diff options
| author | Dmitry Stogov <dmitry@php.net> | 2008-03-04 10:06:52 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2008-03-04 10:06:52 +0000 |
| commit | 8365e71cb92b5242277109d64a1a0f60d8313340 (patch) | |
| tree | 7eddffc16d417b572ff367c618e06649dbbb2751 /Zend | |
| parent | 1a3f7f64509725a2ecac2a266e79391ac9d731cf (diff) | |
| download | php-git-8365e71cb92b5242277109d64a1a0f60d8313340.tar.gz | |
Fixed wrong result of cascading assignment to string offset
Fixed memory corruption on cascading assignment of IS_TMP_VAR into string offset
Fixed opcode caches shared memory corruption on cascading assignment of IS_CONST
into string offset
Diffstat (limited to 'Zend')
| -rw-r--r-- | Zend/zend_execute.c | 5 | ||||
| -rw-r--r-- | Zend/zend_vm_def.h | 41 | ||||
| -rw-r--r-- | Zend/zend_vm_execute.h | 368 |
3 files changed, 303 insertions, 111 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index e6b52cbef1..721d410d16 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -626,13 +626,13 @@ static inline void zend_assign_to_object(znode *result, zval **object_ptr, zval FREE_OP_IF_VAR(free_value); } -static inline void zend_assign_to_string_offset(temp_variable *T, zval *value, int value_type TSRMLS_DC) +static inline int zend_assign_to_string_offset(temp_variable *T, zval *value, int value_type TSRMLS_DC) { if (Z_TYPE_P(T->str_offset.str) == IS_STRING) { if (((int)T->str_offset.offset < 0)) { zend_error(E_WARNING, "Illegal string offset: %d", T->str_offset.offset); - return; + return 0; } if (T->str_offset.offset >= Z_STRLEN_P(T->str_offset.str)) { @@ -667,6 +667,7 @@ static inline void zend_assign_to_string_offset(temp_variable *T, zval *value, i T(result->u.var).var = &T->str_offset.str; */ } + return 1; } static inline zval* zend_assign_to_variable(zval **variable_ptr_ptr, zval *value, int is_tmp_var TSRMLS_DC) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index e58dc702db..4a4ad8867a 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1544,13 +1544,23 @@ ZEND_VM_HANDLER(147, ZEND_ASSIGN_DIM, VAR|CV, CONST|TMP|VAR|UNUSED|CV) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -1569,14 +1579,23 @@ ZEND_VM_HANDLER(38, ZEND_ASSIGN, VAR|CV, CONST|TMP|VAR|CV) zval **variable_ptr_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, OP2_TYPE TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, OP2_TYPE TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_OP2_TMP_FREE() TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP1_VAR_PTR(); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 0fb064e130..33ee07673d 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -9810,13 +9810,23 @@ static int ZEND_ASSIGN_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -9835,14 +9845,23 @@ static int ZEND_ASSIGN_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CONST TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CONST TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 0 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; @@ -11619,13 +11638,23 @@ static int ZEND_ASSIGN_DIM_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -11644,14 +11673,23 @@ static int ZEND_ASSIGN_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_TMP_VAR TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_TMP_VAR TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 1 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; @@ -13358,13 +13396,23 @@ static int ZEND_ASSIGN_DIM_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -13383,14 +13431,23 @@ static int ZEND_ASSIGN_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_VAR TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_VAR TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 0 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; @@ -14374,13 +14431,23 @@ static int ZEND_ASSIGN_DIM_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -15735,13 +15802,23 @@ static int ZEND_ASSIGN_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -15760,14 +15837,23 @@ static int ZEND_ASSIGN_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CV TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CV TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 0 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; @@ -23253,13 +23339,23 @@ static int ZEND_ASSIGN_DIM_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -23278,14 +23374,23 @@ static int ZEND_ASSIGN_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CONST TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CONST TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 0 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } /* zend_assign_to_variable() always takes care of op2, never free it! */ @@ -24881,13 +24986,23 @@ static int ZEND_ASSIGN_DIM_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -24906,14 +25021,23 @@ static int ZEND_ASSIGN_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_TMP_VAR TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_TMP_VAR TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 1 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } /* zend_assign_to_variable() always takes care of op2, never free it! */ @@ -26511,13 +26635,23 @@ static int ZEND_ASSIGN_DIM_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -26536,14 +26670,23 @@ static int ZEND_ASSIGN_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_VAR TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_VAR TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 0 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } /* zend_assign_to_variable() always takes care of op2, never free it! */ @@ -27420,13 +27563,23 @@ static int ZEND_ASSIGN_DIM_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -28679,13 +28832,23 @@ static int ZEND_ASSIGN_DIM_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R); variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC); - } - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } FREE_OP_VAR_PTR(free_op_data2); FREE_OP_IF_VAR(free_op_data1); @@ -28704,14 +28867,23 @@ static int ZEND_ASSIGN_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) zval **variable_ptr_ptr = _get_zval_ptr_ptr_cv(&opline->op1, EX(Ts), BP_VAR_W TSRMLS_CC); if (!variable_ptr_ptr) { - zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CV TSRMLS_CC); + if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, IS_CV TSRMLS_CC)) { + if (!RETURN_VALUE_UNUSED(&opline->result)) { + EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr; + ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr); + INIT_PZVAL(EX_T(opline->result.u.var).var.ptr); + ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1); + } + } else if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr)); + PZVAL_LOCK(EG(uninitialized_zval_ptr)); + } } else { value = zend_assign_to_variable(variable_ptr_ptr, value, 0 TSRMLS_CC); - } - - if (!RETURN_VALUE_UNUSED(&opline->result)) { - AI_SET_PTR(EX_T(opline->result.u.var).var, value); - PZVAL_LOCK(value); + if (!RETURN_VALUE_UNUSED(&opline->result)) { + AI_SET_PTR(EX_T(opline->result.u.var).var, value); + PZVAL_LOCK(value); + } } /* zend_assign_to_variable() always takes care of op2, never free it! */ |