diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-04 09:41:27 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-04 14:23:14 +0200 |
commit | 2e218180efebeac4fe0fe3f36e39fce8fc513468 (patch) | |
tree | 75d028ac345289ff3a0211c146419c50492372c1 /Zend/zend_builtin_functions.c | |
parent | c0d6b05b686767fcf6a858d5c039bee764655590 (diff) | |
download | php-git-2e218180efebeac4fe0fe3f36e39fce8fc513468.tar.gz |
Release call trampolines in zpp fcc
When using zpp 'f' or Z_PARAM_FUNC, if the fcc points to a call
trampoline release it immediately and force zend_call_function
to refetch it. This may require additional callability checks
if __call is used, but avoids the need to carefully free fcc
values in all internal functions -- in some cases this is not
simple, as a type error might be triggered by a later argument
in the same zpp call.
This fixes oss-fuzz #25390.
Closes GH-6073.
Diffstat (limited to 'Zend/zend_builtin_functions.c')
-rw-r--r-- | Zend/zend_builtin_functions.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index 906f0666ed..c3a2a1b63f 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1198,7 +1198,6 @@ ZEND_FUNCTION(set_error_handler) ZVAL_COPY(&EG(user_error_handler), &(fci.function_name)); EG(user_error_handler_error_reporting) = (int)error_type; - zend_release_fcall_info_cache(&fcc); } /* }}} */ @@ -1254,7 +1253,6 @@ ZEND_FUNCTION(set_exception_handler) } ZVAL_COPY(&EG(user_exception_handler), &(fci.function_name)); - zend_release_fcall_info_cache(&fcc); } /* }}} */ |