Fixed bug #52614 (Memory leak when writing on uninitialized variable returned from method call)

1 files changed, 46 insertions, 0 deletions

diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 3b07493c52..4da5485d37 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -18807,6 +18807,27 @@ static int ZEND_FASTCALL  ZEND_ISSET_ISEMPTY_VAR_SPEC_VAR_UNUSED_HANDLER(ZEND_OP
 	ZEND_VM_NEXT_OPCODE();
 }
 
+static int ZEND_FASTCALL  ZEND_SEPARATE_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
+{
+	USE_OPLINE
+	zval *var_ptr, *new_zv;
+
+	SAVE_OPLINE();
+	var_ptr = EX_T(opline->op1.var).var.ptr;
+	if (Z_TYPE_P(var_ptr) != IS_OBJECT &&
+	    !PZVAL_IS_REF(var_ptr) &&
+	    Z_REFCOUNT_P(var_ptr) > 1) {
+
+		Z_DELREF_P(var_ptr);
+		ALLOC_ZVAL(new_zv);
+		INIT_PZVAL_COPY(new_zv, var_ptr);
+		var_ptr = new_zv;
+		zval_copy_ctor(var_ptr);
+		EX_T(opline->op1.var).var.ptr = var_ptr;
+	}
+	ZEND_VM_NEXT_OPCODE();
+}
+
 static int ZEND_FASTCALL  ZEND_ADD_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 {
 	USE_OPLINE
@@ -39488,6 +39509,31 @@ void zend_init_opcodes_handlers(void)
   	ZEND_BIND_TRAITS_SPEC_HANDLER,
   	ZEND_BIND_TRAITS_SPEC_HANDLER,
   	ZEND_BIND_TRAITS_SPEC_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_SEPARATE_SPEC_VAR_UNUSED_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
+  	ZEND_NULL_HANDLER,
   	ZEND_NULL_HANDLER
   };
   zend_opcode_handlers = (opcode_handler_t*)labels;