diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-02 10:13:42 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-02 10:16:05 +0200 |
commit | a07c1f56aac1c0f6c8334760009b678cbf9d6138 (patch) | |
tree | 4ec12d59ded0eda808f43ec4d5911d51efd447c0 /Zend/zend_execute.c | |
parent | cd2afd99b1faa58c35a3807081e531cce0cd2311 (diff) | |
download | php-git-a07c1f56aac1c0f6c8334760009b678cbf9d6138.tar.gz |
Fix infinite loop on string offset during by-ref list assign
There is a deeper underlying issue here, in that the opcodes violate
VM write-fetch safety, but let's fix the infinite loop first.
This fixes oss-fuzz #25352.
Diffstat (limited to 'Zend/zend_execute.c')
-rw-r--r-- | Zend/zend_execute.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 0eb6639b2e..9a891273bc 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -1329,6 +1329,7 @@ static zend_never_inline ZEND_COLD void zend_wrong_string_offset(EXECUTE_DATA_D) msg = "Cannot create references to/from string offsets"; break; } + opline++; } break; EMPTY_SWITCH_DEFAULT_CASE(); |