_NULL(EX_VAR(opline->result.var)); } } } - - zval_ptr_dtor_nogc(free_op2); - FREE_OP(free_op_data1); - } + } while (0); /* assign_obj has two opcodes! */ CHECK_EXCEPTION(); @@ -32606,44 +30767,47 @@ static int ZEND_FASTCALL zend_binary_assign_op_dim_helper_SPEC_CV_TMPVAR(int (*b if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) - if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (IS_CV == IS_VAR && !0) { - Z_ADDREF_P(container); /* undo the effect of get_obj_zval_ptr_ptr() */ - } - return zend_binary_assign_op_obj_helper_SPEC_CV_TMPVAR(binary_op, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); - } -#endif dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zend_fetch_dimension_address_RW(&rv, container, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - var_ptr = Z_INDIRECT(rv); + do { + if (IS_CV == IS_UNUSED || UNEXPECTED(Z_TYPE_P(container) != IS_ARRAY)) { + if (IS_CV != IS_UNUSED) { + ZVAL_DEREF(container); + } +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) + if (IS_CV == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_binary_assign_op_obj_dim(container, dim, value, UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, binary_op TSRMLS_CC); + break; + } +#endif + } - if (UNEXPECTED(var_ptr == NULL)) { - zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); - } + zend_fetch_dimension_address_RW(&rv, container, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); + value = get_zval_ptr((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + var_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(var_ptr == &EG(error_zval))) { - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_NULL(EX_VAR(opline->result.var)); + if (UNEXPECTED(var_ptr == NULL)) { + zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets"); } - } else { - ZVAL_DEREF(var_ptr); - SEPARATE_ZVAL_NOREF(var_ptr); - binary_op(var_ptr, var_ptr, value TSRMLS_CC); + if (UNEXPECTED(var_ptr == &EG(error_zval))) { + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + } else { + ZVAL_DEREF(var_ptr); + SEPARATE_ZVAL_NOREF(var_ptr); - if (UNEXPECTED(RETURN_VALUE_USED(opline))) { - ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + binary_op(var_ptr, var_ptr, value TSRMLS_CC); + + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), var_ptr); + } } - } + } while (0); zval_ptr_dtor_nogc(free_op2); FREE_OP(free_op_data1); @@ -32691,9 +30855,9 @@ static int ZEND_FASTCALL zend_binary_assign_op_helper_SPEC_CV_TMPVAR(int (*binar static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(add_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32711,9 +30875,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_ADD_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(sub_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32731,9 +30895,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SUB_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(mul_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32751,9 +30915,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MUL_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(div_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32771,9 +30935,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIV_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(mod_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32791,9 +30955,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_MOD_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(shift_left_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32811,9 +30975,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SL_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(shift_right_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32831,9 +30995,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_SR_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAND static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(concat_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32851,9 +31015,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_CONCAT_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(bitwise_or_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32871,9 +31035,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_OR_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_H static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(bitwise_and_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32891,9 +31055,9 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_AND_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_ static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) USE_OPLINE -#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) # if 0 || (IS_CV != IS_UNUSED) if (EXPECTED(opline->extended_value == 0)) { return zend_binary_assign_op_helper_SPEC_CV_TMPVAR(bitwise_xor_function, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); @@ -32927,62 +31091,60 @@ static int ZEND_FASTCALL zend_pre_incdec_property_helper_SPEC_CV_TMPVAR(incdec_t zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - zval_ptr_dtor_nogc(free_op2); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); + } + break; + } } - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + /* here we are sure we are dealing with an object */ - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - ZVAL_DEREF(zptr); - SEPARATE_ZVAL_NOREF(zptr); + ZVAL_DEREF(zptr); + SEPARATE_ZVAL_NOREF(zptr); - incdec_op(zptr); - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(retval, zptr); - } - } else { - zval rv; + incdec_op(zptr); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, zptr); + } + } else { + zval rv; - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { - zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); + } + ZVAL_DEREF(z); + SEPARATE_ZVAL_NOREF(z); + incdec_op(z); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(retval, z); + } + Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(retval); } - ZVAL_COPY_VALUE(z, value); - } - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - SEPARATE_ZVAL_IF_NOT_REF(z); - incdec_op(z); - ZVAL_COPY_VALUE(retval, z); - Z_OBJ_HT_P(object)->write_property(object, property, z, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - SELECTIVE_PZVAL_LOCK(retval, opline); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(retval); } } - } + } while (0); zval_ptr_dtor_nogc(free_op2); @@ -33018,56 +31180,53 @@ static int ZEND_FASTCALL zend_post_incdec_property_helper_SPEC_CV_TMPVAR(incdec_ zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets"); } - if (IS_CV != IS_UNUSED) { - object = make_real_object(object TSRMLS_CC); /* this should modify object only if it's empty */ - } - - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - zval_ptr_dtor_nogc(free_op2); - ZVAL_NULL(retval); - - CHECK_EXCEPTION(); - ZEND_VM_NEXT_OPCODE(); - } - - /* here we are sure we are dealing with an object */ + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + if (UNEXPECTED(!make_real_object(&object TSRMLS_CC))) { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); + break; + } + } - if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) - && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { + /* here we are sure we are dealing with an object */ - ZVAL_DEREF(zptr); - ZVAL_COPY_VALUE(retval, zptr); - zval_opt_copy_ctor(zptr); + if (EXPECTED(Z_OBJ_HT_P(object)->get_property_ptr_ptr) + && EXPECTED((zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC)) != NULL)) { - incdec_op(zptr); - } else { - if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { - zval rv; - zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); - zval z_copy; + ZVAL_DEREF(zptr); + ZVAL_COPY_VALUE(retval, zptr); + zval_opt_copy_ctor(zptr); - if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + incdec_op(zptr); + } else { + if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) { zval rv; - zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); + zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL), &rv TSRMLS_CC); + zval z_copy; + + if (UNEXPECTED(Z_TYPE_P(z) == IS_OBJECT) && Z_OBJ_HT_P(z)->get) { + zval rv; + zval *value = Z_OBJ_HT_P(z)->get(z, &rv TSRMLS_CC); - if (Z_REFCOUNT_P(z) == 0) { - zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + if (Z_REFCOUNT_P(z) == 0) { + zend_objects_store_del(Z_OBJ_P(z) TSRMLS_CC); + } + ZVAL_COPY_VALUE(z, value); } - ZVAL_COPY_VALUE(z, value); + ZVAL_DUP(retval, z); + ZVAL_DUP(&z_copy, z); + incdec_op(&z_copy); + if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); + Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); + zval_ptr_dtor(&z_copy); + zval_ptr_dtor(z); + } else { + zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); + ZVAL_NULL(retval); } - ZVAL_DUP(retval, z); - ZVAL_DUP(&z_copy, z); - incdec_op(&z_copy); - if (Z_REFCOUNTED_P(z)) Z_ADDREF_P(z); - Z_OBJ_HT_P(object)->write_property(object, property, &z_copy, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property)) : NULL) TSRMLS_CC); - zval_ptr_dtor(&z_copy); - zval_ptr_dtor(z); - } else { - zend_error(E_WARNING, "Attempt to increment/decrement property of non-object"); - ZVAL_NULL(retval); } - } + } while (0); zval_ptr_dtor_nogc(free_op2); @@ -33092,7 +31251,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HA zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); @@ -33107,12 +31266,11 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_W_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HA zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -33135,7 +31293,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_RW_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_H if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_RW(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -33153,7 +31310,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_H zval *container; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); @@ -33173,11 +31330,10 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_TMPVAR_HANDLER(ZEND_OP if (IS_CV == IS_CONST || IS_CV == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); } - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_W(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { EXTRACT_ZVAL_PTR(EX_VAR(opline->result.var)); @@ -33188,7 +31344,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_CV_TMPVAR_HANDLER(ZEND_OP if ((IS_TMP_VAR|IS_VAR) == IS_UNUSED) { zend_error_noreturn(E_ERROR, "Cannot use [] for reading"); } - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); @@ -33209,7 +31365,6 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_UNSET_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCOD if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(container); zend_fetch_dimension_address_UNSET(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); if (IS_CV == IS_VAR && READY_TO_DESTROY(free_op1)) { @@ -33229,11 +31384,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_R_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HA zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_r_no_object; + } + } else { + goto fetch_obj_r_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_r_no_object: zend_error(E_NOTICE, "Trying to get property of non-object"); ZVAL_NULL(EX_VAR(opline->result.var)); } else { @@ -33285,7 +31450,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HA SAVE_OPLINE(); property = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an object"); } @@ -33333,11 +31498,21 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_H zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) || - UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: ZVAL_NULL(EX_VAR(opline->result.var)); } else { zval *retval; @@ -33390,7 +31565,7 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_FUNC_ARG_SPEC_CV_TMPVAR_HANDLER(ZEND_OP SAVE_OPLINE(); property = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - container = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_CONST || IS_CV == IS_TMP_VAR) { zend_error_noreturn(E_ERROR, "Cannot use temporary expression in write context"); @@ -33442,13 +31617,13 @@ static int ZEND_FASTCALL ZEND_ASSIGN_OBJ_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN zval *property_name; SAVE_OPLINE(); - object = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + object = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); property_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); if (IS_CV == IS_VAR && UNEXPECTED(object == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object, IS_CV, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_OBJ, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); + zend_assign_to_object(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object, IS_CV, property_name, (IS_TMP_VAR|IS_VAR), (opline+1)->op1_type, (opline+1)->op1, execute_data, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); /* assign_obj has two opcodes! */ @@ -33462,55 +31637,63 @@ static int ZEND_FASTCALL ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN USE_OPLINE zval *object_ptr; + zend_free_op free_op2, free_op_data1; + zval rv; + zval *value; + zval *variable_ptr; + zval *dim; SAVE_OPLINE(); - object_ptr = _get_zval_ptr_cv_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); + object_ptr = _get_zval_ptr_cv_undef_BP_VAR_W(execute_data, opline->op1.var TSRMLS_CC); if (IS_CV == IS_VAR && UNEXPECTED(object_ptr == NULL)) { zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); } - ZVAL_DEREF(object_ptr); - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { - zend_free_op free_op2; - zval *property_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zend_assign_to_object(RETURN_VALUE_USED(opline)?EX_VAR(opline->result.var):NULL, object_ptr, IS_CV, property_name, (opline+1)->op1_type, &(opline+1)->op1, execute_data, ZEND_ASSIGN_DIM, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(property_name)) : NULL) TSRMLS_CC); +try_assign_dim: + if (EXPECTED(Z_TYPE_P(object_ptr) == IS_ARRAY)) { +try_assign_dim_array: + dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + zend_fetch_dimension_address_W(&rv, object_ptr, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); - } else { - zend_free_op free_op2, free_op_data1; - zval rv; - zval *value; - zval *dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - zval *variable_ptr; - - if (UNEXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && - EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { - zend_long offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - zend_assign_to_string_offset(object_ptr, offset, value, (RETURN_VALUE_USED(opline) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); + variable_ptr = Z_INDIRECT(rv); + if (UNEXPECTED(variable_ptr == &EG(error_zval))) { FREE_OP(free_op_data1); + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } } else { - zend_fetch_dimension_address_W(&rv, object_ptr, dim, (IS_TMP_VAR|IS_VAR) TSRMLS_CC); - zval_ptr_dtor_nogc(free_op2); - value = get_zval_ptr_deref((opline+1)->op1_type, &(opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); - ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT); - variable_ptr = Z_INDIRECT(rv); - if (UNEXPECTED(variable_ptr == &EG(error_zval))) { + value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); + if ((opline+1)->op1_type == IS_VAR) { FREE_OP(free_op_data1); - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } - } else { - value = zend_assign_to_variable(variable_ptr, value, (opline+1)->op1_type TSRMLS_CC); - if ((opline+1)->op1_type == IS_VAR) { - FREE_OP(free_op_data1); - } - if (RETURN_VALUE_USED(opline)) { - ZVAL_COPY(EX_VAR(opline->result.var), value); - } + } + if (UNEXPECTED(RETURN_VALUE_USED(opline))) { + ZVAL_COPY(EX_VAR(opline->result.var), value); } } + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_OBJECT)) { + zend_free_op free_op2; + zval *property_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + + zend_assign_to_object_dim(UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL, object_ptr, property_name, (opline+1)->op1_type, (opline+1)->op1, execute_data TSRMLS_CC); + zval_ptr_dtor_nogc(free_op2); + } else if (EXPECTED(Z_TYPE_P(object_ptr) == IS_STRING) && + EXPECTED(Z_STRLEN_P(object_ptr) != 0)) { + zend_long offset; + + dim = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + offset = zend_fetch_string_offset(object_ptr, dim, BP_VAR_W TSRMLS_CC); + zval_ptr_dtor_nogc(free_op2); + value = get_zval_ptr_deref((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1, BP_VAR_R); + zend_assign_to_string_offset(object_ptr, offset, value, (UNEXPECTED(RETURN_VALUE_USED(opline)) ? EX_VAR(opline->result.var) : NULL) TSRMLS_CC); + FREE_OP(free_op_data1); + } else if (EXPECTED(Z_ISREF_P(object_ptr))) { + object_ptr = Z_REFVAL_P(object_ptr); + goto try_assign_dim; + } else { + goto try_assign_dim_array; } /* assign_dim has two opcodes! */ @@ -33541,51 +31724,60 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCO zend_error_noreturn(E_ERROR, "Method name must be a string"); } - object = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); + object = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); - if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { - uint32_t nesting = 1; + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; - if (UNEXPECTED(EG(exception) != NULL)) { - zval_ptr_dtor_nogc(free_op2); - HANDLE_EXCEPTION(); - } + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } - zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); - zval_ptr_dtor_nogc(free_op2); + if (UNEXPECTED(EG(exception) != NULL)) { + zval_ptr_dtor_nogc(free_op2); + HANDLE_EXCEPTION(); + } - if (EG(exception) != NULL) { - HANDLE_EXCEPTION(); - } + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + zval_ptr_dtor_nogc(free_op2); - /* No exception raised: Skip over arguments until fcall opcode with correct - * nesting level. Return NULL (except when return value unused) */ - do { - opline++; - if (opline->opcode == ZEND_INIT_FCALL || - opline->opcode == ZEND_INIT_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || - opline->opcode == ZEND_INIT_METHOD_CALL || - opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || - opline->opcode == ZEND_INIT_USER_CALL || - opline->opcode == ZEND_NEW - ) { - nesting++; - } else if (opline->opcode == ZEND_DO_FCALL) { - nesting--; - } - } while (nesting); + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } - if (RETURN_VALUE_USED(opline)) { - ZVAL_NULL(EX_VAR(opline->result.var)); - } + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } - /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ - if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { - opline++; + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); } - ZEND_VM_JMP(++opline); - } + } while (0); obj = Z_OBJ_P(object); called_scope = obj->ce; @@ -33774,15 +31966,15 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAND if (IS_CV == IS_VAR && UNEXPECTED(container == NULL)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); } - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - SEPARATE_ZVAL_NOREF(container); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); +unset_dim_again: if (IS_CV != