Fix infinite loop on string offset during by-ref list assign

There is a deeper underlying issue here, in that the opcodes violate VM write-fetch safety, but let's fix the infinite loop first. This fixes oss-fuzz #25352.
author: Nikita Popov <nikita.ppv@gmail.com> 2020-09-02 10:13:42 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-09-02 10:16:05 +0200
commit: a07c1f56aac1c0f6c8334760009b678cbf9d6138 (patch)
tree: 4ec12d59ded0eda808f43ec4d5911d51efd447c0 /Zend/zend_execute.c
parent: cd2afd99b1faa58c35a3807081e531cce0cd2311 (diff)
download: php-git-a07c1f56aac1c0f6c8334760009b678cbf9d6138.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index 0eb6639b2e..9a891273bc 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -1329,6 +1329,7 @@ static zend_never_inline ZEND_COLD void zend_wrong_string_offset(EXECUTE_DATA_D)
 					msg = "Cannot create references to/from string offsets";
 					break;
 				}
+				opline++;
 			}
 			break;
 		EMPTY_SWITCH_DEFAULT_CASE();
author	Nikita Popov <nikita.ppv@gmail.com>	2020-09-02 10:13:42 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-09-02 10:16:05 +0200
commit	a07c1f56aac1c0f6c8334760009b678cbf9d6138 (patch)
tree	4ec12d59ded0eda808f43ec4d5911d51efd447c0 /Zend/zend_execute.c
parent	cd2afd99b1faa58c35a3807081e531cce0cd2311 (diff)
download	php-git-a07c1f56aac1c0f6c8334760009b678cbf9d6138.tar.gz