diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-15 15:43:31 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-15 15:44:01 +0200 |
commit | 3c53732332c4b9d3904eec0d1c42f0d4d4bf65c6 (patch) | |
tree | 1a63b705b17a15065f3517ce9e1455e65dc13fc3 /Zend/zend_vm_execute.h | |
parent | a009d370e93fdc5928b2de9321d433ca39e7c6e6 (diff) | |
download | php-git-3c53732332c4b9d3904eec0d1c42f0d4d4bf65c6.tar.gz |
Fix undef var exception handling in JMP_NULL
We need to initialize the result variable in the exceptional
case as well.
Fixes oss-fuzz #25526.
Diffstat (limited to 'Zend/zend_vm_execute.h')
-rw-r--r-- | Zend/zend_vm_execute.h | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 27f1824050..e03712f868 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -5279,6 +5279,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_CON zval *result = EX_VAR(opline->result.var); if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) { + ZVAL_NULL(result); if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) { SAVE_OPLINE(); ZVAL_UNDEFINED_OP1(); @@ -5286,8 +5287,6 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_CON HANDLE_EXCEPTION(); } } - - ZVAL_NULL(result); } else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) { ZVAL_FALSE(result); } else { @@ -12047,6 +12046,7 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_TMPV zval *result = EX_VAR(opline->result.var); if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) { + ZVAL_NULL(result); if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) { SAVE_OPLINE(); ZVAL_UNDEFINED_OP1(); @@ -12054,8 +12054,6 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_TMPV HANDLE_EXCEPTION(); } } - - ZVAL_NULL(result); } else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) { ZVAL_FALSE(result); } else { |