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - HashTable *ht = Z_ARRVAL_P(container); + HashTable *ht; + offset_again: + SEPARATE_ARRAY(container); + ht = Z_ARRVAL_P(container); switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -33835,7 +32027,10 @@ num_index_dim: //??? } Z_OBJ_HT_P(container)->unset_dimension(container, offset TSRMLS_CC); zval_ptr_dtor_nogc(free_op2); - } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + } else if (IS_CV != IS_UNUSED && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto unset_dim_again; + } else if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) == IS_STRING)) { zend_error_noreturn(E_ERROR, "Cannot unset string offsets"); ZEND_VM_CONTINUE(); /* bailed out before */ } else { @@ -33860,16 +32055,24 @@ static int ZEND_FASTCALL ZEND_UNSET_OBJ_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAND } offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if (IS_CV != IS_UNUSED) { - ZVAL_DEREF(container); - } - if (IS_CV == IS_UNUSED || Z_TYPE_P(container) == IS_OBJECT) { + do { + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (Z_TYPE_P(container) != IS_OBJECT) { + break; + } + } else { + break; + } + } if (Z_OBJ_HT_P(container)->unset_property) { Z_OBJ_HT_P(container)->unset_property(container, offset, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); } else { zend_error(E_NOTICE, "Trying to unset property of non-object"); } - } + } while (0); + zval_ptr_dtor_nogc(free_op2); CHECK_EXCEPTION(); @@ -33886,9 +32089,10 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CV_TMPVAR_HANDLER(ZEND zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); +isset_dim_obj_again: if (IS_CV != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { HashTable *ht = Z_ARRVAL_P(container); zval *value; @@ -33979,6 +32183,9 @@ num_index_prop: if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } + } else if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; } else { result = ((opline->extended_value & ZEND_ISSET) == 0); } @@ -33999,21 +32206,28 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CV_TMPVAR_HANDLER(ZEN zval *offset; SAVE_OPLINE(); - container = _get_zval_ptr_cv_deref_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); + container = _get_zval_ptr_cv_BP_VAR_IS(execute_data, opline->op1.var TSRMLS_CC); offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if (IS_CV == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { - if (EXPECTED(Z_OBJ_HT_P(container)->has_property)) { - result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if (IS_CV != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } } else { - zend_error(E_NOTICE, "Trying to check property of non-object"); - result = 0; + goto isset_no_object; } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); if ((opline->extended_value & ZEND_ISSET) == 0) { result = !result; } - } else { - result = ((opline->extended_value & ZEND_ISSET) == 0); } zval_ptr_dtor_nogc(free_op2); @@ -34316,6 +32530,72 @@ static int ZEND_FASTCALL ZEND_BOOL_SPEC_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS ZEND_VM_NEXT_OPCODE(); } +static int ZEND_FASTCALL ZEND_CLONE_SPEC_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *obj; + zend_class_entry *ce; + zend_function *clone; + zend_object_clone_obj_t clone_call; + + SAVE_OPLINE(); + obj = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + + do { + if ((IS_TMP_VAR|IS_VAR) == IS_CONST || + ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(obj) != IS_OBJECT))) { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(obj)) { + obj = Z_REFVAL_P(obj); + if (EXPECTED(Z_TYPE_P(obj) == IS_OBJECT)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "__clone method called on non-object"); + } + } while (0); + + ce = Z_OBJCE_P(obj); + clone = ce ? ce->clone : NULL; + clone_call = Z_OBJ_HT_P(obj)->clone_obj; + if (UNEXPECTED(clone_call == NULL)) { + if (ce) { + zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object of class %s", ce->name->val); + } else { + zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object"); + } + } + + if (ce && clone) { + if (clone->op_array.fn_flags & ZEND_ACC_PRIVATE) { + /* Ensure that if we're calling a private function, we're allowed to do so. + */ + if (UNEXPECTED(ce != EG(scope))) { + zend_error_noreturn(E_ERROR, "Call to private %s::__clone() from context '%s'", ce->name->val, EG(scope) ? EG(scope)->name->val : ""); + } + } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) { + /* Ensure that if we're calling a protected function, we're allowed to do so. + */ + if (UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), EG(scope)))) { + zend_error_noreturn(E_ERROR, "Call to protected %s::__clone() from context '%s'", ce->name->val, EG(scope) ? EG(scope)->name->val : ""); + } + } + } + + if (EXPECTED(EG(exception) == NULL)) { + ZVAL_OBJ(EX_VAR(opline->result.var), clone_call(obj TSRMLS_CC)); + if (UNEXPECTED(!RETURN_VALUE_USED(opline)) || UNEXPECTED(EG(exception) != NULL)) { + OBJ_RELEASE(Z_OBJ_P(EX_VAR(opline->result.var))); + } + } + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -34442,6 +32722,37 @@ static int ZEND_FASTCALL ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER(ZEND_OPCODE_H ZEND_VM_NEXT_OPCODE(); } +static int ZEND_FASTCALL ZEND_EXIT_SPEC_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ +#if 0 || ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) + USE_OPLINE + + SAVE_OPLINE(); + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED) { + zend_free_op free_op1; + zval *ptr = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + + do { + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + } else { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(ptr)) { + ptr = Z_REFVAL_P(ptr); + if (Z_TYPE_P(ptr) == IS_LONG) { + EG(exit_status) = Z_LVAL_P(ptr); + break; + } + } + zend_print_variable(ptr TSRMLS_CC); + } + } while (0); + zval_ptr_dtor_nogc(free_op1); + } +#endif + zend_bailout(); + ZEND_VM_NEXT_OPCODE(); /* Never reached */ +} + static int ZEND_FASTCALL ZEND_STRLEN_SPEC_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -34878,6 +33189,253 @@ static int ZEND_FASTCALL ZEND_FETCH_IS_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HA return zend_fetch_var_address_helper_SPEC_TMPVAR_CONST(BP_VAR_IS, ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); } +static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); + + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, opline->op2.zv, IS_CONST TSRMLS_CC); + + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = opline->op2.zv; + + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: + ZVAL_NULL(EX_VAR(opline->result.var)); + } else { + zval *retval; + + /* here we are sure we are dealing with an object */ + do { + if (IS_CONST == IS_CONST && + EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { + zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); + zend_object *zobj = Z_OBJ_P(container); + + if (EXPECTED(prop_info)) { + retval = OBJ_PROP(zobj, prop_info->offset); + if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + break; + } + } else if (EXPECTED(zobj->properties != NULL)) { + retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); + if (EXPECTED(retval)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + break; + } + } + } + + retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); + + if (retval != EX_VAR(opline->result.var)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + } + } while (0); + } + + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + +try_fetch_list: + if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { + + zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), opline->op2.zv, IS_CONST, BP_VAR_R TSRMLS_CC); + + ZVAL_COPY(EX_VAR(opline->result.var), value); + } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT) && + EXPECTED(Z_OBJ_HT_P(container)->read_dimension)) { + zval *result = EX_VAR(opline->result.var); + zval *retval = Z_OBJ_HT_P(container)->read_dimension(container, opline->op2.zv, BP_VAR_R, result TSRMLS_CC); + + if (retval) { + if (result != retval) { + ZVAL_COPY(result, retval); + } + } else { + ZVAL_NULL(result); + } + } else if (Z_TYPE_P(container) == IS_REFERENCE) { + container = Z_REFVAL_P(container); + goto try_fetch_list; + } else { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zval *function_name; + zend_free_op free_op1; + zval *object; + zend_function *fbc; + zend_class_entry *called_scope; + zend_object *obj; + + SAVE_OPLINE(); + + function_name = opline->op2.zv; + + if (IS_CONST != IS_CONST && + UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } + + object = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + + do { + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; + + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } + + if (UNEXPECTED(EG(exception) != NULL)) { + + HANDLE_EXCEPTION(); + } + + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + + zval_ptr_dtor_nogc(free_op1); + + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } + + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); + } + } while (0); + + obj = Z_OBJ_P(object); + called_scope = obj->ce; + + if (IS_CONST != IS_CONST || + EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { + zend_object *orig_obj = obj; + + if (UNEXPECTED(obj->handlers->get_method == NULL)) { + zend_error_noreturn(E_ERROR, "Object does not support method calls"); + } + + /* First, locate the function. */ + fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CONST == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); + if (UNEXPECTED(fbc == NULL)) { + zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); + } + if (IS_CONST == IS_CONST && + EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && + EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && + EXPECTED(obj == orig_obj)) { + CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); + } + } + + if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { + obj = NULL; + } else { + GC_REFCOUNT(obj)++; /* For $this pointer */ + } + + EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, + fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); + + zval_ptr_dtor_nogc(free_op1); + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + static int ZEND_FASTCALL ZEND_CASE_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -35040,6 +33598,162 @@ static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_VAR_SPEC_TMPVAR_CONST_HANDLER(ZEND_ } } +static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + int result; + zend_ulong hval; + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = opline->op2.zv; + +isset_dim_obj_again: + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { + HashTable *ht = Z_ARRVAL_P(container); + zval *value; + zend_string *str; + +isset_again: + if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { + str = Z_STR_P(offset); + if (IS_CONST != IS_CONST) { + if (ZEND_HANDLE_NUMERIC(str, hval)) { + goto num_index_prop; + } + } +str_index_prop: + value = zend_hash_find_ind(ht, str); + } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { + hval = Z_LVAL_P(offset); +num_index_prop: + value = zend_hash_index_find(ht, hval); + } else { + switch (Z_TYPE_P(offset)) { + case IS_DOUBLE: + hval = zend_dval_to_lval(Z_DVAL_P(offset)); + goto num_index_prop; + case IS_NULL: + str = STR_EMPTY_ALLOC(); + goto str_index_prop; + case IS_FALSE: + hval = 0; + goto num_index_prop; + case IS_TRUE: + hval = 1; + goto num_index_prop; + case IS_RESOURCE: + hval = Z_RES_HANDLE_P(offset); + goto num_index_prop; + case IS_REFERENCE: + offset = Z_REFVAL_P(offset); + goto isset_again; + default: + zend_error(E_WARNING, "Illegal offset type in isset or empty"); + value = NULL; + break; + } + } + + if (opline->extended_value & ZEND_ISSET) { + /* > IS_NULL means not IS_UNDEF and not IS_NULL */ + result = value != NULL && Z_TYPE_P(value) > IS_NULL && + (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); + } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { + result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); + } + } else if ((IS_TMP_VAR|IS_VAR) == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { + result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); + } else { + zend_error(E_NOTICE, "Trying to check element of non-array"); + result = 0; + } + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ + zval tmp; + + result = 0; + if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { + if (IS_CONST & (IS_CV|IS_VAR)) { + ZVAL_DEREF(offset); + } + if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { + ZVAL_DUP(&tmp, offset); + convert_to_long(&tmp); + offset = &tmp; + } + } + if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { + if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { + if ((opline->extended_value & ZEND_ISSET) || + Z_STRVAL_P(container)[offset->value.lval] != '0') { + result = 1; + } + } + } + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } else if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; + } else { + result = ((opline->extended_value & ZEND_ISSET) == 0); + } + + ZVAL_BOOL(EX_VAR(opline->result.var), result); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + int result; + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = opline->op2.zv; + + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } + } else { + goto isset_no_object; + } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CONST == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } + + ZVAL_BOOL(EX_VAR(opline->result.var), result); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + static int ZEND_FASTCALL ZEND_INSTANCEOF_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -35975,6 +34689,216 @@ static int ZEND_FASTCALL ZEND_BOOL_XOR_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDL ZEND_VM_NEXT_OPCODE(); } +static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); + + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC), IS_CV TSRMLS_CC); + + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: + ZVAL_NULL(EX_VAR(opline->result.var)); + } else { + zval *retval; + + /* here we are sure we are dealing with an object */ + do { + if (IS_CV == IS_CONST && + EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { + zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); + zend_object *zobj = Z_OBJ_P(container); + + if (EXPECTED(prop_info)) { + retval = OBJ_PROP(zobj, prop_info->offset); + if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + break; + } + } else if (EXPECTED(zobj->properties != NULL)) { + retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); + if (EXPECTED(retval)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + break; + } + } + } + + retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); + + if (retval != EX_VAR(opline->result.var)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + } + } while (0); + } + + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zval *function_name; + zend_free_op free_op1; + zval *object; + zend_function *fbc; + zend_class_entry *called_scope; + zend_object *obj; + + SAVE_OPLINE(); + + function_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + + if (IS_CV != IS_CONST && + UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } + + object = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + + do { + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; + + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } + + if (UNEXPECTED(EG(exception) != NULL)) { + + HANDLE_EXCEPTION(); + } + + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + + zval_ptr_dtor_nogc(free_op1); + + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } + + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); + } + } while (0); + + obj = Z_OBJ_P(object); + called_scope = obj->ce; + + if (IS_CV != IS_CONST || + EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { + zend_object *orig_obj = obj; + + if (UNEXPECTED(obj->handlers->get_method == NULL)) { + zend_error_noreturn(E_ERROR, "Object does not support method calls"); + } + + /* First, locate the function. */ + fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CV == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); + if (UNEXPECTED(fbc == NULL)) { + zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); + } + if (IS_CV == IS_CONST && + EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && + EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && + EXPECTED(obj == orig_obj)) { + CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); + } + } + + if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { + obj = NULL; + } else { + GC_REFCOUNT(obj)++; /* For $this pointer */ + } + + EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, + fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); + + zval_ptr_dtor_nogc(free_op1); + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + static int ZEND_FASTCALL ZEND_CASE_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -35990,6 +34914,162 @@ static int ZEND_FASTCALL ZEND_CASE_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_A ZEND_VM_NEXT_OPCODE(); } +static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + int result; + zend_ulong hval; + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + +isset_dim_obj_again: + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { + HashTable *ht = Z_ARRVAL_P(container); + zval *value; + zend_string *str; + +isset_again: + if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { + str = Z_STR_P(offset); + if (IS_CV != IS_CONST) { + if (ZEND_HANDLE_NUMERIC(str, hval)) { + goto num_index_prop; + } + } +str_index_prop: + value = zend_hash_find_ind(ht, str); + } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { + hval = Z_LVAL_P(offset); +num_index_prop: + value = zend_hash_index_find(ht, hval); + } else { + switch (Z_TYPE_P(offset)) { + case IS_DOUBLE: + hval = zend_dval_to_lval(Z_DVAL_P(offset)); + goto num_index_prop; + case IS_NULL: + str = STR_EMPTY_ALLOC(); + goto str_index_prop; + case IS_FALSE: + hval = 0; + goto num_index_prop; + case IS_TRUE: + hval = 1; + goto num_index_prop; + case IS_RESOURCE: + hval = Z_RES_HANDLE_P(offset); + goto num_index_prop; + case IS_REFERENCE: + offset = Z_REFVAL_P(offset); + goto isset_again; + default: + zend_error(E_WARNING, "Illegal offset type in isset or empty"); + value = NULL; + break; + } + } + + if (opline->extended_value & ZEND_ISSET) { + /* > IS_NULL means not IS_UNDEF and not IS_NULL */ + result = value != NULL && Z_TYPE_P(value) > IS_NULL && + (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); + } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { + result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); + } + } else if ((IS_TMP_VAR|IS_VAR) == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { + result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); + } else { + zend_error(E_NOTICE, "Trying to check element of non-array"); + result = 0; + } + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ + zval tmp; + + result = 0; + if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { + if (IS_CV & (IS_CV|IS_VAR)) { + ZVAL_DEREF(offset); + } + if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { + ZVAL_DUP(&tmp, offset); + convert_to_long(&tmp); + offset = &tmp; + } + } + if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { + if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { + if ((opline->extended_value & ZEND_ISSET) || + Z_STRVAL_P(container)[offset->value.lval] != '0') { + result = 1; + } + } + } + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } else if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; + } else { + result = ((opline->extended_value & ZEND_ISSET) == 0); + } + + ZVAL_BOOL(EX_VAR(opline->result.var), result); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + int result; + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); + + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } + } else { + goto isset_no_object; + } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, ((IS_CV == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } + + ZVAL_BOOL(EX_VAR(opline->result.var), result); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + static int ZEND_FASTCALL ZEND_POW_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -36249,6 +35329,218 @@ static int ZEND_FASTCALL ZEND_BOOL_XOR_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_H ZEND_VM_NEXT_OPCODE(); } +static int ZEND_FASTCALL ZEND_FETCH_DIM_R_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1, free_op2; + zval *container; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + zend_fetch_dimension_address_read_R(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); + zval_ptr_dtor_nogc(free_op2); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_FETCH_DIM_IS_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1, free_op2; + zval *container; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + zend_fetch_dimension_address_read_IS(EX_VAR(opline->result.var), container, _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2), (IS_TMP_VAR|IS_VAR) TSRMLS_CC); + zval_ptr_dtor_nogc(free_op2); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1; + zval *container; + zend_free_op free_op2; + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto fetch_obj_is_no_object; + } + } else { + goto fetch_obj_is_no_object; + } + } + if (UNEXPECTED(Z_OBJ_HT_P(container)->read_property == NULL)) { +fetch_obj_is_no_object: + ZVAL_NULL(EX_VAR(opline->result.var)); + } else { + zval *retval; + + /* here we are sure we are dealing with an object */ + do { + if ((IS_TMP_VAR|IS_VAR) == IS_CONST && + EXPECTED(Z_OBJCE_P(container) == CACHED_PTR(Z_CACHE_SLOT_P(offset)))) { + zend_property_info *prop_info = CACHED_PTR(Z_CACHE_SLOT_P(offset) + 1); + zend_object *zobj = Z_OBJ_P(container); + + if (EXPECTED(prop_info)) { + retval = OBJ_PROP(zobj, prop_info->offset); + if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + break; + } + } else if (EXPECTED(zobj->properties != NULL)) { + retval = zend_hash_find(zobj->properties, Z_STR_P(offset)); + if (EXPECTED(retval)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + break; + } + } + } + + retval = Z_OBJ_HT_P(container)->read_property(container, offset, BP_VAR_IS, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL), EX_VAR(opline->result.var) TSRMLS_CC); + + if (retval != EX_VAR(opline->result.var)) { + ZVAL_COPY(EX_VAR(opline->result.var), retval); + } + } while (0); + } + + zval_ptr_dtor_nogc(free_op2); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zval *function_name; + zend_free_op free_op1, free_op2; + zval *object; + zend_function *fbc; + zend_class_entry *called_scope; + zend_object *obj; + + SAVE_OPLINE(); + + function_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && + UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } + + object = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + + do { + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) { + uint32_t nesting = 1; + + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(object)) { + object = Z_REFVAL_P(object); + if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) { + break; + } + } + + if (UNEXPECTED(EG(exception) != NULL)) { + zval_ptr_dtor_nogc(free_op2); + HANDLE_EXCEPTION(); + } + + zend_error(E_RECOVERABLE_ERROR, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object))); + zval_ptr_dtor_nogc(free_op2); + zval_ptr_dtor_nogc(free_op1); + + if (EG(exception) != NULL) { + HANDLE_EXCEPTION(); + } + + /* No exception raised: Skip over arguments until fcall opcode with correct + * nesting level. Return NULL (except when return value unused) */ + do { + opline++; + if (opline->opcode == ZEND_INIT_FCALL || + opline->opcode == ZEND_INIT_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME || + opline->opcode == ZEND_INIT_METHOD_CALL || + opline->opcode == ZEND_INIT_STATIC_METHOD_CALL || + opline->opcode == ZEND_INIT_USER_CALL || + opline->opcode == ZEND_NEW + ) { + nesting++; + } else if (opline->opcode == ZEND_DO_FCALL) { + nesting--; + } + } while (nesting); + + if (RETURN_VALUE_USED(opline)) { + ZVAL_NULL(EX_VAR(opline->result.var)); + } + + /* We've skipped EXT_FCALL_BEGIND, so also skip the ending opcode */ + if ((opline + 1)->opcode == ZEND_EXT_FCALL_END) { + opline++; + } + ZEND_VM_JMP(++opline); + } + } while (0); + + obj = Z_OBJ_P(object); + called_scope = obj->ce; + + if ((IS_TMP_VAR|IS_VAR) != IS_CONST || + EXPECTED((fbc = CACHED_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope)) == NULL)) { + zend_object *orig_obj = obj; + + if (UNEXPECTED(obj->handlers->get_method == NULL)) { + zend_error_noreturn(E_ERROR, "Object does not support method calls"); + } + + /* First, locate the function. */ + fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (opline->op2.zv + 1) : NULL) TSRMLS_CC); + if (UNEXPECTED(fbc == NULL)) { + zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", obj->ce->name->val, Z_STRVAL_P(function_name)); + } + if ((IS_TMP_VAR|IS_VAR) == IS_CONST && + EXPECTED(fbc->type <= ZEND_USER_FUNCTION) && + EXPECTED((fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0) && + EXPECTED(obj == orig_obj)) { + CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc); + } + } + + if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) { + obj = NULL; + } else { + GC_REFCOUNT(obj)++; /* For $this pointer */ + } + + EX(call) = zend_vm_stack_push_call_frame(ZEND_CALL_NESTED_FUNCTION, + fbc, opline->extended_value, called_scope, obj, EX(call) TSRMLS_CC); + + zval_ptr_dtor_nogc(free_op2); + zval_ptr_dtor_nogc(free_op1); + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + static int ZEND_FASTCALL ZEND_CASE_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -36265,6 +35557,164 @@ static int ZEND_FASTCALL ZEND_CASE_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDL ZEND_VM_NEXT_OPCODE(); } +static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1, free_op2; + zval *container; + int result; + zend_ulong hval; + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + +isset_dim_obj_again: + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { + HashTable *ht = Z_ARRVAL_P(container); + zval *value; + zend_string *str; + +isset_again: + if (EXPECTED(Z_TYPE_P(offset) == IS_STRING)) { + str = Z_STR_P(offset); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST) { + if (ZEND_HANDLE_NUMERIC(str, hval)) { + goto num_index_prop; + } + } +str_index_prop: + value = zend_hash_find_ind(ht, str); + } else if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { + hval = Z_LVAL_P(offset); +num_index_prop: + value = zend_hash_index_find(ht, hval); + } else { + switch (Z_TYPE_P(offset)) { + case IS_DOUBLE: + hval = zend_dval_to_lval(Z_DVAL_P(offset)); + goto num_index_prop; + case IS_NULL: + str = STR_EMPTY_ALLOC(); + goto str_index_prop; + case IS_FALSE: + hval = 0; + goto num_index_prop; + case IS_TRUE: + hval = 1; + goto num_index_prop; + case IS_RESOURCE: + hval = Z_RES_HANDLE_P(offset); + goto num_index_prop; + case IS_REFERENCE: + offset = Z_REFVAL_P(offset); + goto isset_again; + default: + zend_error(E_WARNING, "Illegal offset type in isset or empty"); + value = NULL; + break; + } + } + + if (opline->extended_value & ZEND_ISSET) { + /* > IS_NULL means not IS_UNDEF and not IS_NULL */ + result = value != NULL && Z_TYPE_P(value) > IS_NULL && + (!Z_ISREF_P(value) || Z_TYPE_P(Z_REFVAL_P(value)) != IS_NULL); + } else /* if (opline->extended_value & ZEND_ISEMPTY) */ { + result = (value == NULL || !i_zend_is_true(value TSRMLS_CC)); + } + } else if ((IS_TMP_VAR|IS_VAR) == IS_UNUSED || EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) { + if (EXPECTED(Z_OBJ_HT_P(container)->has_dimension)) { + result = Z_OBJ_HT_P(container)->has_dimension(container, offset, (opline->extended_value & ZEND_ISSET) == 0 TSRMLS_CC); + } else { + zend_error(E_NOTICE, "Trying to check element of non-array"); + result = 0; + } + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } else if (EXPECTED(Z_TYPE_P(container) == IS_STRING)) { /* string offsets */ + zval tmp; + + result = 0; + if (UNEXPECTED(Z_TYPE_P(offset) != IS_LONG)) { + if ((IS_TMP_VAR|IS_VAR) & (IS_CV|IS_VAR)) { + ZVAL_DEREF(offset); + } + if (Z_TYPE_P(offset) < IS_STRING /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) { + ZVAL_DUP(&tmp, offset); + convert_to_long(&tmp); + offset = &tmp; + } + } + if (EXPECTED(Z_TYPE_P(offset) == IS_LONG)) { + if (offset->value.lval >= 0 && (size_t)offset->value.lval < Z_STRLEN_P(container)) { + if ((opline->extended_value & ZEND_ISSET) || + Z_STRVAL_P(container)[offset->value.lval] != '0') { + result = 1; + } + } + } + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } else if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + goto isset_dim_obj_again; + } else { + result = ((opline->extended_value & ZEND_ISSET) == 0); + } + + zval_ptr_dtor_nogc(free_op2); + ZVAL_BOOL(EX_VAR(opline->result.var), result); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + +static int ZEND_FASTCALL ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zend_free_op free_op1, free_op2; + zval *container; + int result; + zval *offset; + + SAVE_OPLINE(); + container = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); + offset = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); + + if ((IS_TMP_VAR|IS_VAR) != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(container)) { + container = Z_REFVAL_P(container); + if (UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) { + goto isset_no_object; + } + } else { + goto isset_no_object; + } + } + if (UNEXPECTED(!Z_OBJ_HT_P(container)->has_property)) { + zend_error(E_NOTICE, "Trying to check property of non-object"); +isset_no_object: + result = ((opline->extended_value & ZEND_ISSET) == 0); + } else { + result = Z_OBJ_HT_P(container)->has_property(container, offset, (opline->extended_value & ZEND_ISSET) == 0, (((IS_TMP_VAR|IS_VAR) == IS_CONST) ? (EX(run_time_cache) + Z_CACHE_SLOT_P(offset)) : NULL) TSRMLS_CC); + if ((opline->extended_value & ZEND_ISSET) == 0) { + result = !result; + } + } + + zval_ptr_dtor_nogc(free_op2); + ZVAL_BOOL(EX_VAR(opline->result.var), result); + zval_ptr_dtor_nogc(free_op1); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); +} + static int ZEND_FASTCALL ZEND_POW_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -38270,16 +37720,16 @@ void zend_init_opcodes_handlers(void) ZEND_EXIT_SPEC_CONST_HANDLER, ZEND_EXIT_SPEC_CONST_HANDLER, ZEND_EXIT_SPEC_CONST_HANDLER, - ZEND_EXIT_SPEC_TMP_HANDLER, - ZEND_EXIT_SPEC_TMP_HANDLER, - ZEND_EXIT_SPEC_TMP_HANDLER, - ZEND_EXIT_SPEC_TMP_HANDLER, - ZEND_EXIT_SPEC_TMP_HANDLER, - ZEND_EXIT_SPEC_VAR_HANDLER, - ZEND_EXIT_SPEC_VAR_HANDLER, - ZEND_EXIT_SPEC_VAR_HANDLER, - ZEND_EXIT_SPEC_VAR_HANDLER, - ZEND_EXIT_SPEC_VAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, + ZEND_EXIT_SPEC_TMPVAR_HANDLER, ZEND_EXIT_SPEC_UNUSED_HANDLER, ZEND_EXIT_SPEC_UNUSED_HANDLER, ZEND_EXIT_SPEC_UNUSED_HANDLER, @@ -38320,16 +37770,16 @@ void zend_init_opcodes_handlers(void) ZEND_FETCH_DIM_R_SPEC_CONST_TMPVAR_HANDLER, ZEND_NULL_HANDLER, ZEND_FETCH_DIM_R_SPEC_CONST_CV_HANDLER, - ZEND_FETCH_DIM_R_SPEC_TMP_CONST_HANDLER, - ZEND_FETCH_DIM_R_SPEC_TMP_TMPVAR_HANDLER, - ZEND_FETCH_DIM_R_SPEC_TMP_TMPVAR_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_CONST_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_DIM_R_SPEC_TMP_CV_HANDLER, - ZEND_FETCH_DIM_R_SPEC_VAR_CONST_HANDLER, - ZEND_FETCH_DIM_R_SPEC_VAR_TMPVAR_HANDLER, - ZEND_FETCH_DIM_R_SPEC_VAR_TMPVAR_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_CV_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_CONST_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_DIM_R_SPEC_VAR_CV_HANDLER, + ZEND_FETCH_DIM_R_SPEC_TMPVAR_CV_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, @@ -38545,16 +37995,16 @@ void zend_init_opcodes_handlers(void) ZEND_FETCH_DIM_IS_SPEC_CONST_TMPVAR_HANDLER, ZEND_NULL_HANDLER, ZEND_FETCH_DIM_IS_SPEC_CONST_CV_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_TMP_CONST_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_TMP_TMPVAR_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_TMP_TMPVAR_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_CONST_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_TMP_CV_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_VAR_CONST_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_VAR_TMPVAR_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_VAR_TMPVAR_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_CV_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_CONST_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_DIM_IS_SPEC_VAR_CV_HANDLER, + ZEND_FETCH_DIM_IS_SPEC_TMPVAR_CV_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, @@ -38570,16 +38020,16 @@ void zend_init_opcodes_handlers(void) ZEND_FETCH_OBJ_IS_SPEC_CONST_TMPVAR_HANDLER, ZEND_NULL_HANDLER, ZEND_FETCH_OBJ_IS_SPEC_CONST_CV_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_TMP_CONST_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_TMP_TMPVAR_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_TMP_TMPVAR_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_CONST_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_TMP_CV_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_VAR_CONST_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_VAR_TMPVAR_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_VAR_TMPVAR_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_CV_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_CONST_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_OBJ_IS_SPEC_VAR_CV_HANDLER, + ZEND_FETCH_OBJ_IS_SPEC_TMPVAR_CV_HANDLER, ZEND_FETCH_OBJ_IS_SPEC_UNUSED_CONST_HANDLER, ZEND_FETCH_OBJ_IS_SPEC_UNUSED_TMPVAR_HANDLER, ZEND_FETCH_OBJ_IS_SPEC_UNUSED_TMPVAR_HANDLER, @@ -38745,12 +38195,12 @@ void zend_init_opcodes_handlers(void) ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_LIST_SPEC_TMP_CONST_HANDLER, + ZEND_FETCH_LIST_SPEC_TMPVAR_CONST_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, - ZEND_FETCH_LIST_SPEC_VAR_CONST_HANDLER, + ZEND_FETCH_LIST_SPEC_TMPVAR_CONST_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, @@ -39045,16 +38495,16 @@ void