Release call trampolines in zpp fcc

When using zpp 'f' or Z_PARAM_FUNC, if the fcc points to a call trampoline release it immediately and force zend_call_function to refetch it. This may require additional callability checks if __call is used, but avoids the need to carefully free fcc values in all internal functions -- in some cases this is not simple, as a type error might be triggered by a later argument in the same zpp call. This fixes oss-fuzz #25390. Closes GH-6073.
author: Nikita Popov <nikita.ppv@gmail.com> 2020-09-04 09:41:27 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-09-04 14:23:14 +0200
commit: 2e218180efebeac4fe0fe3f36e39fce8fc513468 (patch)
tree: 75d028ac345289ff3a0211c146419c50492372c1 /Zend/zend_builtin_functions.c
parent: c0d6b05b686767fcf6a858d5c039bee764655590 (diff)
download: php-git-2e218180efebeac4fe0fe3f36e39fce8fc513468.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index 906f0666ed..c3a2a1b63f 100644
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -1198,7 +1198,6 @@ ZEND_FUNCTION(set_error_handler)
 
 	ZVAL_COPY(&EG(user_error_handler), &(fci.function_name));
 	EG(user_error_handler_error_reporting) = (int)error_type;
-	zend_release_fcall_info_cache(&fcc);
 }
 /* }}} */
 
@@ -1254,7 +1253,6 @@ ZEND_FUNCTION(set_exception_handler)
 	}
 
 	ZVAL_COPY(&EG(user_exception_handler), &(fci.function_name));
-	zend_release_fcall_info_cache(&fcc);
 }
 /* }}} */
author	Nikita Popov <nikita.ppv@gmail.com>	2020-09-04 09:41:27 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-09-04 14:23:14 +0200
commit	2e218180efebeac4fe0fe3f36e39fce8fc513468 (patch)
tree	75d028ac345289ff3a0211c146419c50492372c1 /Zend/zend_builtin_functions.c
parent	c0d6b05b686767fcf6a858d5c039bee764655590 (diff)
download	php-git-2e218180efebeac4fe0fe3f36e39fce8fc513468.tar.gz