zend_init_opcodes_handlers(void) ZEND_CLONE_SPEC_CONST_HANDLER, ZEND_CLONE_SPEC_CONST_HANDLER, ZEND_CLONE_SPEC_CONST_HANDLER, - ZEND_CLONE_SPEC_TMP_HANDLER, - ZEND_CLONE_SPEC_TMP_HANDLER, - ZEND_CLONE_SPEC_TMP_HANDLER, - ZEND_CLONE_SPEC_TMP_HANDLER, - ZEND_CLONE_SPEC_TMP_HANDLER, - ZEND_CLONE_SPEC_VAR_HANDLER, - ZEND_CLONE_SPEC_VAR_HANDLER, - ZEND_CLONE_SPEC_VAR_HANDLER, - ZEND_CLONE_SPEC_VAR_HANDLER, - ZEND_CLONE_SPEC_VAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, + ZEND_CLONE_SPEC_TMPVAR_HANDLER, ZEND_CLONE_SPEC_UNUSED_HANDLER, ZEND_CLONE_SPEC_UNUSED_HANDLER, ZEND_CLONE_SPEC_UNUSED_HANDLER, @@ -39095,16 +38545,16 @@ void zend_init_opcodes_handlers(void) ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_TMP_CONST_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_TMP_TMPVAR_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_TMP_TMPVAR_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CONST_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_TMP_CV_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_VAR_CONST_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_VAR_TMPVAR_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_VAR_TMPVAR_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CV_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CONST_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_INIT_METHOD_CALL_SPEC_VAR_CV_HANDLER, + ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CV_HANDLER, ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CONST_HANDLER, ZEND_INIT_METHOD_CALL_SPEC_UNUSED_TMPVAR_HANDLER, ZEND_INIT_METHOD_CALL_SPEC_UNUSED_TMPVAR_HANDLER, @@ -39170,16 +38620,16 @@ void zend_init_opcodes_handlers(void) ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CONST_TMPVAR_HANDLER, ZEND_NULL_HANDLER, ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_CONST_CV_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMP_CONST_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMP_TMPVAR_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMP_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_CONST_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMP_CV_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_VAR_CONST_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_VAR_TMPVAR_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_VAR_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_CV_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_CONST_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_VAR_CV_HANDLER, + ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_TMPVAR_CV_HANDLER, ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_UNUSED_CONST_HANDLER, ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_UNUSED_TMPVAR_HANDLER, ZEND_ISSET_ISEMPTY_DIM_OBJ_SPEC_UNUSED_TMPVAR_HANDLER, @@ -39995,16 +39445,16 @@ void zend_init_opcodes_handlers(void) ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CONST_TMPVAR_HANDLER, ZEND_NULL_HANDLER, ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_CONST_CV_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMP_CONST_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMP_TMPVAR_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMP_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_CONST_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMP_CV_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_VAR_CONST_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_VAR_TMPVAR_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_VAR_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_CV_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_CONST_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_TMPVAR_HANDLER, ZEND_NULL_HANDLER, - ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_VAR_CV_HANDLER, + ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_TMPVAR_CV_HANDLER, ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_UNUSED_CONST_HANDLER, ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_UNUSED_TMPVAR_HANDLER, ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_UNUSED_TMPVAR_HANDLER, diff --git a/Zend/zend_vm_gen.php b/Zend/zend_vm_gen.php index 60d93d8bab..f72531d44d 100644 --- a/Zend/zend_vm_gen.php +++ b/Zend/zend_vm_gen.php @@ -134,7 +134,7 @@ $op2_free = array( ); $op1_get_zval_ptr = array( - "ANY" => "get_zval_ptr(opline->op1_type, &opline->op1, execute_data, &free_op1, \\1)", + "ANY" => "get_zval_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1)", "VAR" => "_get_zval_ptr_var(opline->op1.var, execute_data, &free_op1)", "CONST" => "opline->op1.zv", @@ -144,7 +144,7 @@ $op1_get_zval_ptr = array( ); $op2_get_zval_ptr = array( - "ANY" => "get_zval_ptr(opline->op2_type, &opline->op2, execute_data, &free_op2, \\1)", + "ANY" => "get_zval_ptr(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op2.var, execute_data, &free_op2)", "VAR" => "_get_zval_ptr_var(opline->op2.var, execute_data, &free_op2)", "CONST" => "opline->op2.zv", @@ -154,7 +154,7 @@ $op2_get_zval_ptr = array( ); $op1_get_zval_ptr_ptr = array( - "ANY" => "get_zval_ptr_ptr(opline->op1_type, &opline->op1, execute_data, &free_op1, \\1)", + "ANY" => "get_zval_ptr_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", "TMP" => "NULL", "VAR" => "_get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1)", "CONST" => "NULL", @@ -164,7 +164,7 @@ $op1_get_zval_ptr_ptr = array( ); $op2_get_zval_ptr_ptr = array( - "ANY" => "get_zval_ptr_ptr(opline->op2_type, &opline->op2, execute_data, &free_op2, \\1)", + "ANY" => "get_zval_ptr_ptr(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", "TMP" => "NULL", "VAR" => "_get_zval_ptr_ptr_var(opline->op2.var, execute_data, &free_op2)", "CONST" => "NULL", @@ -174,7 +174,7 @@ $op2_get_zval_ptr_ptr = array( ); $op1_get_zval_ptr_deref = array( - "ANY" => "get_zval_ptr_deref(opline->op1_type, &opline->op1, execute_data, &free_op1, \\1)", + "ANY" => "get_zval_ptr_deref(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1)", "VAR" => "_get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1)", "CONST" => "opline->op1.zv", @@ -184,7 +184,7 @@ $op1_get_zval_ptr_deref = array( ); $op2_get_zval_ptr_deref = array( - "ANY" => "get_zval_ptr_deref(opline->op2_type, &opline->op2, execute_data, &free_op2, \\1)", + "ANY" => "get_zval_ptr_deref(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op2.var, execute_data, &free_op2)", "VAR" => "_get_zval_ptr_var_deref(opline->op2.var, execute_data, &free_op2)", "CONST" => "opline->op2.zv", @@ -194,7 +194,7 @@ $op2_get_zval_ptr_deref = array( ); $op1_get_zval_ptr_ptr_undef = array( - "ANY" => "get_zval_ptr_ptr_undef(opline->op1_type, &opline->op1, execute_data, &free_op1, \\1)", + "ANY" => "get_zval_ptr_ptr_undef(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", "TMP" => "NULL", "VAR" => "_get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1)", "CONST" => "NULL", @@ -204,7 +204,7 @@ $op1_get_zval_ptr_ptr_undef = array( ); $op2_get_zval_ptr_ptr_undef = array( - "ANY" => "get_zval_ptr_ptr_undef(opline->op2_type, &opline->op2, execute_data, &free_op2, \\1)", + "ANY" => "get_zval_ptr_ptr_undef(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", "TMP" => "NULL", "VAR" => "_get_zval_ptr_ptr_var(opline->op2.var, execute_data, &free_op2)", "CONST" => "NULL", @@ -214,7 +214,7 @@ $op2_get_zval_ptr_ptr_undef = array( ); $op1_get_obj_zval_ptr = array( - "ANY" => "get_obj_zval_ptr(opline->op1_type, &opline->op1, execute_data, &free_op1, \\1)", + "ANY" => "get_obj_zval_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1)", "VAR" => "_get_zval_ptr_var(opline->op1.var, execute_data, &free_op1)", "CONST" => "opline->op1.zv", @@ -224,7 +224,7 @@ $op1_get_obj_zval_ptr = array( ); $op2_get_obj_zval_ptr = array( - "ANY" => "get_obj_zval_ptr(opline->op2_type, &opline->op2, execute_data, &free_op2, \\1)", + "ANY" => "get_obj_zval_ptr(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op2.var, execute_data, &free_op2)", "VAR" => "_get_zval_ptr_var(opline->op2.var, execute_data, &free_op2)", "CONST" => "opline->op2.zv", @@ -234,7 +234,7 @@ $op2_get_obj_zval_ptr = array( ); $op1_get_obj_zval_ptr_deref = array( - "ANY" => "get_obj_zval_ptr(opline->op1_type, &opline->op1, execute_data, &free_op1, \\1)", + "ANY" => "get_obj_zval_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1)", "VAR" => "_get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1)", "CONST" => "opline->op1.zv", @@ -244,7 +244,7 @@ $op1_get_obj_zval_ptr_deref = array( ); $op2_get_obj_zval_ptr_deref = array( - "ANY" => "get_obj_zval_ptr(opline->op2_type, &opline->op2, execute_data, &free_op2, \\1)", + "ANY" => "get_obj_zval_ptr(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", "TMP" => "_get_zval_ptr_tmp(opline->op2.var, execute_data, &free_op2)", "VAR" => "_get_zval_ptr_var_deref(opline->op2.var, execute_data, &free_op2)", "CONST" => "opline->op2.zv", @@ -254,7 +254,7 @@ $op2_get_obj_zval_ptr_deref = array( ); $op1_get_obj_zval_ptr_ptr = array( - "ANY" => "get_obj_zval_ptr_ptr(opline->op1_type, &opline->op1, execute_data, &free_op1, \\1)", + "ANY" => "get_obj_zval_ptr_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", "TMP" => "NULL", "VAR" => "_get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1)", "CONST" => "NULL", @@ -264,7 +264,7 @@ $op1_get_obj_zval_ptr_ptr = array( ); $op2_get_obj_zval_ptr_ptr = array( - "ANY" => "get_obj_zval_ptr_ptr(opline->op2_type, &opline->op2, execute_data, &free_op2, \\1)", + "ANY" => "get_obj_zval_ptr_ptr(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", "TMP" => "NULL", "VAR" => "_get_zval_ptr_ptr_var(opline->op2.var, execute_data, &free_op2)", "CONST" => "NULL", @@ -273,6 +273,26 @@ $op2_get_obj_zval_ptr_ptr = array( "TMPVAR" => "???", ); +$op1_get_obj_zval_ptr_ptr_undef = array( + "ANY" => "get_obj_zval_ptr_ptr(opline->op1_type, opline->op1, execute_data, &free_op1, \\1)", + "TMP" => "NULL", + "VAR" => "_get_zval_ptr_ptr_var(opline->op1.var, execute_data, &free_op1)", + "CONST" => "NULL", + "UNUSED" => "_get_obj_zval_ptr_unused(execute_data)", + "CV" => "_get_zval_ptr_cv_undef_\\1(execute_data, opline->op1.var TSRMLS_CC)", + "TMPVAR" => "???", +); + +$op2_get_obj_zval_ptr_ptr_undef = array( + "ANY" => "get_obj_zval_ptr_ptr(opline->op2_type, opline->op2, execute_data, &free_op2, \\1)", + "TMP" => "NULL", + "VAR" => "_get_zval_ptr_ptr_var(opline->op2.var, execute_data, &free_op2)", + "CONST" => "NULL", + "UNUSED" => "_get_obj_zval_ptr_unused(execute_data)", + "CV" => "_get_zval_ptr_cv_undef_\\1(execute_data, opline->op2.var TSRMLS_CC)", + "TMPVAR" => "???", +); + $op1_free_op = array( "ANY" => "FREE_OP(free_op1)", "TMP" => "zval_ptr_dtor_nogc(free_op1)", @@ -384,6 +404,7 @@ function gen_code($f, $spec, $kind, $export, $code, $op1, $op2, $name) { $op1_get_obj_zval_ptr, $op2_get_obj_zval_ptr, $op1_get_obj_zval_ptr_deref, $op2_get_obj_zval_ptr_deref, $op1_get_obj_zval_ptr_ptr, $op2_get_obj_zval_ptr_ptr, + $op1_get_obj_zval_ptr_ptr_undef, $op2_get_obj_zval_ptr_ptr_undef, $op1_free, $op2_free, $op1_free_op, $op2_free_op, $op1_free_op_if_var, $op2_free_op_if_var, $op1_free_op_var_ptr, $op2_free_op_var_ptr, $prefix; @@ -409,6 +430,8 @@ function gen_code($f, $spec, $kind, $export, $code, $op1, $op2, $name) { "/GET_OP2_OBJ_ZVAL_PTR_DEREF\(([^)]*)\)/", "/GET_OP1_OBJ_ZVAL_PTR_PTR\(([^)]*)\)/", "/GET_OP2_OBJ_ZVAL_PTR_PTR\(([^)]*)\)/", + "/GET_OP1_OBJ_ZVAL_PTR_PTR_UNDEF\(([^)]*)\)/", + "/GET_OP2_OBJ_ZVAL_PTR_PTR_UNDEF\(([^)]*)\)/", "/FREE_OP1\(\)/", "/FREE_OP2\(\)/", "/FREE_OP1_IF_VAR\(\)/", @@ -445,6 +468,8 @@ function gen_code($f, $spec, $kind, $export, $code, $op1, $op2, $name) { $op2_get_obj_zval_ptr_deref[$op2], $op1_get_obj_zval_ptr_ptr[$op1], $op2_get_obj_zval_ptr_ptr[$op2], + $op1_get_obj_zval_ptr_ptr_undef[$op1], + $op2_get_obj_zval_ptr_ptr_undef[$op2], $op1_free_op[$op1], $op2_free_op[$op2], $op1_free_op_if_var[$op1], diff --git a/ext/date/lib/dow.c b/ext/date/lib/dow.c index 1739566728..4438b723d2 100644 --- a/ext/date/lib/dow.c +++ b/ext/date/lib/dow.c @@ -23,9 +23,21 @@ static int m_table_common[13] = { -1, 0, 3, 3, 6, 1, 4, 6, 2, 5, 0, 3, 5 }; /* 1 = jan */ static int m_table_leap[13] = { -1, 6, 2, 3, 6, 1, 4, 6, 2, 5, 0, 3, 5 }; /* 1 = jan */ +static timelib_sll positive_mod(timelib_sll x, timelib_sll y) +{ + timelib_sll tmp; + + tmp = x % y; + if (tmp < 0) { + tmp += y; + } + + return tmp; +} + static timelib_sll century_value(timelib_sll j) { - return 6 - (j % 4) * 2; + return 6 - positive_mod(j, 4) * 2; } static timelib_sll timelib_day_of_week_ex(timelib_sll y, timelib_sll m, timelib_sll d, int iso) @@ -36,9 +48,9 @@ static timelib_sll timelib_day_of_week_ex(timelib_sll y, timelib_sll m, timelib_ * Julian calendar. We just return the 'wrong' day of week to be * consistent. */ c1 = century_value(y / 100); - y1 = (y % 100); + y1 = positive_mod(y, 100); m1 = timelib_is_leap(y) ? m_table_leap[m] : m_table_common[m]; - dow = (c1 + y1 + m1 + (y1 / 4) + d) % 7; + dow = positive_mod((c1 + y1 + m1 + (y1 / 4) + d), 7); if (iso) { if (dow == 0) { dow = 7; diff --git a/ext/date/tests/DateTime_setISODate_variation1.phpt b/ext/date/tests/DateTime_setISODate_variation1.phpt index d685f27ed0..a4e8865e73 100644 --- a/ext/date/tests/DateTime_setISODate_variation1.phpt +++ b/ext/date/tests/DateTime_setISODate_variation1.phpt @@ -145,7 +145,7 @@ object(DateTime)#%d (3) { -- int -12345 -- object(DateTime)#%d (3) { ["date"]=> - string(28) "-12345-02-15 08:34:10.000000" + string(28) "-12345-02-11 08:34:10.000000" ["timezone_type"]=> int(3) ["timezone"]=> @@ -165,7 +165,7 @@ object(DateTime)#%d (3) { -- float -10.5 -- object(DateTime)#%d (3) { ["date"]=> - string(27) "-0010-02-19 08:34:10.000000" + string(27) "-0010-02-14 08:34:10.000000" ["timezone_type"]=> int(3) ["timezone"]=> diff --git a/ext/date/tests/bug49585.phpt b/ext/date/tests/bug49585.phpt index 2ec14245ea..d21bba6c5c 100644 --- a/ext/date/tests/bug49585.phpt +++ b/ext/date/tests/bug49585.phpt @@ -10,7 +10,8 @@ var_dump($date->format('r')); $date->setDate(-2147483648, 1, 1); var_dump($date->format('r')); var_dump($date->format('c')); +?> --EXPECT-- -string(32) "Sat, 01 Jan -1500 00:00:00 +0000" -string(42) "Unknown, 01 Jan -2147483648 00:00:00 +0000" +string(32) "Fri, 01 Jan -1500 00:00:00 +0000" +string(38) "Mon, 01 Jan -2147483648 00:00:00 +0000" string(32) "-2147483648-01-01T00:00:00+00:00" diff --git a/ext/date/tests/date_isodate_set_variation2.phpt b/ext/date/tests/date_isodate_set_variation2.phpt index 5b59a696c6..3c3b6924bb 100644 --- a/ext/date/tests/date_isodate_set_variation2.phpt +++ b/ext/date/tests/date_isodate_set_variation2.phpt @@ -145,7 +145,7 @@ object(DateTime)#%d (3) { -- int -12345 -- object(DateTime)#%d (3) { ["date"]=> - string(28) "-12345-02-15 08:34:10.000000" + string(28) "-12345-02-11 08:34:10.000000" ["timezone_type"]=> int(3) ["timezone"]=> @@ -165,7 +165,7 @@ object(DateTime)#%d (3) { -- float -10.5 -- object(DateTime)#%d (3) { ["date"]=> - string(27) "-0010-02-19 08:34:10.000000" + string(27) "-0010-02-14 08:34:10.000000" ["timezone_type"]=> int(3) ["timezone"]=> diff --git a/ext/date/tests/getdate_variation7.phpt b/ext/date/tests/getdate_variation7.phpt index 5af2dd53fc..2088fa1792 100644 --- a/ext/date/tests/getdate_variation7.phpt +++ b/ext/date/tests/getdate_variation7.phpt @@ -61,7 +61,7 @@ array\(11\) { \["mday"\]=> int\((9|14|23)\) \["wday"\]=> - int\((6|-4)\) + int\(0\) \["mon"\]=> int\((10|12)\) \["year"\]=> @@ -69,7 +69,7 @@ array\(11\) { \["yday"\]=> int\((282|347|295)\) \["weekday"\]=> - string\((8|7)\) "(Saturday|Unknown)" + string\(6\) "Sunday" \["month"\]=> string\((7|8)\) "(October|December)" \[0\]=> diff --git a/ext/date/tests/localtime_variation3.phpt b/ext/date/tests/localtime_variation3.phpt index d941e3891e..34d8f57f01 100644 --- a/ext/date/tests/localtime_variation3.phpt +++ b/ext/date/tests/localtime_variation3.phpt @@ -87,7 +87,7 @@ array\(9\) { \[5\]=> int\((104|1|-3843)\) \[6\]=> - int\((5|-5)\) + int\(6\) \[7\]=> int\((281|346|294)\) \[8\]=> @@ -107,7 +107,7 @@ array\(9\) { \["tm_year"\]=> int\((104|1|-3843)\) \["tm_wday"\]=> - int\((5|-5)\) + int\(6\) \["tm_yday"\]=> int\((281|346|294)\) \["tm_isdst"\]=> diff --git a/ext/fileinfo/config.m4 b/ext/fileinfo/config.m4 index a11dbf8dac..7e98d62d8b 100644 --- a/ext/fileinfo/config.m4 +++ b/ext/fileinfo/config.m4 @@ -11,7 +11,7 @@ if test "$PHP_FILEINFO" != "no"; then libmagic/cdf.c libmagic/cdf_time.c libmagic/compress.c \ libmagic/encoding.c libmagic/fsmagic.c libmagic/funcs.c \ libmagic/is_tar.c libmagic/magic.c libmagic/print.c \ - libmagic/readcdf.c libmagic/readelf.c libmagic/softmagic.c" + libmagic/readcdf.c libmagic/softmagic.c" AC_MSG_CHECKING([for strcasestr]) AC_TRY_RUN([ diff --git a/ext/fileinfo/config.w32 b/ext/fileinfo/config.w32 index 873a12c2f4..9a14921322 100644 --- a/ext/fileinfo/config.w32 +++ b/ext/fileinfo/config.w32 @@ -8,7 +8,7 @@ if (PHP_FILEINFO != 'no') { cdf.c cdf_time.c compress.c \ encoding.c fsmagic.c funcs.c \ is_tar.c magic.c print.c \ - readcdf.c readelf.c softmagic.c"; + readcdf.c softmagic.c"; if (VCVERS < 1500) { ADD_FLAG('CFLAGS', '/Zm1000'); diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch index 30f1e9b450..b8e43b602d 100644 --- a/ext/fileinfo/libmagic.patch +++ b/ext/fileinfo/libmagic.patch @@ -3038,341 +3038,6 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c } if (NOTMIME(ms)) { if (str != NULL) { -diff -u libmagic.orig/readelf.c libmagic/readelf.c ---- libmagic.orig/readelf.c Tue Nov 5 16:44:01 2013 -+++ libmagic/readelf.c Sat Oct 25 11:42:59 2014 -@@ -42,14 +42,14 @@ - #include "magic.h" - - #ifdef ELFCORE --private int dophn_core(struct magic_set *, int, int, int, off_t, int, size_t, -- off_t, int *); -+private int dophn_core(struct magic_set *, int, int, int, zend_off_t, int, size_t, -+ zend_off_t, int *); - #endif - private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t, -- off_t, int *, int); -+ zend_off_t, int *, int); - private int doshn(struct magic_set *, int, int, int, off_t, int, size_t, -- off_t, int *, int, int); --private size_t donote(struct magic_set *, void *, size_t, size_t, int, -+ zend_off_t, int *, int); -+private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int, - int, size_t, int *); - - #define ELF_ALIGN(a) ((((a) + align - 1) / align) * align) -@@ -127,7 +127,13 @@ - - #define elf_getu16(swap, value) getu16(swap, value) - #define elf_getu32(swap, value) getu32(swap, value) --#define elf_getu64(swap, value) getu64(swap, value) -+#ifdef USE_ARRAY_FOR_64BIT_TYPES -+# define elf_getu64(swap, array) \ -+ ((swap ? ((uint64_t)elf_getu32(swap, array[0])) << 32 : elf_getu32(swap, array[0])) + \ -+ (swap ? elf_getu32(swap, array[1]) : ((uint64_t)elf_getu32(swap, array[1]) << 32))) -+#else -+# define elf_getu64(swap, value) getu64(swap, value) -+#endif - - #define xsh_addr (clazz == ELFCLASS32 \ - ? (void *)&sh32 \ -@@ -138,7 +144,7 @@ - #define xsh_size (size_t)(clazz == ELFCLASS32 \ - ? elf_getu32(swap, sh32.sh_size) \ - : elf_getu64(swap, sh64.sh_size)) --#define xsh_offset (off_t)(clazz == ELFCLASS32 \ -+#define xsh_offset (zend_off_t)(clazz == ELFCLASS32 \ - ? elf_getu32(swap, sh32.sh_offset) \ - : elf_getu64(swap, sh64.sh_offset)) - #define xsh_type (clazz == ELFCLASS32 \ -@@ -156,13 +162,13 @@ - #define xph_type (clazz == ELFCLASS32 \ - ? elf_getu32(swap, ph32.p_type) \ - : elf_getu32(swap, ph64.p_type)) --#define xph_offset (off_t)(clazz == ELFCLASS32 \ -+#define xph_offset (zend_off_t)(clazz == ELFCLASS32 \ - ? elf_getu32(swap, ph32.p_offset) \ - : elf_getu64(swap, ph64.p_offset)) - #define xph_align (size_t)((clazz == ELFCLASS32 \ -- ? (off_t) (ph32.p_align ? \ -+ ? (zend_off_t) (ph32.p_align ? \ - elf_getu32(swap, ph32.p_align) : 4) \ -- : (off_t) (ph64.p_align ? \ -+ : (zend_off_t) (ph64.p_align ? \ - elf_getu64(swap, ph64.p_align) : 4))) - #define xph_filesz (size_t)((clazz == ELFCLASS32 \ - ? elf_getu32(swap, ph32.p_filesz) \ -@@ -287,12 +293,12 @@ - #define FLAGS_IS_CORE 0x10 - - private int --dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, -- int num, size_t size, off_t fsize, int *flags) -+dophn_core(struct magic_set *ms, int clazz, int swap, int fd, zend_off_t off, -+ int num, size_t size, zend_off_t fsize, int *flags) - { - Elf32_Phdr ph32; - Elf64_Phdr ph64; -- size_t offset, len; -+ size_t offset; - unsigned char nbuf[BUFSIZ]; - ssize_t bufsize; - -@@ -306,7 +312,11 @@ - * Loop through all the program headers. - */ - for ( ; num; num--) { -- if (pread(fd, xph_addr, xph_sizeof, off) == -1) { -+ if (FINFO_LSEEK_FUNC(fd, off, SEEK_SET) == (zend_off_t)-1) { -+ file_badseek(ms); -+ return -1; -+ } -+ if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) { - file_badread(ms); - return -1; - } -@@ -324,8 +334,13 @@ - * This is a PT_NOTE section; loop through all the notes - * in the section. - */ -- len = xph_filesz < sizeof(nbuf) ? xph_filesz : sizeof(nbuf); -- if ((bufsize = pread(fd, nbuf, len, xph_offset)) == -1) { -+ if (FINFO_LSEEK_FUNC(fd, xph_offset, SEEK_SET) == (zend_off_t)-1) { -+ file_badseek(ms); -+ return -1; -+ } -+ bufsize = FINFO_READ_FUNC(fd, nbuf, -+ ((xph_filesz < sizeof(nbuf)) ? xph_filesz : sizeof(nbuf))); -+ if (bufsize == -1) { - file_badread(ms); - return -1; - } -@@ -477,6 +492,13 @@ - uint32_t namesz, descsz; - unsigned char *nbuf = CAST(unsigned char *, vbuf); - -+ if (xnh_sizeof + offset > size) { -+ /* -+ * We're out of note headers. -+ */ -+ return xnh_sizeof + offset; -+ } -+ - (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); - offset += xnh_sizeof; - -@@ -902,7 +924,7 @@ - Elf64_Shdr sh64; - int stripped = 1; - void *nbuf; -- off_t noff, coff, name_off; -+ zend_off_t noff, coff, name_off; - uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ - uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilites */ - char name[50]; -@@ -913,24 +935,12 @@ - return 0; - } - -- /* Read offset of name section to be able to read section names later */ -- if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) { -- file_badread(ms); -- return -1; -- } -- name_off = xsh_offset; -- - for ( ; num; num--) { -- /* Read the name of this section. */ -- if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) { -- file_badread(ms); -+ if (FINFO_LSEEK_FUNC(fd, off, SEEK_SET) == (zend_off_t)-1) { -+ file_badseek(ms); - return -1; - } -- name[sizeof(name) - 1] = '\0'; -- if (strcmp(name, ".debug_info") == 0) -- stripped = 0; -- -- if (pread(fd, xsh_addr, xsh_sizeof, off) == -1) { -+ if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) == -1) { - file_badread(ms); - return -1; - } -@@ -955,41 +965,35 @@ - /* Things we can determine when we seek */ - switch (xsh_type) { - case SHT_NOTE: -- if ((nbuf = malloc(xsh_size)) == NULL) { -- file_error(ms, errno, "Cannot allocate memory" -- " for note"); -+ nbuf = emalloc((size_t)xsh_size); -+ if ((noff = FINFO_LSEEK_FUNC(fd, (zend_off_t)xsh_offset, SEEK_SET)) == -+ (zend_off_t)-1) { -+ file_badread(ms); -+ efree(nbuf); - return -1; - } -- if (pread(fd, nbuf, xsh_size, xsh_offset) == -1) { -+ if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) != -+ (ssize_t)xsh_size) { - file_badread(ms); -- free(nbuf); -+ efree(nbuf); - return -1; - } - - noff = 0; - for (;;) { -- if (noff >= (off_t)xsh_size) -+ if (noff >= (zend_off_t)xsh_size) - break; - noff = donote(ms, nbuf, (size_t)noff, -- xsh_size, clazz, swap, 4, flags); -+ (size_t)xsh_size, clazz, swap, 4, -+ flags); - if (noff == 0) - break; - } -- free(nbuf); -+ efree(nbuf); - break; - case SHT_SUNW_cap: -- switch (mach) { -- case EM_SPARC: -- case EM_SPARCV9: -- case EM_IA_64: -- case EM_386: -- case EM_AMD64: -- break; -- default: -- goto skip; -- } -- -- if (lseek(fd, xsh_offset, SEEK_SET) == (off_t)-1) { -+ if (FINFO_LSEEK_FUNC(fd, (zend_off_t)xsh_offset, SEEK_SET) == -+ (zend_off_t)-1) { - file_badseek(ms); - return -1; - } -@@ -999,9 +1003,9 @@ - Elf64_Cap cap64; - char cbuf[/*CONSTCOND*/ - MAX(sizeof cap32, sizeof cap64)]; -- if ((coff += xcap_sizeof) > (off_t)xsh_size) -+ if ((coff += xcap_sizeof) > (zend_off_t)xsh_size) - break; -- if (read(fd, cbuf, (size_t)xcap_sizeof) != -+ if (FINFO_READ_FUNC(fd, cbuf, (size_t)xcap_sizeof) != - (ssize_t)xcap_sizeof) { - file_badread(ms); - return -1; -@@ -1027,13 +1031,12 @@ - break; - } - } -- /*FALLTHROUGH*/ -- skip: -+ break; -+ - default: - break; - } - } -- - if (file_printf(ms, ", %sstripped", stripped ? "" : "not ") == -1) - return -1; - if (cap_hw1) { -@@ -1103,8 +1106,8 @@ - * otherwise it's statically linked. - */ - private int --dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, -- int num, size_t size, off_t fsize, int *flags, int sh_num) -+dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, zend_off_t off, -+ int num, size_t size, zend_off_t fsize, int *flags, int sh_num) - { - Elf32_Phdr ph32; - Elf64_Phdr ph64; -@@ -1112,7 +1115,7 @@ - const char *shared_libraries = ""; - unsigned char nbuf[BUFSIZ]; - ssize_t bufsize; -- size_t offset, align, len; -+ size_t offset, align; - - if (size != xph_sizeof) { - if (file_printf(ms, ", corrupted program header size") == -1) -@@ -1121,8 +1124,13 @@ - } - - for ( ; num; num--) { -- if (pread(fd, xph_addr, xph_sizeof, off) == -1) { -- file_badread(ms); -+ if (FINFO_LSEEK_FUNC(fd, off, SEEK_SET) == (zend_off_t)-1) { -+ file_badseek(ms); -+ return -1; -+ } -+ -+ if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) { -+ file_badread(ms); - return -1; - } - -@@ -1160,9 +1168,12 @@ - * This is a PT_NOTE section; loop through all the notes - * in the section. - */ -- len = xph_filesz < sizeof(nbuf) ? xph_filesz -- : sizeof(nbuf); -- bufsize = pread(fd, nbuf, len, xph_offset); -+ if (FINFO_LSEEK_FUNC(fd, xph_offset, SEEK_SET) == (zend_off_t)-1) { -+ file_badseek(ms); -+ return -1; -+ } -+ bufsize = FINFO_READ_FUNC(fd, nbuf, ((xph_filesz < sizeof(nbuf)) ? -+ xph_filesz : sizeof(nbuf))); - if (bufsize == -1) { - file_badread(ms); - return -1; -@@ -1200,7 +1211,7 @@ - int clazz; - int swap; - struct stat st; -- off_t fsize; -+ zend_off_t fsize; - int flags = 0; - Elf32_Ehdr elf32hdr; - Elf64_Ehdr elf64hdr; -@@ -1223,7 +1234,7 @@ - /* - * If we cannot seek, it must be a pipe, socket or fifo. - */ -- if((lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) && (errno == ESPIPE)) -+ if((FINFO_LSEEK_FUNC(fd, (zend_off_t)0, SEEK_SET) == (zend_off_t)-1) && (errno == ESPIPE)) - fd = file_pipe2file(ms, fd, buf, nbytes); - - if (fstat(fd, &st) == -1) { -diff -u libmagic.orig/readelf.h libmagic/readelf.h ---- libmagic.orig/readelf.h Tue Nov 5 16:41:56 2013 -+++ libmagic/readelf.h Wed Aug 27 12:35:45 2014 -@@ -44,9 +44,17 @@ - typedef uint32_t Elf32_Word; - typedef uint8_t Elf32_Char; - -+#if SIZEOF_LONG_LONG != 8 -+#define USE_ARRAY_FOR_64BIT_TYPES -+typedef uint32_t Elf64_Addr[2]; -+typedef uint32_t Elf64_Off[2]; -+typedef uint32_t Elf64_Xword[2]; -+#else -+#undef USE_ARRAY_FOR_64BIT_TYPES - typedef uint64_t Elf64_Addr; - typedef uint64_t Elf64_Off; - typedef uint64_t Elf64_Xword; -+#endif - typedef uint16_t Elf64_Half; - typedef uint32_t Elf64_Word; - typedef uint8_t Elf64_Char; diff -u libmagic.orig/softmagic.c libmagic/softmagic.c --- libmagic.orig/softmagic.c Thu Feb 13 00:20:53 2014 +++ libmagic/softmagic.c Fri Sep 19 16:29:55 2014 @@ -3879,3 +3544,16 @@ diff -u libmagic.orig/strcasestr.c libmagic/strcasestr.c #include <assert.h> #include <ctype.h> #include <string.h> +diff --git libmagic/file.h libmagic/file.h +index 0a5c19c..2b2405f 100644 +--- libmagic/file.h ++++ libmagic/file.h +@@ -419,8 +419,6 @@ protected int file_pipe2file(struct magic_set *, int, const void *, size_t); + protected int file_replace(struct magic_set *, const char *, const char *); + protected int file_printf(struct magic_set *, const char *, ...); + protected int file_reset(struct magic_set *); +-protected int file_tryelf(struct magic_set *, int, const unsigned char *, +- size_t); + protected int file_trycdf(struct magic_set *, int, const unsigned char *, + size_t); + #ifdef PHP_FILEINFO_UNCOMPRESS diff --git a/ext/fileinfo/libmagic/file.h b/ext/fileinfo/libmagic/file.h index 0a5c19c54c..2b2405ffd3 100644 --- a/ext/fileinfo/libmagic/file.h +++ b/ext/fileinfo/libmagic/file.h @@ -419,8 +419,6 @@ protected int file_pipe2file(struct magic_set *, int, const void *, size_t); protected int file_replace(struct magic_set *, const char *, const char *); protected int file_printf(struct magic_set *, const char *, ...); protected int file_reset(struct magic_set *); -protected int file_tryelf(struct magic_set *, int, const unsigned char *, - size_t); protected int file_trycdf(struct magic_set *, int, const unsigned char *, size_t); #ifdef PHP_FILEINFO_UNCOMPRESS diff --git a/ext/fileinfo/libmagic/readelf.c b/ext/fileinfo/libmagic/readelf.c deleted file mode 100644 index a849c1a098..0000000000 --- a/ext/fileinfo/libmagic/readelf.c +++ /dev/null @@ -1,1268 +0,0 @@ -/* - * Copyright (c) Christos Zoulas 2003. - * All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -#include "file.h" - -#ifndef lint -FILE_RCSID("@(#)$File: readelf.c,v 1.99 2013/11/05 15:44:01 christos Exp $") -#endif - -#ifdef BUILTIN_ELF -#include <string.h> -#include <ctype.h> -#include <stdlib.h> -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#include "readelf.h" -#include "magic.h" - -#ifdef ELFCORE -private int dophn_core(struct magic_set *, int, int, int, zend_off_t, int, size_t, - zend_off_t, int *); -#endif -private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t, - zend_off_t, int *, int); -private int doshn(struct magic_set *, int, int, int, off_t, int, size_t, - zend_off_t, int *, int); -private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int, - int, size_t, int *); - -#define ELF_ALIGN(a) ((((a) + align - 1) / align) * align) - -#define isquote(c) (strchr("'\"`", (c)) != NULL) - -private uint16_t getu16(int, uint16_t); -private uint32_t getu32(int, uint32_t); -private uint64_t getu64(int, uint64_t); - -private uint16_t -getu16(int swap, uint16_t value) -{ - union { - uint16_t ui; - char c[2]; - } retval, tmpval; - - if (swap) { - tmpval.ui = value; - - retval.c[0] = tmpval.c[1]; - retval.c[1] = tmpval.c[0]; - - return retval.ui; - } else - return value; -} - -private uint32_t -getu32(int swap, uint32_t value) -{ - union { - uint32_t ui; - char c[4]; - } retval, tmpval; - - if (swap) { - tmpval.ui = value; - - retval.c[0] = tmpval.c[3]; - retval.c[1] = tmpval.c[2]; - retval.c[2] = tmpval.c[1]; - retval.c[3] = tmpval.c[0]; - - return retval.ui; - } else - return value; -} - -private uint64_t -getu64(int swap, uint64_t value) -{ - union { - uint64_t ui; - char c[8]; - } retval, tmpval; - - if (swap) { - tmpval.ui = value; - - retval.c[0] = tmpval.c[7]; - retval.c[1] = tmpval.c[6]; - retval.c[2] = tmpval.c[5]; - retval.c[3] = tmpval.c[4]; - retval.c[4] = tmpval.c[3]; - retval.c[5] = tmpval.c[2]; - retval.c[6] = tmpval.c[1]; - retval.c[7] = tmpval.c[0]; - - return retval.ui; - } else - return value; -} - -#define elf_getu16(swap, value) getu16(swap, value) -#define elf_getu32(swap, value) getu32(swap, value) -#ifdef USE_ARRAY_FOR_64BIT_TYPES -# define elf_getu64(swap, array) \ - ((swap ? ((uint64_t)elf_getu32(swap, array[0])) << 32 : elf_getu32(swap, array[0])) + \ - (swap ? elf_getu32(swap, array[1]) : ((uint64_t)elf_getu32(swap, array[1]) << 32))) -#else -# define elf_getu64(swap, value) getu64(swap, value) -#endif - -#define xsh_addr (clazz == ELFCLASS32 \ - ? (void *)&sh32 \ - : (void *)&sh64) -#define xsh_sizeof (clazz == ELFCLASS32 \ - ? sizeof(sh32) \ - : sizeof(sh64)) -#define xsh_size (size_t)(clazz == ELFCLASS32 \ - ? elf_getu32(swap, sh32.sh_size) \ - : elf_getu64(swap, sh64.sh_size)) -#define xsh_offset (zend_off_t)(clazz == ELFCLASS32 \ - ? elf_getu32(swap, sh32.sh_offset) \ - : elf_getu64(swap, sh64.sh_offset)) -#define xsh_type (clazz == ELFCLASS32 \ - ? elf_getu32(swap, sh32.sh_type) \ - : elf_getu32(swap, sh64.sh_type)) -#define xsh_name (clazz == ELFCLASS32 \ - ? elf_getu32(swap, sh32.sh_name) \ - : elf_getu32(swap, sh64.sh_name)) -#define xph_addr (clazz == ELFCLASS32 \ - ? (void *) &ph32 \ - : (void *) &ph64) -#define xph_sizeof (clazz == ELFCLASS32 \ - ? sizeof(ph32) \ - : sizeof(ph64)) -#define xph_type (clazz == ELFCLASS32 \ - ? elf_getu32(swap, ph32.p_type) \ - : elf_getu32(swap, ph64.p_type)) -#define xph_offset (zend_off_t)(clazz == ELFCLASS32 \ - ? elf_getu32(swap, ph32.p_offset) \ - : elf_getu64(swap, ph64.p_offset)) -#define xph_align (size_t)((clazz == ELFCLASS32 \ - ? (zend_off_t) (ph32.p_align ? \ - elf_getu32(swap, ph32.p_align) : 4) \ - : (zend_off_t) (ph64.p_align ? \ - elf_getu64(swap, ph64.p_align) : 4))) -#define xph_filesz (size_t)((clazz == ELFCLASS32 \ - ? elf_getu32(swap, ph32.p_filesz) \ - : elf_getu64(swap, ph64.p_filesz))) -#define xnh_addr (clazz == ELFCLASS32 \ - ? (void *)&nh32 \ - : (void *)&nh64) -#define xph_memsz (size_t)((clazz == ELFCLASS32 \ - ? elf_getu32(swap, ph32.p_memsz) \ - : elf_getu64(swap, ph64.p_memsz))) -#define xnh_sizeof (clazz == ELFCLASS32 \ - ? sizeof nh32 \ - : sizeof nh64) -#define xnh_type (clazz == ELFCLASS32 \ - ? elf_getu32(swap, nh32.n_type) \ - : elf_getu32(swap, nh64.n_type)) -#define xnh_namesz (clazz == ELFCLASS32 \ - ? elf_getu32(swap, nh32.n_namesz) \ - : elf_getu32(swap, nh64.n_namesz)) -#define xnh_descsz (clazz == ELFCLASS32 \ - ? elf_getu32(swap, nh32.n_descsz) \ - : elf_getu32(swap, nh64.n_descsz)) -#define prpsoffsets(i) (clazz == ELFCLASS32 \ - ? prpsoffsets32[i] \ - : prpsoffsets64[i]) -#define xcap_addr (clazz == ELFCLASS32 \ - ? (void *)&cap32 \ - : (void *)&cap64) -#define xcap_sizeof (clazz == ELFCLASS32 \ - ? sizeof cap32 \ - : sizeof cap64) -#define xcap_tag (clazz == ELFCLASS32 \ - ? elf_getu32(swap, cap32.c_tag) \ - : elf_getu64(swap, cap64.c_tag)) -#define xcap_val (clazz == ELFCLASS32 \ - ? elf_getu32(swap, cap32.c_un.c_val) \ - : elf_getu64(swap, cap64.c_un.c_val)) - -#ifdef ELFCORE -/* - * Try larger offsets first to avoid false matches - * from earlier data that happen to look like strings. - */ -static const size_t prpsoffsets32[] = { -#ifdef USE_NT_PSINFO - 104, /* SunOS 5.x (command line) */ - 88, /* SunOS 5.x (short name) */ -#endif /* USE_NT_PSINFO */ - - 100, /* SunOS 5.x (command line) */ - 84, /* SunOS 5.x (short name) */ - - 44, /* Linux (command line) */ - 28, /* Linux 2.0.36 (short name) */ - - 8, /* FreeBSD */ -}; - -static const size_t prpsoffsets64[] = { -#ifdef USE_NT_PSINFO - 152, /* SunOS 5.x (command line) */ - 136, /* SunOS 5.x (short name) */ -#endif /* USE_NT_PSINFO */ - - 136, /* SunOS 5.x, 64-bit (command line) */ - 120, /* SunOS 5.x, 64-bit (short name) */ - - 56, /* Linux (command line) */ - 40, /* Linux (tested on core from 2.4.x, short name) */ - - 16, /* FreeBSD, 64-bit */ -}; - -#define NOFFSETS32 (sizeof prpsoffsets32 / sizeof prpsoffsets32[0]) -#define NOFFSETS64 (sizeof prpsoffsets64 / sizeof prpsoffsets64[0]) - -#define NOFFSETS (clazz == ELFCLASS32 ? NOFFSETS32 : NOFFSETS64) - -/* - * Look through the program headers of an executable image, searching - * for a PT_NOTE section of type NT_PRPSINFO, with a name "CORE" or - * "FreeBSD"; if one is found, try looking in various places in its - * contents for a 16-character string containing only printable - * characters - if found, that string should be the name of the program - * that dropped core. Note: right after that 16-character string is, - * at least in SunOS 5.x (and possibly other SVR4-flavored systems) and - * Linux, a longer string (80 characters, in 5.x, probably other - * SVR4-flavored systems, and Linux) containing the start of the - * command line for that program. - * - * SunOS 5.x core files contain two PT_NOTE sections, with the types - * NT_PRPSINFO (old) and NT_PSINFO (new). These structs contain the - * same info about the command name and command line, so it probably - * isn't worthwhile to look for NT_PSINFO, but the offsets are provided - * above (see USE_NT_PSINFO), in case we ever decide to do so. The - * NT_PRPSINFO and NT_PSINFO sections are always in order and adjacent; - * the SunOS 5.x file command relies on this (and prefers the latter). - * - * The signal number probably appears in a section of type NT_PRSTATUS, - * but that's also rather OS-dependent, in ways that are harder to - * dissect with heuristics, so I'm not bothering with the signal number. - * (I suppose the signal number could be of interest in situations where - * you don't have the binary of the program that dropped core; if you - * *do* have that binary, the debugger will probably tell you what - * signal it was.) - */ - -#define OS_STYLE_SVR4 0 -#define OS_STYLE_FREEBSD 1 -#define OS_STYLE_NETBSD 2 - -private const char os_style_names[][8] = { - "SVR4", - "FreeBSD", - "NetBSD", -}; - -#define FLAGS_DID_CORE 0x01 -#define FLAGS_DID_NOTE 0x02 -#define FLAGS_DID_BUILD_ID 0x04 -#define FLAGS_DID_CORE_STYLE 0x08 -#define FLAGS_IS_CORE 0x10 - -private int -dophn_core(struct magic_set *ms, int clazz, int swap, int fd, zend_off_t off, - int num, size_t size, zend_off_t fsize, int *flags) -{ - Elf32_Phdr ph32; - Elf64_Phdr ph64; - size_t offset; - unsigned char nbuf[BUFSIZ]; - ssize_t bufsize; - - if (size != xph_sizeof) { - if (file_printf(ms, ", corrupted program header size") == -1) - return -1; - return 0; - } - - /* - * Loop through all the program headers. - */ - for ( ; num; num--) { - if (FINFO_LSEEK_FUNC(fd, off, SEEK_SET) == (zend_off_t)-1) { - file_badseek(ms); - return -1; - } - if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) { - file_badread(ms); - return -1; - } - off += size; - - if (xph_offset > fsize) { - /* Perhaps warn here */ - continue; - } - - if (xph_type != PT_NOTE) - continue; - - /* - * This is a PT_NOTE section; loop through all the notes - * in the section. - */ - if (FINFO_LSEEK_FUNC(fd, xph_offset, SEEK_SET) == (zend_off_t)-1) { - file_badseek(ms); - return -1; - } - bufsize = FINFO_READ_FUNC(fd, nbuf, - ((xph_filesz < sizeof(nbuf)) ? xph_filesz : sizeof(nbuf))); - if (bufsize == -1) { - file_badread(ms); - return -1; - } - offset = 0; - for (;;) { - if (offset >= (size_t)bufsize) - break; - offset = donote(ms, nbuf, offset, (size_t)bufsize, - clazz, swap, 4, flags); - if (offset == 0) - break; - - } - } - return 0; -} -#endif - -static void -do_note_netbsd_version(struct magic_set *ms, int swap, void *v) -{ - uint32_t desc; - (void)memcpy(&desc, v, sizeof(desc)); - desc = elf_getu32(swap, desc); - - if (file_printf(ms, ", for NetBSD") == -1) - return; - /* - * The version number used to be stuck as 199905, and was thus - * basically content-free. Newer versions of NetBSD have fixed - * this and now use the encoding of __NetBSD_Version__: - * - * MMmmrrpp00 - * - * M = major version - * m = minor version - * r = release ["",A-Z,Z[A-Z] but numeric] - * p = patchlevel - */ - if (desc > 100000000U) { - uint32_t ver_patch = (desc / 100) % 100; - uint32_t ver_rel = (desc / 10000) % 100; - uint32_t ver_min = (desc / 1000000) % 100; - uint32_t ver_maj = desc / 100000000; - - if (file_printf(ms, " %u.%u", ver_maj, ver_min) == -1) - return; - if (ver_rel == 0 && ver_patch != 0) { - if (file_printf(ms, ".%u", ver_patch) == -1) - return; - } else if (ver_rel != 0) { - while (ver_rel > 26) { - if (file_printf(ms, "Z") == -1) - return; - ver_rel -= 26; - } - if (file_printf(ms, "%c", 'A' + ver_rel - 1) - == -1) - return; - } - } -} - -static void -do_note_freebsd_version(struct magic_set *ms, int swap, void *v) -{ - uint32_t desc; - - (void)memcpy(&desc, v, sizeof(desc)); - desc = elf_getu32(swap, desc); - if (file_printf(ms, ", for FreeBSD") == -1) - return; - - /* - * Contents is __FreeBSD_version, whose relation to OS - * versions is defined by a huge table in the Porter's - * Handbook. This is the general scheme: - * - * Releases: - * Mmp000 (before 4.10) - * Mmi0p0 (before 5.0) - * Mmm0p0 - * - * Development branches: - * Mmpxxx (before 4.6) - * Mmp1xx (before 4.10) - * Mmi1xx (before 5.0) - * M000xx (pre-M.0) - * Mmm1xx - * - * M = major version - * m = minor version - * i = minor version increment (491000 -> 4.10) - * p = patchlevel - * x = revision - * - * The first release of FreeBSD to use ELF by default - * was version 3.0. - */ - if (desc == 460002) { - if (file_printf(ms, " 4.6.2") == -1) - return; - } else if (desc < 460100) { - if (file_printf(ms, " %d.%d", desc / 100000, - desc / 10000 % 10) == -1) - return; - if (desc / 1000 % 10 > 0) - if (file_printf(ms, ".%d", desc / 1000 % 10) == -1) - return; - if ((desc % 1000 > 0) || (desc % 100000 == 0)) - if (file_printf(ms, " (%d)", desc) == -1) - return; - } else if (desc < 500000) { - if (file_printf(ms, " %d.%d", desc / 100000, - desc / 10000 % 10 + desc / 1000 % 10) == -1) - return; - if (desc / 100 % 10 > 0) { - if (file_printf(ms, " (%d)", desc) == -1) - return; - } else if (desc / 10 % 10 > 0) { - if (file_printf(ms, ".%d", desc / 10 % 10) == -1) - return; - } - } else { - if (file_printf(ms, " %d.%d", desc / 100000, - desc / 1000 % 100) == -1) - return; - if ((desc / 100 % 10 > 0) || - (desc % 100000 / 100 == 0)) { - if (file_printf(ms, " (%d)", desc) == -1) - return; - } else if (desc / 10 % 10 > 0) { - if (file_printf(ms, ".%d", desc / 10 % 10) == -1) - return; - } - } -} - -private size_t -donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, - int clazz, int swap, size_t align, int *flags) -{ - Elf32_Nhdr nh32; - Elf64_Nhdr nh64; - size_t noff, doff; -#ifdef ELFCORE - int os_style = -1; -#endif - uint32_t namesz, descsz; - unsigned char *nbuf = CAST(unsigned char *, vbuf); - - if (xnh_sizeof + offset > size) { - /* - * We're out of note headers. - */ - return xnh_sizeof + offset; - } - - (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); - offset += xnh_sizeof; - - namesz = xnh_namesz; - descsz = xnh_descsz; - if ((namesz == 0) && (descsz == 0)) { - /* - * We're out of note headers. - */ - return (offset >= size) ? offset : size; - } - - if (namesz & 0x80000000) { - (void)file_printf(ms, ", bad note name size 0x%lx", - (unsigned long)namesz); - return offset; - } - - if (descsz & 0x80000000) { - (void)file_printf(ms, ", bad note description size 0x%lx", - (unsigned long)descsz); - return offset; - } - - - noff = offset; - doff = ELF_ALIGN(offset + namesz); - - if (offset + namesz > size) { - /* - * We're past the end of the buffer. - */ - return doff; - } - - offset = ELF_ALIGN(doff + descsz); - if (doff + descsz > size) { - /* - * We're past the end of the buffer. - */ - return (offset >= size) ? offset : size; - } - - if ((*flags & (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID)) == - (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID)) - goto core; - - if (namesz == 5 && strcmp((char *)&nbuf[noff], "SuSE") == 0 && - xnh_type == NT_GNU_VERSION && descsz == 2) { - file_printf(ms, ", for SuSE %d.%d", nbuf[doff], nbuf[doff + 1]); - } - if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && - xnh_type == NT_GNU_VERSION && descsz == 16) { - uint32_t desc[4]; - (void)memcpy(desc, &nbuf[doff], sizeof(desc)); - - if (file_printf(ms, ", for GNU/") == -1) - return size; - switch (elf_getu32(swap, desc[0])) { - case GNU_OS_LINUX: - if (file_printf(ms, "Linux") == -1) - return size; - break; - case GNU_OS_HURD: - if (file_printf(ms, "Hurd") == -1) - return size; - break; - case GNU_OS_SOLARIS: - if (file_printf(ms, "Solaris") == -1) - return size; - break; - case GNU_OS_KFREEBSD: - if (file_printf(ms, "kFreeBSD") == -1) - return size; - break; - case GNU_OS_KNETBSD: - if (file_printf(ms, "kNetBSD") == -1) - return size; - break; - default: - if (file_printf(ms, "<unknown>") == -1) - return size; - } - if (file_printf(ms, " %d.%d.%d", elf_getu32(swap, desc[1]), - elf_getu32(swap, desc[2]), elf_getu32(swap, desc[3])) == -1) - return size; - *flags |= FLAGS_DID_NOTE; - return size; - } - - if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && - xnh_type == NT_GNU_BUILD_ID && (descsz == 16 || descsz == 20)) { - uint8_t desc[20]; - uint32_t i; - if (file_printf(ms, ", BuildID[%s]=", descsz == 16 ? "md5/uuid" : - "sha1") == -1) - return size; - (void)memcpy(desc, &nbuf[doff], descsz); - for (i = 0; i < descsz; i++) - if (file_printf(ms, "%02x", desc[i]) == -1) - return size; - *flags |= FLAGS_DID_BUILD_ID; - } - - if (namesz == 4 && strcmp((char *)&nbuf[noff], "PaX") == 0 && - xnh_type == NT_NETBSD_PAX && descsz == 4) { - static const char *pax[] = { - "+mprotect", - "-mprotect", - "+segvguard", - "-segvguard", - "+ASLR", - "-ASLR", - }; - uint32_t desc; - size_t i; - int did = 0; - - (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); - desc = elf_getu32(swap, desc); - - if (desc && file_printf(ms, ", PaX: ") == -1) - return size; - - for (i = 0; i < __arraycount(pax); i++) { - if (((1 << i) & desc) == 0) - continue; - if (file_printf(ms, "%s%s", did++ ? "," : "", - pax[i]) == -1) - return size; - } - } - - if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) { - switch (xnh_type) { - case NT_NETBSD_VERSION: - if (descsz == 4) { - do_note_netbsd_version(ms, swap, &nbuf[doff]); - *flags |= FLAGS_DID_NOTE; - return size; - } - break; - case NT_NETBSD_MARCH: - if (file_printf(ms, ", compiled for: %.*s", (int)descsz, - (const char *)&nbuf[doff]) == -1) - return size; - break; - case NT_NETBSD_CMODEL: - if (file_printf(ms, ", compiler model: %.*s", - (int)descsz, (const char *)&nbuf[doff]) == -1) - return size; - break; - default: - if (file_printf(ms, ", note=%u", xnh_type) == -1) - return size; - break; - } - return size; - } - - if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0) { - if (xnh_type == NT_FREEBSD_VERSION && descsz == 4) { - do_note_freebsd_version(ms, swap, &nbuf[doff]); - *flags |= FLAGS_DID_NOTE; - return size; - } - } - - if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 && - xnh_type == NT_OPENBSD_VERSION && descsz == 4) { - if (file_printf(ms, ", for OpenBSD") == -1) - return size; - /* Content of note is always 0 */ - *flags |= FLAGS_DID_NOTE; - return size; - } - - if (namesz == 10 && strcmp((char *)&nbuf[noff], "DragonFly") == 0 && - xnh_type == NT_DRAGONFLY_VERSION && descsz == 4) { - uint32_t desc; - if (file_printf(ms, ", for DragonFly") == -1) - return size; - (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); - desc = elf_getu32(swap, desc); - if (file_printf(ms, " %d.%d.%d", desc / 100000, - desc / 10000 % 10, desc % 10000) == -1) - return size; - *flags |= FLAGS_DID_NOTE; - return size; - } - -core: - /* - * Sigh. The 2.0.36 kernel in Debian 2.1, at - * least, doesn't correctly implement name - * sections, in core dumps, as specified by - * the "Program Linking" section of "UNIX(R) System - * V Release 4 Programmer's Guide: ANSI C and - * Programming Support Tools", because my copy - * clearly says "The first 'namesz' bytes in 'name' - * contain a *null-terminated* [emphasis mine] - * character representation of the entry's owner - * or originator", but the 2.0.36 kernel code - * doesn't include the terminating null in the - * name.... - */ - if ((namesz == 4 && strncmp((char *)&nbuf[noff], "CORE", 4) == 0) || - (namesz == 5 && strcmp((char *)&nbuf[noff], "CORE") == 0)) { - os_style = OS_STYLE_SVR4; - } - - if ((namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0)) { - os_style = OS_STYLE_FREEBSD; - } - - if ((namesz >= 11 && strncmp((char *)&nbuf[noff], "NetBSD-CORE", 11) - == 0)) { - os_style = OS_STYLE_NETBSD; - } - -#ifdef ELFCORE - if ((*flags & FLAGS_DID_CORE) != 0) - return size; - - if (os_style != -1 && (*flags & FLAGS_DID_CORE_STYLE) == 0) { - if (file_printf(ms, ", %s-style", os_style_names[os_style]) - == -1) - return size; - *flags |= FLAGS_DID_CORE_STYLE; - } - - switch (os_style) { - case OS_STYLE_NETBSD: - if (xnh_type == NT_NETBSD_CORE_PROCINFO) { - uint32_t signo; - /* - * Extract the program name. It is at - * offset 0x7c, and is up to 32-bytes, - * including the terminating NUL. - */ - if (file_printf(ms, ", from '%.31s'", - &nbuf[doff + 0x7c]) == -1) - return size; - - /* - * Extract the signal number. It is at - * offset 0x08. - */ - (void)memcpy(&signo, &nbuf[doff + 0x08], - sizeof(signo)); - if (file_printf(ms, " (signal %u)", - elf_getu32(swap, signo)) == -1) - return size; - *flags |= FLAGS_DID_CORE; - return size; - } - break; - - default: - if (xnh_type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) { -/*###709 [cc] warning: declaration of 'i' shadows previous non-variable%%%*/ - size_t i, j; - unsigned char c; - /* - * Extract the program name. We assume - * it to be 16 characters (that's what it - * is in SunOS 5.x and Linux). - * - * Unfortunately, it's at a different offset - * in various OSes, so try multiple offsets. - * If the characters aren't all printable, - * reject it. - */ - for (i = 0; i < NOFFSETS; i++) { - unsigned char *cname, *cp; - size_t reloffset = prpsoffsets(i); - size_t noffset = doff + reloffset; - size_t k; - for (j = 0; j < 16; j++, noffset++, - reloffset++) { - /* - * Make sure we're not past - * the end of the buffer; if - * we are, just give up. - */ - if (noffset >= size) - goto tryanother; - - /* - * Make sure we're not past - * the end of the contents; - * if we are, this obviously - * isn't the right offset. - */ - if (reloffset >= descsz) - goto tryanother; - - c = nbuf[noffset]; - if (c == '\0') { - /* - * A '\0' at the - * beginning is - * obviously wrong. - * Any other '\0' - * means we're done. - */ - if (j == 0) - goto tryanother; - else - break; - } else { - /* - * A nonprintable - * character is also - * wrong. - */ - if (!isprint(c) || isquote(c)) - goto tryanother; - } - } - /* - * Well, that worked. - */ - - /* - * Try next offsets, in case this match is - * in the middle of a string. - */ - for (k = i + 1 ; k < NOFFSETS ; k++) { - size_t no; - int adjust = 1; - if (prpsoffsets(k) >= prpsoffsets(i)) - continue; - for (no = doff + prpsoffsets(k); - no < doff + prpsoffsets(i); no++) - adjust = adjust - && isprint(nbuf[no]); - if (adjust) - i = k; - } - - cname = (unsigned char *) - &nbuf[doff + prpsoffsets(i)]; - for (cp = cname; *cp && isprint(*cp); cp++) - continue; - /* - * Linux apparently appends a space at the end - * of the command line: remove it. - */ - while (cp > cname && isspace(cp[-1])) - cp--; - if (file_printf(ms, ", from '%.*s'", - (int)(cp - cname), cname) == -1) - return size; - *flags |= FLAGS_DID_CORE; - return size; - - tryanother: - ; - } - } - break; - } -#endif - return offset; -} - -/* SunOS 5.x hardware capability descriptions */ -typedef struct cap_desc { - uint64_t cd_mask; - const char *cd_name; -} cap_desc_t; - -static const cap_desc_t cap_desc_sparc[] = { - { AV_SPARC_MUL32, "MUL32" }, - { AV_SPARC_DIV32, "DIV32" }, - { AV_SPARC_FSMULD, "FSMULD" }, - { AV_SPARC_V8PLUS, "V8PLUS" }, - { AV_SPARC_POPC, "POPC" }, - { AV_SPARC_VIS, "VIS" }, - { AV_SPARC_VIS2, "VIS2" }, - { AV_SPARC_ASI_BLK_INIT, "ASI_BLK_INIT" }, - { AV_SPARC_FMAF, "FMAF" }, - { AV_SPARC_FJFMAU, "FJFMAU" }, - { AV_SPARC_IMA, "IMA" }, - { 0, NULL } -}; - -static const cap_desc_t cap_desc_386[] = { - { AV_386_FPU, "FPU" }, - { AV_386_TSC, "TSC" }, - { AV_386_CX8, "CX8" }, - { AV_386_SEP, "SEP" }, - { AV_386_AMD_SYSC, "AMD_SYSC" }, - { AV_386_CMOV, "CMOV" }, - { AV_386_MMX, "MMX" }, - { AV_386_AMD_MMX, "AMD_MMX" }, - { AV_386_AMD_3DNow, "AMD_3DNow" }, - { AV_386_AMD_3DNowx, "AMD_3DNowx" }, - { AV_386_FXSR, "FXSR" }, - { AV_386_SSE, "SSE" }, - { AV_386_SSE2, "SSE2" }, - { AV_386_PAUSE, "PAUSE" }, - { AV_386_SSE3, "SSE3" }, - { AV_386_MON, "MON" }, - { AV_386_CX16, "CX16" }, - { AV_386_AHF, "AHF" }, - { AV_386_TSCP, "TSCP" }, - { AV_386_AMD_SSE4A, "AMD_SSE4A" }, - { AV_386_POPCNT, "POPCNT" }, - { AV_386_AMD_LZCNT, "AMD_LZCNT" }, - { AV_386_SSSE3, "SSSE3" }, - { AV_386_SSE4_1, "SSE4.1" }, - { AV_386_SSE4_2, "SSE4.2" }, - { 0, NULL } -}; - -private int -doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, - size_t size, off_t fsize, int *flags, int mach, int strtab) -{ - Elf32_Shdr sh32; - Elf64_Shdr sh64; - int stripped = 1; - void *nbuf; - zend_off_t noff, coff, name_off; - uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ - uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilites */ - char name[50]; - - if (size != xsh_sizeof) { - if (file_printf(ms, ", corrupted section header size") == -1) - return -1; - return 0; - } - - for ( ; num; num--) { - if (FINFO_LSEEK_FUNC(fd, off, SEEK_SET) == (zend_off_t)-1) { - file_badseek(ms); - return -1; - } - if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) == -1) { - file_badread(ms); - return -1; - } - off += size; - - /* Things we can determine before we seek */ - switch (xsh_type) { - case SHT_SYMTAB: -#if 0 - case SHT_DYNSYM: -#endif - stripped = 0; - break; - default: - if (xsh_offset > fsize) { - /* Perhaps warn here */ - continue; - } - break; - } - - /* Things we can determine when we seek */ - switch (xsh_type) { - case SHT_NOTE: - nbuf = emalloc((size_t)xsh_size); - if ((noff = FINFO_LSEEK_FUNC(fd, (zend_off_t)xsh_offset, SEEK_SET)) == - (zend_off_t)-1) { - file_badread(ms); - efree(nbuf); - return -1; - } - if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) != - (ssize_t)xsh_size) { - file_badread(ms); - efree(nbuf); - return -1; - } - - noff = 0; - for (;;) { - if (noff >= (zend_off_t)xsh_size) - break; - noff = donote(ms, nbuf, (size_t)noff, - (size_t)xsh_size, clazz, swap, 4, - flags); - if (noff == 0) - break; - } - efree(nbuf); - break; - case SHT_SUNW_cap: - if (FINFO_LSEEK_FUNC(fd, (zend_off_t)xsh_offset, SEEK_SET) == - (zend_off_t)-1) { - file_badseek(ms); - return -1; - } - coff = 0; - for (;;) { - Elf32_Cap cap32; - Elf64_Cap cap64; - char cbuf[/*CONSTCOND*/ - MAX(sizeof cap32, sizeof cap64)]; - if ((coff += xcap_sizeof) > (zend_off_t)xsh_size) - break; - if (FINFO_READ_FUNC(fd, cbuf, (size_t)xcap_sizeof) != - (ssize_t)xcap_sizeof) { - file_badread(ms); - return -1; - } - (void)memcpy(xcap_addr, cbuf, xcap_sizeof); - switch (xcap_tag) { - case CA_SUNW_NULL: - break; - case CA_SUNW_HW_1: - cap_hw1 |= xcap_val; - break; - case CA_SUNW_SF_1: - cap_sf1 |= xcap_val; - break; - default: - if (file_printf(ms, - ", with unknown capability " - "0x%" INT64_T_FORMAT "x = 0x%" - INT64_T_FORMAT "x", - (unsigned long long)xcap_tag, - (unsigned long long)xcap_val) == -1) - return -1; - break; - } - } - break; - - default: - break; - } - } - if (file_printf(ms, ", %sstripped", stripped ? "" : "not ") == -1) - return -1; - if (cap_hw1) { - const cap_desc_t *cdp; - switch (mach) { - case EM_SPARC: - case EM_SPARC32PLUS: - case EM_SPARCV9: - cdp = cap_desc_sparc; - break; - case EM_386: - case EM_IA_64: - case EM_AMD64: - cdp = cap_desc_386; - break; - default: - cdp = NULL; - break; - } - if (file_printf(ms, ", uses") == -1) - return -1; - if (cdp) { - while (cdp->cd_name) { - if (cap_hw1 & cdp->cd_mask) { - if (file_printf(ms, - " %s", cdp->cd_name) == -1) - return -1; - cap_hw1 &= ~cdp->cd_mask; - } - ++cdp; - } - if (cap_hw1) - if (file_printf(ms, - " unknown hardware capability 0x%" - INT64_T_FORMAT "x", - (unsigned long long)cap_hw1) == -1) - return -1; - } else { - if (file_printf(ms, - " hardware capability 0x%" INT64_T_FORMAT "x", - (unsigned long long)cap_hw1) == -1) - return -1; - } - } - if (cap_sf1) { - if (cap_sf1 & SF1_SUNW_FPUSED) { - if (file_printf(ms, - (cap_sf1 & SF1_SUNW_FPKNWN) - ? ", uses frame pointer" - : ", not known to use frame pointer") == -1) - return -1; - } - cap_sf1 &= ~SF1_SUNW_MASK; - if (cap_sf1) - if (file_printf(ms, - ", with unknown software capability 0x%" - INT64_T_FORMAT "x", - (unsigned long long)cap_sf1) == -1) - return -1; - } - return 0; -} - -/* - * Look through the program headers of an executable image, searching - * for a PT_INTERP section; if one is found, it's dynamically linked, - * otherwise it's statically linked. - */ -private int -dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, zend_off_t off, - int num, size_t size, zend_off_t fsize, int *flags, int sh_num) -{ - Elf32_Phdr ph32; - Elf64_Phdr ph64; - const char *linking_style = "statically"; - const char *shared_libraries = ""; - unsigned char nbuf[BUFSIZ]; - ssize_t bufsize; - size_t offset, align; - - if (size != xph_sizeof) { - if (file_printf(ms, ", corrupted program header size") == -1) - return -1; - return 0; - } - - for ( ; num; num--) { - if (FINFO_LSEEK_FUNC(fd, off, SEEK_SET) == (zend_off_t)-1) { - file_badseek(ms); - return -1; - } - - if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) { - file_badread(ms); - return -1; - } - - off += size; - - /* Things we can determine before we seek */ - switch (xph_type) { - case PT_DYNAMIC: - linking_style = "dynamically"; - break; - case PT_INTERP: - shared_libraries = " (uses shared libs)"; - break; - default: - if (xph_offset > fsize) { - /* Maybe warn here? */ - continue; - } - break; - } - - /* Things we can determine when we seek */ - switch (xph_type) { - case PT_NOTE: - if ((align = xph_align) & 0x80000000UL) { - if (file_printf(ms, - ", invalid note alignment 0x%lx", - (unsigned long)align) == -1) - return -1; - align = 4; - } - if (sh_num) - break; - /* - * This is a PT_NOTE section; loop through all the notes - * in the section. - */ - if (FINFO_LSEEK_FUNC(fd, xph_offset, SEEK_SET) == (zend_off_t)-1) { - file_badseek(ms); - return -1; - } - bufsize = FINFO_READ_FUNC(fd, nbuf, ((xph_filesz < sizeof(nbuf)) ? - xph_filesz : sizeof(nbuf))); - if (bufsize == -1) { - file_badread(ms); - return -1; - } - offset = 0; - for (;;) { - if (offset >= (size_t)bufsize) - break; - offset = donote(ms, nbuf, offset, - (size_t)bufsize, clazz, swap, align, - flags); - if (offset == 0) - break; - } - break; - default: - break; - } - } - if (file_printf(ms, ", %s linked%s", linking_style, shared_libraries) - == -1) - return -1; - return 0; -} - - -protected int -file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf, - size_t nbytes) -{ - union { - int32_t l; - char c[sizeof (int32_t)]; - } u; - int clazz; - int swap; - struct stat st; - zend_off_t fsize; - int flags = 0; - Elf32_Ehdr elf32hdr; - Elf64_Ehdr elf64hdr; - uint16_t type; - - if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) - return 0; - /* - * ELF executables have multiple section headers in arbitrary - * file locations and thus file(1) cannot determine it from easily. - * Instead we traverse thru all section headers until a symbol table - * one is found or else the binary is stripped. - * Return immediately if it's not ELF (so we avoid pipe2file unless needed). - */ - if (buf[EI_MAG0] != ELFMAG0 - || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1) - || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3) - return 0; - - /* - * If we cannot seek, it must be a pipe, socket or fifo. - */ - if((FINFO_LSEEK_FUNC(fd, (zend_off_t)0, SEEK_SET) == (zend_off_t)-1) && (errno == ESPIPE)) - fd = file_pipe2file(ms, fd, buf, nbytes); - - if (fstat(fd, &st) == -1) { - file_badread(ms); - return -1; - } - fsize = st.st_size; - - clazz = buf[EI_CLASS]; - - switch (clazz) { - case ELFCLASS32: -#undef elf_getu -#define elf_getu(a, b) elf_getu32(a, b) -#undef elfhdr -#define elfhdr elf32hdr -#include "elfclass.h" - case ELFCLASS64: -#undef elf_getu -#define elf_getu(a, b) elf_getu64(a, b) -#undef elfhdr -#define elfhdr elf64hdr -#include "elfclass.h" - default: - if (file_printf(ms, ", unknown class %d", clazz) == -1) - return -1; - break; - } - return 0; -} -#endif diff --git a/ext/fileinfo/libmagic/readelf.h b/ext/fileinfo/libmagic/readelf.h deleted file mode 100644 index 9ada14d188..0000000000 --- a/ext/fileinfo/libmagic/readelf.h +++ /dev/null @@ -1,373 +0,0 @@ -/* - * Copyright (c) Christos Zoulas 2003. - * All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * @(#)Id: readelf.h,v 1.9 2002/05/16 18:45:56 christos Exp - * - * Provide elf data structures for non-elf machines, allowing file - * non-elf hosts to determine if an elf binary is stripped. - * Note: cobbled from the linux header file, with modifications - */ -#ifndef __fake_elf_h__ -#define __fake_elf_h__ - -#if HAVE_STDINT_H -#include <stdint.h> -#endif - -typedef uint32_t Elf32_Addr; -typedef uint32_t Elf32_Off; -typedef uint16_t Elf32_Half; -typedef uint32_t Elf32_Word; -typedef uint8_t Elf32_Char; - -#if SIZEOF_LONG_LONG != 8 -#define USE_ARRAY_FOR_64BIT_TYPES -typedef uint32_t Elf64_Addr[2]; -typedef uint32_t Elf64_Off[2]; -typedef uint32_t Elf64_Xword[2]; -#else -#undef USE_ARRAY_FOR_64BIT_TYPES -typedef uint64_t Elf64_Addr; -typedef uint64_t Elf64_Off; -typedef uint64_t Elf64_Xword; -#endif -typedef uint16_t Elf64_Half; -typedef uint32_t Elf64_Word; -typedef uint8_t Elf64_Char; - -#define EI_NIDENT 16 - -typedef struct { - Elf32_Char e_ident[EI_NIDENT]; - Elf32_Half e_type; - Elf32_Half e_machine; - Elf32_Word e_version; - Elf32_Addr e_entry; /* Entry point */ - Elf32_Off e_phoff; - Elf32_Off e_shoff; - Elf32_Word e_flags; - Elf32_Half e_ehsize; - Elf32_Half e_phentsize; - Elf32_Half e_phnum; - Elf32_Half e_shentsize; - Elf32_Half e_shnum; - Elf32_Half e_shstrndx; -} Elf32_Ehdr; - -typedef struct { - Elf64_Char e_ident[EI_NIDENT]; - Elf64_Half e_type; - Elf64_Half e_machine; - Elf64_Word e_version; - Elf64_Addr e_entry; /* Entry point */ - Elf64_Off e_phoff; - Elf64_Off e_shoff; - Elf64_Word e_flags; - Elf64_Half e_ehsize; - Elf64_Half e_phentsize; - Elf64_Half e_phnum; - Elf64_Half e_shentsize; - Elf64_Half e_shnum; - Elf64_Half e_shstrndx; -} Elf64_Ehdr; - -/* e_type */ -#define ET_REL 1 -#define ET_EXEC 2 -#define ET_DYN 3 -#define ET_CORE 4 - -/* e_machine (used only for SunOS 5.x hardware capabilities) */ -#define EM_SPARC 2 -#define EM_386 3 -#define EM_SPARC32PLUS 18 -#define EM_SPARCV9 43 -#define EM_IA_64 50 -#define EM_AMD64 62 - -/* sh_type */ -#define SHT_SYMTAB 2 -#define SHT_NOTE 7 -#define SHT_DYNSYM 11 -#define SHT_SUNW_cap 0x6ffffff5 /* SunOS 5.x hw/sw capabilites */ - -/* elf type */ -#define ELFDATANONE 0 /* e_ident[EI_DATA] */ -#define ELFDATA2LSB 1 -#define ELFDATA2MSB 2 - -/* elf class */ -#define ELFCLASSNONE 0 -#define ELFCLASS32 1 -#define ELFCLASS64 2 - -/* magic number */ -#define EI_MAG0 0 /* e_ident[] indexes */ -#define EI_MAG1 1 -#define EI_MAG2 2 -#define EI_MAG3 3 -#define EI_CLASS 4 -#define EI_DATA 5 -#define EI_VERSION 6 -#define EI_PAD 7 - -#define ELFMAG0 0x7f /* EI_MAG */ -#define ELFMAG1 'E' -#define ELFMAG2 'L' -#define ELFMAG3 'F' -#define ELFMAG "\177ELF" - -#define OLFMAG1 'O' -#define OLFMAG "\177OLF" - -typedef struct { - Elf32_Word p_type; - Elf32_Off p_offset; - Elf32_Addr p_vaddr; - Elf32_Addr p_paddr; - Elf32_Word p_filesz; - Elf32_Word p_memsz; - Elf32_Word p_flags; - Elf32_Word p_align; -} Elf32_Phdr; - -typedef struct { - Elf64_Word p_type; - Elf64_Word p_flags; - Elf64_Off p_offset; - Elf64_Addr p_vaddr; - Elf64_Addr p_paddr; - Elf64_Xword p_filesz; - Elf64_Xword p_memsz; - Elf64_Xword p_align; -} Elf64_Phdr; - -#define PT_NULL 0 /* p_type */ -#define PT_LOAD 1 -#define PT_DYNAMIC 2 -#define PT_INTERP 3 -#define PT_NOTE 4 -#define PT_SHLIB 5 -#define PT_PHDR 6 -#define PT_NUM 7 - -typedef struct { - Elf32_Word sh_name; - Elf32_Word sh_type; - Elf32_Word sh_flags; - Elf32_Addr sh_addr; - Elf32_Off sh_offset; - Elf32_Word sh_size; - Elf32_Word sh_link; - Elf32_Word sh_info; - Elf32_Word sh_addralign; - Elf32_Word sh_entsize; -} Elf32_Shdr; - -typedef struct { - Elf64_Word sh_name; - Elf64_Word sh_type; - Elf64_Off sh_flags; - Elf64_Addr sh_addr; - Elf64_Off sh_offset; - Elf64_Off sh_size; - Elf64_Word sh_link; - Elf64_Word sh_info; - Elf64_Off sh_addralign; - Elf64_Off sh_entsize; -} Elf64_Shdr; - -#define NT_NETBSD_CORE_PROCINFO 1 - -/* Note header in a PT_NOTE section */ -typedef struct elf_note { - Elf32_Word n_namesz; /* Name size */ - Elf32_Word n_descsz; /* Content size */ - Elf32_Word n_type; /* Content type */ -} Elf32_Nhdr; - -typedef struct { - Elf64_Word n_namesz; - Elf64_Word n_descsz; - Elf64_Word n_type; -} Elf64_Nhdr; - -/* Notes used in ET_CORE */ -#define NT_PRSTATUS 1 -#define NT_PRFPREG 2 -#define NT_PRPSINFO 3 -#define NT_PRXREG 4 -#define NT_TASKSTRUCT 4 -#define NT_PLATFORM 5 -#define NT_AUXV 6 - -/* Note types used in executables */ -/* NetBSD executables (name = "NetBSD") */ -#define NT_NETBSD_VERSION 1 -#define NT_NETBSD_EMULATION 2 -#define NT_FREEBSD_VERSION 1 -#define NT_OPENBSD_VERSION 1 -#define NT_DRAGONFLY_VERSION 1 -/* - * GNU executables (name = "GNU") - * word[0]: GNU OS tags - * word[1]: major version - * word[2]: minor version - * word[3]: tiny version - */ -#define NT_GNU_VERSION 1 - -/* GNU OS tags */ -#define GNU_OS_LINUX 0 -#define GNU_OS_HURD 1 -#define GNU_OS_SOLARIS 2 -#define GNU_OS_KFREEBSD 3 -#define GNU_OS_KNETBSD 4 - -/* - * GNU Hardware capability information - * word[0]: Number of entries - * word[1]: Bitmask of enabled entries - * Followed by a byte id, and a NUL terminated string per entry - */ -#define NT_GNU_HWCAP 2 - -/* - * GNU Build ID generated by ld - * 160 bit SHA1 [default] - * 128 bit md5 or uuid - */ -#define NT_GNU_BUILD_ID 3 - -/* - * NetBSD-specific note type: PaX. - * There should be 1 NOTE per executable. - * name: PaX\0 - * namesz: 4 - * desc: - * word[0]: capability bitmask - * descsz: 4 - */ -#define NT_NETBSD_PAX 3 -#define NT_NETBSD_PAX_MPROTECT 0x01 /* Force enable Mprotect */ -#define NT_NETBSD_PAX_NOMPROTECT 0x02 /* Force disable Mprotect */ -#define NT_NETBSD_PAX_GUARD 0x04 /* Force enable Segvguard */ -#define NT_NETBSD_PAX_NOGUARD 0x08 /* Force disable Servguard */ -#define NT_NETBSD_PAX_ASLR 0x10 /* Force enable ASLR */ -#define NT_NETBSD_PAX_NOASLR 0x20 /* Force disable ASLR */ - -/* - * NetBSD-specific note type: MACHINE_ARCH. - * There should be 1 NOTE per executable. - * name: NetBSD\0 - * namesz: 7 - * desc: string - * descsz: variable - */ -#define NT_NETBSD_MARCH 5 - -/* - * NetBSD-specific note type: COMPILER MODEL. - * There should be 1 NOTE per executable. - * name: NetBSD\0 - * namesz: 7 - * desc: string - * descsz: variable - */ -#define NT_NETBSD_CMODEL 6 - -#if !defined(ELFSIZE) && defined(ARCH_ELFSIZE) -#define ELFSIZE ARCH_ELFSIZE -#endif -/* SunOS 5.x hardware/software capabilities */ -typedef struct { - Elf32_Word c_tag; - union { - Elf32_Word c_val; - Elf32_Addr c_ptr; - } c_un; -} Elf32_Cap; - -typedef struct { - Elf64_Xword c_tag; - union { - Elf64_Xword c_val; - Elf64_Addr c_ptr; - } c_un; -} Elf64_Cap; - -/* SunOS 5.x hardware/software capability tags */ -#define CA_SUNW_NULL 0 -#define CA_SUNW_HW_1 1 -#define CA_SUNW_SF_1 2 - -/* SunOS 5.x software capabilities */ -#define SF1_SUNW_FPKNWN 0x01 -#define SF1_SUNW_FPUSED 0x02 -#define SF1_SUNW_MASK 0x03 - -/* SunOS 5.x hardware capabilities: sparc */ -#define AV_SPARC_MUL32 0x0001 -#define AV_SPARC_DIV32 0x0002 -#define AV_SPARC_FSMULD 0x0004 -#define AV_SPARC_V8PLUS 0x0008 -#define AV_SPARC_POPC 0x0010 -#define AV_SPARC_VIS 0x0020 -#define AV_SPARC_VIS2 0x0040 -#define AV_SPARC_ASI_BLK_INIT 0x0080 -#define AV_SPARC_FMAF 0x0100 -#define AV_SPARC_FJFMAU 0x4000 -#define AV_SPARC_IMA 0x8000 - -/* SunOS 5.x hardware capabilities: 386 */ -#define AV_386_FPU 0x00000001 -#define AV_386_TSC 0x00000002 -#define AV_386_CX8 0x00000004 -#define AV_386_SEP 0x00000008 -#define AV_386_AMD_SYSC 0x00000010 -#define AV_386_CMOV 0x00000020 -#define AV_386_MMX 0x00000040 -#define AV_386_AMD_MMX 0x00000080 -#define AV_386_AMD_3DNow 0x00000100 -#define AV_386_AMD_3DNowx 0x00000200 -#define AV_386_FXSR 0x00000400 -#define AV_386_SSE 0x00000800 -#define AV_386_SSE2 0x00001000 -#define AV_386_PAUSE 0x00002000 -#define AV_386_SSE3 0x00004000 -#define AV_386_MON 0x00008000 -#define AV_386_CX16 0x00010000 -#define AV_386_AHF 0x00020000 -#define AV_386_TSCP 0x00040000 -#define AV_386_AMD_SSE4A 0x00080000 -#define AV_386_POPCNT 0x00100000 -#define AV_386_AMD_LZCNT 0x00200000 -#define AV_386_SSSE3 0x00400000 -#define AV_386_SSE4_1 0x00800000 -#define AV_386_SSE4_2 0x01000000 - -#endif diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 4341bbe5c1..d33cdd5972 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -579,8 +579,11 @@ PHP_FUNCTION(mcrypt_generic_init) if (iv_len != iv_size) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Iv size incorrect; supplied length: %d, needed: %d", iv_len, iv_size); + if (iv_len > iv_size) { + iv_len = iv_size; + } } - memcpy(iv_s, iv, iv_size); + memcpy(iv_s, iv, iv_len); mcrypt_generic_deinit(pm->td); result = mcrypt_generic_init(pm->td, key_s, key_size, iv_s); @@ -601,8 +604,9 @@ PHP_FUNCTION(mcrypt_generic_init) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error"); break; } + } else { + pm->init = 1; } - pm->init = 1; RETVAL_LONG(result); efree(iv_s); diff --git a/ext/standard/tests/serialize/bug68545.phpt b/ext/standard/tests/serialize/bug68545.phpt new file mode 100644 index 0000000000..e7250b37bc --- /dev/null +++ b/ext/standard/tests/serialize/bug68545.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #68545 NULL pointer dereference in unserialize.c:var_push_dtor +--FILE-- +<?php +var_dump(unserialize('a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"b22";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";s:3:"bar";')); +?> +===DONE=== +--EXPECTF-- +Notice: unserialize(): Error at offset %d of %d bytes in %sbug68545.php on line %d +bool(false) +===DONE=== diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index d8b94e75cc..0217bba5fa 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.7.5 */ +/* Generated by re2c 0.13.5 */ #line 1 "ext/standard/var_unserializer.re" /* +----------------------------------------------------------------------+ @@ -66,7 +66,13 @@ static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval) PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval) { - var_dtor_entries *var_hash = (*var_hashx)->last_dtor; + var_dtor_entries *var_hash; + + if (!var_hashx || !*var_hashx) { + return; + } + + var_hash = (*var_hashx)->last_dtor; #if VAR_ENTRIES_DBG fprintf(stderr, "var_push_dtor(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval)); #endif @@ -253,7 +259,7 @@ static inline int unserialize_allowed_class(zend_string *class_name, HashTable * #define YYMARKER marker -#line 261 "ext/standard/var_unserializer.re" +#line 267 "ext/standard/var_unserializer.re" @@ -509,7 +515,7 @@ PHPAPI int php_var_unserialize_ex(UNSERIALIZE_PARAMETER) start = cursor; -#line 513 "ext/standard/var_unserializer.c" +#line 519 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -569,9 +575,9 @@ yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: -#line 860 "ext/standard/var_unserializer.re" +#line 866 "ext/standard/var_unserializer.re" { return 0; } -#line 575 "ext/standard/var_unserializer.c" +#line 581 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; @@ -614,13 +620,13 @@ yy13: goto yy3; yy14: ++YYCURSOR; -#line 854 "ext/standard/var_unserializer.re" +#line 860 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 624 "ext/standard/var_unserializer.c" +#line 630 "ext/standard/var_unserializer.c" yy16: yych = *++YYCURSOR; goto yy3; @@ -646,12 +652,11 @@ yy20: if (yybm[0+yych] & 128) { goto yy20; } - if (yych <= '/') goto yy18; - if (yych >= ';') goto yy18; + if (yych != ':') goto yy18; yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 709 "ext/standard/var_unserializer.re" +#line 715 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; zend_long elements; @@ -796,7 +801,7 @@ yy20: return object_common2(UNSERIALIZE_PASSTHRU, elements); } -#line 800 "ext/standard/var_unserializer.c" +#line 805 "ext/standard/var_unserializer.c" yy25: yych = *++YYCURSOR; if (yych <= ',') { @@ -821,7 +826,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 701 "ext/standard/var_unserializer.re" +#line 707 "ext/standard/var_unserializer.re" { //??? INIT_PZVAL(rval); @@ -829,7 +834,7 @@ yy27: return object_common2(UNSERIALIZE_PASSTHRU, object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } -#line 833 "ext/standard/var_unserializer.c" +#line 838 "ext/standard/var_unserializer.c" yy32: yych = *++YYCURSOR; if (yych == '+') goto yy33; @@ -850,7 +855,7 @@ yy34: yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; -#line 680 "ext/standard/var_unserializer.re" +#line 686 "ext/standard/var_unserializer.re" { zend_long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -871,7 +876,7 @@ yy34: return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 875 "ext/standard/var_unserializer.c" +#line 880 "ext/standard/var_unserializer.c" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; @@ -892,7 +897,7 @@ yy41: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 652 "ext/standard/var_unserializer.re" +#line 658 "ext/standard/var_unserializer.re" { size_t len, maxlen; zend_string *str; @@ -920,7 +925,7 @@ yy41: ZVAL_STR(rval, str); return 1; } -#line 924 "ext/standard/var_unserializer.c" +#line 929 "ext/standard/var_unserializer.c" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; @@ -941,7 +946,7 @@ yy48: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 625 "ext/standard/var_unserializer.re" +#line 631 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -968,7 +973,7 @@ yy48: ZVAL_STRINGL(rval, str, len); return 1; } -#line 972 "ext/standard/var_unserializer.c" +#line 977 "ext/standard/var_unserializer.c" yy53: yych = *++YYCURSOR; if (yych <= '/') { @@ -1056,7 +1061,7 @@ yy61: } yy63: ++YYCURSOR; -#line 616 "ext/standard/var_unserializer.re" +#line 622 "ext/standard/var_unserializer.re" { #if SIZEOF_ZEND_LONG == 4 use_double: @@ -1065,7 +1070,7 @@ use_double: ZVAL_DOUBLE(rval, zend_strtod((const char *)start + 2, NULL)); return 1; } -#line 1069 "ext/standard/var_unserializer.c" +#line 1074 "ext/standard/var_unserializer.c" yy65: yych = *++YYCURSOR; if (yych <= ',') { @@ -1124,7 +1129,7 @@ yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 600 "ext/standard/var_unserializer.re" +#line 606 "ext/standard/var_unserializer.re" { *p = YYCURSOR; @@ -1140,7 +1145,7 @@ yy73: return 1; } -#line 1144 "ext/standard/var_unserializer.c" +#line 1149 "ext/standard/var_unserializer.c" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1167,7 +1172,7 @@ yy79: if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; -#line 574 "ext/standard/var_unserializer.re" +#line 580 "ext/standard/var_unserializer.re" { #if SIZEOF_ZEND_LONG == 4 int digits = YYCURSOR - start - 3; @@ -1193,7 +1198,7 @@ yy79: ZVAL_LONG(rval, parse_iv(start + 2)); return 1; } -#line 1197 "ext/standard/var_unserializer.c" +#line 1202 "ext/standard/var_unserializer.c" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; @@ -1201,22 +1206,22 @@ yy83: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 568 "ext/standard/var_unserializer.re" +#line 574 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_BOOL(rval, parse_iv(start + 2)); return 1; } -#line 1211 "ext/standard/var_unserializer.c" +#line 1216 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; -#line 562 "ext/standard/var_unserializer.re" +#line 568 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_NULL(rval); return 1; } -#line 1220 "ext/standard/var_unserializer.c" +#line 1225 "ext/standard/var_unserializer.c" yy89: yych = *++YYCURSOR; if (yych <= ',') { @@ -1239,7 +1244,7 @@ yy91: if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; -#line 539 "ext/standard/var_unserializer.re" +#line 545 "ext/standard/var_unserializer.re" { zend_long id; @@ -1262,7 +1267,7 @@ yy91: return 1; } -#line 1266 "ext/standard/var_unserializer.c" +#line 1271 "ext/standard/var_unserializer.c" yy95: yych = *++YYCURSOR; if (yych <= ',') { @@ -1285,7 +1290,7 @@ yy97: if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; -#line 517 "ext/standard/var_unserializer.re" +#line 523 "ext/standard/var_unserializer.re" { zend_long id; @@ -1307,9 +1312,9 @@ yy97: return 1; } -#line 1311 "ext/standard/var_unserializer.c" +#line 1316 "ext/standard/var_unserializer.c" } -#line 862 "ext/standard/var_unserializer.re" +#line 868 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 7e0dc314d6..c7871671b6 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -64,7 +64,13 @@ static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval) PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval) { - var_dtor_entries *var_hash = (*var_hashx)->last_dtor; + var_dtor_entries *var_hash; + + if (!var_hashx || !*var_hashx) { + return; + } + + var_hash = (*var_hashx)->last_dtor; #if VAR_ENTRIES_DBG fprintf(stderr, "var_push_dtor(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval)); #endif diff --git a/sapi/fpm/config.m4 b/sapi/fpm/config.m4 index 9c10aa6be2..f87776aa24 100644 --- a/sapi/fpm/config.m4 +++ b/sapi/fpm/config.m4 @@ -583,6 +583,9 @@ if test "$PHP_FPM" != "no"; then PHP_ARG_WITH(fpm-systemd,, [ --with-fpm-systemd Activate systemd integration], no, no) + PHP_ARG_WITH(fpm-acl,, + [ --with-fpm-acl Use POSIX Access Control Lists], no, no) + if test "$PHP_FPM_SYSTEMD" != "no" ; then if test -z "$PKG_CONFIG"; then AC_PATH_PROG(PKG_CONFIG, pkg-config, no) @@ -624,6 +627,17 @@ if test "$PHP_FPM" != "no"; then else php_fpm_systemd=simple fi + + if test "$PHP_FPM_ACL" != "no" ; then + AC_CHECK_HEADERS([sys/acl.h]) + AC_CHECK_LIB(acl, acl_free, [ + PHP_ADD_LIBRARY(acl) + AC_DEFINE(HAVE_FPM_ACL, 1, [ POSIX Access Control List ]) + ],[ + AC_MSG_ERROR(libacl required not found) + ]) + fi + PHP_SUBST_OLD(php_fpm_systemd) AC_DEFINE_UNQUOTED(PHP_FPM_SYSTEMD, "$php_fpm_systemd", [fpm systemd service type]) diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c index d4e46853ff..80bc27c7a7 100644 --- a/sapi/fpm/fpm/fpm_conf.c +++ b/sapi/fpm/fpm/fpm_conf.c @@ -123,6 +123,10 @@ static struct ini_value_parser_s ini_fpm_pool_options[] = { { "group", &fpm_conf_set_string, WPO(group) }, { "listen", &fpm_conf_set_string, WPO(listen_address) }, { "listen.backlog", &fpm_conf_set_integer, WPO(listen_backlog) }, +#ifdef HAVE_FPM_ACL + { "listen.acl_users", &fpm_conf_set_string, WPO(listen_acl_users) }, + { "listen.acl_groups", &fpm_conf_set_string, WPO(listen_acl_groups) }, +#endif { "listen.owner", &fpm_conf_set_string, WPO(listen_owner) }, { "listen.group", &fpm_conf_set_string, WPO(listen_group) }, { "listen.mode", &fpm_conf_set_string, WPO(listen_mode) }, @@ -1602,6 +1606,10 @@ static void fpm_conf_dump() /* {{{ */ zlog(ZLOG_NOTICE, "\tgroup = %s", STR2STR(wp->config->group)); zlog(ZLOG_NOTICE, "\tlisten = %s", STR2STR(wp->config->listen_address)); zlog(ZLOG_NOTICE, "\tlisten.backlog = %d", wp->config->listen_backlog); +#ifdef HAVE_FPM_ACL + zlog(ZLOG_NOTICE, "\tlisten.acl_users = %s", STR2STR(wp->config->listen_acl_users)); + zlog(ZLOG_NOTICE, "\tlisten.acl_groups = %s", STR2STR(wp->config->listen_acl_groups)); +#endif zlog(ZLOG_NOTICE, "\tlisten.owner = %s", STR2STR(wp->config->listen_owner)); zlog(ZLOG_NOTICE, "\tlisten.group = %s", STR2STR(wp->config->listen_group)); zlog(ZLOG_NOTICE, "\tlisten.mode = %s", STR2STR(wp->config->listen_mode)); diff --git a/sapi/fpm/fpm/fpm_conf.h b/sapi/fpm/fpm/fpm_conf.h index 12fabe2805..540b22795d 100644 --- a/sapi/fpm/fpm/fpm_conf.h +++ b/sapi/fpm/fpm/fpm_conf.h @@ -58,6 +58,7 @@ struct fpm_worker_pool_config_s { char *group; char *listen_address; int listen_backlog; + /* Using chown */ char *listen_owner; char *listen_group; char *listen_mode; @@ -91,6 +92,11 @@ struct fpm_worker_pool_config_s { #ifdef HAVE_APPARMOR char *apparmor_hat; #endif +#ifdef HAVE_FPM_ACL + /* Using Posix ACL */ + char *listen_acl_users; + char *listen_acl_groups; +#endif }; struct ini_value_parser_s { diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c index 57707d8f8a..f0d4573483 100644 --- a/sapi/fpm/fpm/fpm_unix.c +++ b/sapi/fpm/fpm/fpm_unix.c @@ -21,6 +21,10 @@ #include <sys/apparmor.h> #endif +#ifdef HAVE_SYS_ACL_H +#include <sys/acl.h> +#endif + #include "fpm.h" #include "fpm_conf.h" #include "fpm_cleanup.h" @@ -35,8 +39,12 @@ size_t fpm_pagesize; int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ { struct fpm_worker_pool_config_s *c = wp->config; +#ifdef HAVE_FPM_ACL + int n; /* uninitialized */ + wp->socket_acl = NULL; +#endif wp->socket_uid = -1; wp->socket_gid = -1; wp->socket_mode = 0660; @@ -45,6 +53,117 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ return 0; } + if (c->listen_mode && *c->listen_mode) { + wp->socket_mode = strtoul(c->listen_mode, 0, 8); + } + +#ifdef HAVE_FPM_ACL + /* count the users and groups configured */ + n = 0; + if (c->listen_acl_users && *c->listen_acl_users) { + char *p; + n++; + for (p=strchr(c->listen_acl_users, ',') ; p ; p=strchr(p+1, ',')) { + n++; + } + } + if (c->listen_acl_groups && *c->listen_acl_groups) { + char *p; + n++; + for (p=strchr(c->listen_acl_groups, ',') ; p ; p=strchr(p+1, ',')) { + n++; + } + } + /* if ACL configured */ + if (n) { + acl_t acl; + acl_entry_t entry; + acl_permset_t perm; + char *tmp, *p, *end; + + acl = acl_init(n); + if (!acl) { + zlog(ZLOG_SYSERROR, "[pool %s] cannot allocate ACL", wp->config->name); + return -1; + } + /* Create USER ACL */ + if (c->listen_acl_users && *c->listen_acl_users) { + struct passwd *pwd; + + tmp = estrdup(c->listen_acl_users); + for (p=tmp ; p ; p=end) { + if ((end = strchr(p, ','))) { + *end++ = 0; + } + pwd = getpwnam(p); + if (pwd) { + zlog(ZLOG_DEBUG, "[pool %s] user '%s' have uid=%d", wp->config->name, p, pwd->pw_uid); + } else { + zlog(ZLOG_SYSERROR, "[pool %s] cannot get uid for user '%s'", wp->config->name, p); + acl_free(acl); + efree(tmp); + return -1; + } + if (0 > acl_create_entry(&acl, &entry) || + 0 > acl_set_tag_type(entry, ACL_USER) || + 0 > acl_set_qualifier(entry, &pwd->pw_uid) || + 0 > acl_get_permset(entry, &perm) || + 0 > acl_clear_perms (perm) || + 0 > acl_add_perm (perm, ACL_READ) || + 0 > acl_add_perm (perm, ACL_WRITE)) { + zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for user '%s'", wp->config->name, p); + acl_free(acl); + efree(tmp); + return -1; + } + } + efree(tmp); + } + /* Create GROUP ACL */ + if (c->listen_acl_groups && *c->listen_acl_groups) { + struct group *grp; + + tmp = estrdup(c->listen_acl_groups); + for (p=tmp ; p ; p=end) { + if ((end = strchr(p, ','))) { + *end++ = 0; + } + grp = getgrnam(p); + if (grp) { + zlog(ZLOG_DEBUG, "[pool %s] group '%s' have gid=%d", wp->config->name, p, grp->gr_gid); + } else { + zlog(ZLOG_SYSERROR, "[pool %s] cannot get gid for group '%s'", wp->config->name, p); + acl_free(acl); + efree(tmp); + return -1; + } + if (0 > acl_create_entry(&acl, &entry) || + 0 > acl_set_tag_type(entry, ACL_GROUP) || + 0 > acl_set_qualifier(entry, &grp->gr_gid) || + 0 > acl_get_permset(entry, &perm) || + 0 > acl_clear_perms (perm) || + 0 > acl_add_perm (perm, ACL_READ) || + 0 > acl_add_perm (perm, ACL_WRITE)) { + zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for group '%s'", wp->config->name, p); + acl_free(acl); + efree(tmp); + return -1; + } + } + efree(tmp); + } + if (c->listen_owner && *c->listen_owner) { + zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.owner = '%s' is ignored", wp->config->name, c->listen_owner); + } + if (c->listen_group && *c->listen_group) { + zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.group = '%s' is ignored", wp->config->name, c->listen_group); + } + wp->socket_acl = acl; + return 0; + } + /* When listen.users and listen.groups not configured, continue with standard right */ +#endif + if (c->listen_owner && *c->listen_owner) { struct passwd *pwd; @@ -69,18 +188,54 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ wp->socket_gid = grp->gr_gid; } - if (c->listen_mode && *c->listen_mode) { - wp->socket_mode = strtoul(c->listen_mode, 0, 8); - } return 0; } /* }}} */ int fpm_unix_set_socket_premissions(struct fpm_worker_pool_s *wp, const char *path) /* {{{ */ { +#ifdef HAVE_FPM_ACL + if (wp->socket_acl) { + acl_t aclfile, aclconf; + acl_entry_t entryfile, entryconf; + int i; + + /* Read the socket ACL */ + aclconf = wp->socket_acl; + aclfile = acl_get_file (path, ACL_TYPE_ACCESS); + if (!aclfile) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to read the ACL of the socket '%s'", wp->config->name, path); + return -1; + } + /* Copy the new ACL entry from config */ + for (i=ACL_FIRST_ENTRY ; acl_get_entry(aclconf, i, &entryconf) ; i=ACL_NEXT_ENTRY) { + if (0 > acl_create_entry (&aclfile, &entryfile) || + 0 > acl_copy_entry(entryfile, entryconf)) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to add entry to the ACL of the socket '%s'", wp->config->name, path); + acl_free(aclfile); + return -1; + } + } + /* Write the socket ACL */ + if (0 > acl_calc_mask (&aclfile) || + 0 > acl_valid (aclfile) || + 0 > acl_set_file (path, ACL_TYPE_ACCESS, aclfile)) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to write the ACL of the socket '%s'", wp->config->name, path); + acl_free(aclfile); + return -1; + } else { + zlog(ZLOG_DEBUG, "[pool %s] ACL of the socket '%s' is set", wp->config->name, path); + } + + acl_free(aclfile); + return 0; + } + /* When listen.users and listen.groups not configured, continue with standard right */ +#endif + if (wp->socket_uid != -1 || wp->socket_gid != -1) { if (0 > chown(path, wp->socket_uid, wp->socket_gid)) { - zlog(ZLOG_SYSERROR, "failed to chown() the socket '%s'", wp->config->listen_address); + zlog(ZLOG_SYSERROR, "[pool %s] failed to chown() the socket '%s'", wp->config->name, wp->config->listen_address); return -1; } } @@ -88,6 +243,17 @@ int fpm_unix_set_socket_premissions(struct fpm_worker_pool_s *wp, const char *pa } /* }}} */ +int fpm_unix_free_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ +{ +#ifdef HAVE_FPM_ACL + if (wp->socket_acl) { + return acl_free(wp->socket_acl); + } +#endif + return 0; +} +/* }}} */ + static int fpm_unix_conf_wp(struct fpm_worker_pool_s *wp) /* {{{ */ { struct passwd *pwd; diff --git a/sapi/fpm/fpm/fpm_unix.h b/sapi/fpm/fpm/fpm_unix.h index b2995ff3e0..a79559f9e6 100644 --- a/sapi/fpm/fpm/fpm_unix.h +++ b/sapi/fpm/fpm/fpm_unix.h @@ -9,6 +9,8 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp); int fpm_unix_set_socket_premissions(struct fpm_worker_pool_s *wp, const char *path); +int fpm_unix_free_socket_premissions(struct fpm_worker_pool_s *wp); + int fpm_unix_init_child(struct fpm_worker_pool_s *wp); int fpm_unix_init_main(); diff --git a/sapi/fpm/fpm/fpm_worker_pool.c b/sapi/fpm/fpm/fpm_worker_pool.c index ebe1866c8a..a0022915cd 100644 --- a/sapi/fpm/fpm/fpm_worker_pool.c +++ b/sapi/fpm/fpm/fpm_worker_pool.c @@ -15,6 +15,7 @@ #include "fpm_shm.h" #include "fpm_scoreboard.h" #include "fpm_conf.h" +#include "fpm_unix.h" struct fpm_worker_pool_s *fpm_worker_all_pools; @@ -29,6 +30,7 @@ void fpm_worker_pool_free(struct fpm_worker_pool_s *wp) /* {{{ */ if (wp->home) { free(wp->home); } + fpm_unix_free_socket_premissions(wp); free(wp); } /* }}} */ diff --git a/sapi/fpm/fpm/fpm_worker_pool.h b/sapi/fpm/fpm/fpm_worker_pool.h index 05c993de4e..6b2bc908dc 100644 --- a/sapi/fpm/fpm/fpm_worker_pool.h +++ b/sapi/fpm/fpm/fpm_worker_pool.h @@ -42,6 +42,10 @@ struct fpm_worker_pool_s { /* for ondemand PM */ struct fpm_event_s *ondemand_event; int socket_event_set; + +#ifdef HAVE_FPM_ACL + void *socket_acl; +#endif }; struct fpm_worker_pool_s *fpm_worker_pool_alloc(); diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in index 850a369002..6f384fb131 100644 --- a/sapi/fpm/php-fpm.conf.in +++ b/sapi/fpm/php-fpm.conf.in @@ -173,6 +173,11 @@ listen = 127.0.0.1:9000 ;listen.owner = @php_fpm_user@ ;listen.group = @php_fpm_group@ ;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a coma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original diff --git a/sapi/fpm/tests/021-uds-acl.phpt b/sapi/fpm/tests/021-uds-acl.phpt new file mode 100644 index 0000000000..f39c526418 --- /dev/null +++ b/sapi/fpm/tests/021-uds-acl.phpt @@ -0,0 +1,89 @@ +--TEST-- +FPM: Test Unix Domain Socket with Posix ACL +--SKIPIF-- +<?php +include "skipif.inc"; +if (!(file_exists('/usr/bin/getfacl') && file_exists('/etc/passwd') && file_exists('/etc/group'))) die ("skip missing getfacl command"); +?> +--XFAIL-- +Mark as XFAIL because --with-fpm-acl is not enabled in default build +--FILE-- +<?php + +include "include.inc"; + +$logfile = dirname(__FILE__).'/php-fpm.log.tmp'; +$socket = dirname(__FILE__).'/php-fpm.sock'; + +// Select 3 users and 2 groups known by system (avoid root) +$users = $groups = []; +$tmp = file('/etc/passwd'); +for ($i=1 ; $i<=3 ; $i++) { + $tab = explode(':', $tmp[$i]); + $users[] = $tab[0]; +} +$users = implode(',', $users); +$tmp = file('/etc/group'); +for ($i=1 ; $i<=2 ; $i++) { + $tab = explode(':', $tmp[$i]); + $groups[] = $tab[0]; +} +$groups = implode(',', $groups); + +$cfg = <<<EOT +[global] +error_log = $logfile +[unconfined] +listen = $socket +listen.acl_users = $users +listen.acl_groups = $groups +listen.mode = 0600 +ping.path = /ping +ping.response = pong +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +EOT; + +$fpm = run_fpm($cfg, $tail); +if (is_resource($fpm)) { + fpm_display_log($tail, 2); + try { + var_dump(strpos(run_request('unix://'.$socket, -1), 'pong')); + echo "UDS ok\n"; + } catch (Exception $e) { + echo "UDS error\n"; + } + passthru("/usr/bin/getfacl -cp $socket"); + + proc_terminate($fpm); + echo stream_get_contents($tail); + fclose($tail); + proc_close($fpm); +} + +?> +--EXPECTF-- +[%s] NOTICE: fpm is running, pid %d +[%s] NOTICE: ready to handle connections +int(%d) +UDS ok +user::rw- +user:%s:rw- +user:%s:rw- +user:%s:rw- +group::--- +group:%s:rw- +group:%s:rw- +mask::rw- +other::--- + +[%s] NOTICE: Terminating ... +[%s] NOTICE: exiting, bye-bye! +--CLEAN-- +<?php + $logfile = dirname(__FILE__).'/php-fpm.log.tmp'; + @unlink($logfile); +?> |