summaryrefslogtreecommitdiff
path: root/Zend
diff options
context:
space:
mode:
authorStanislav Malyshev <stas@php.net>2011-03-16 05:25:02 +0000
committerStanislav Malyshev <stas@php.net>2011-03-16 05:25:02 +0000
commit8efa208e0b673da651a34af4b6e6caccc54d5910 (patch)
tree6b7dc1a77a8d743c8858dc654211afda246bf27a /Zend
parent406dd6e8ca48a637be2571436c0b65e17f9aa5a1 (diff)
downloadphp-git-8efa208e0b673da651a34af4b6e6caccc54d5910.tar.gz
fix UMR when variable name is an object and __toString is used
# zend_call_function checks IS_REF on This
Diffstat (limited to 'Zend')
-rw-r--r--Zend/zend_vm_def.h42
-rw-r--r--Zend/zend_vm_execute.h26
-rw-r--r--Zend/zend_vm_opcodes.h2
3 files changed, 48 insertions, 22 deletions
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 1fee71195f..79cff3e9ef 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1023,6 +1023,8 @@ ZEND_VM_HELPER_EX(zend_fetch_var_address_helper, CONST|TMP|VAR|CV, UNUSED|CONST|
if (OP1_TYPE != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -1205,7 +1207,7 @@ ZEND_VM_HANDLER(84, ZEND_FETCH_DIM_W, VAR|CV, CONST|TMP|VAR|UNUSED|CV)
/* We are going to assign the result by reference */
if (UNEXPECTED(opline->extended_value != 0)) {
zval **retval_ptr = EX_T(opline->result.var).var.ptr_ptr;
-
+
if (retval_ptr) {
Z_DELREF_PP(retval_ptr);
SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr);
@@ -1386,7 +1388,7 @@ ZEND_VM_HANDLER(85, ZEND_FETCH_OBJ_W, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr);
EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr;
}
-
+
if (IS_OP2_TMP_FREE()) {
MAKE_REAL_ZVAL_PTR(property);
}
@@ -1414,7 +1416,7 @@ ZEND_VM_HANDLER(85, ZEND_FETCH_OBJ_W, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr);
Z_ADDREF_PP(retval_ptr);
}
-
+
CHECK_EXCEPTION();
ZEND_VM_NEXT_OPCODE();
}
@@ -2071,7 +2073,7 @@ ZEND_VM_HANDLER(56, ZEND_ADD_VAR, TMP|UNUSED, TMP|VAR|CV)
SAVE_OPLINE();
var = GET_OP2_ZVAL_PTR(BP_VAR_R);
-
+
if (OP1_TYPE == IS_UNUSED) {
/* Initialize for erealloc in add_string_to_string */
Z_STRVAL_P(str) = NULL;
@@ -2166,7 +2168,7 @@ ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMP|VAR|UNUSED|CV, CONST|TMP|VAR|CV)
if (EXPECTED(EX(object) != NULL) &&
EXPECTED(Z_TYPE_P(EX(object)) == IS_OBJECT)) {
EX(called_scope) = Z_OBJCE_P(EX(object));
-
+
if (OP2_TYPE != IS_CONST ||
(EX(fbc) = CACHED_POLYMORPHIC_PTR(opline->op2.literal->cache_slot, EX(called_scope))) == NULL) {
zval *object = EX(object);
@@ -2189,10 +2191,10 @@ ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMP|VAR|UNUSED|CV, CONST|TMP|VAR|CV)
} else {
zend_error_noreturn(E_ERROR, "Call to a member function %s() on a non-object", function_name_strval);
}
-
+
if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) {
EX(object) = NULL;
- } else {
+ } else {
if (!PZVAL_IS_REF(EX(object))) {
Z_ADDREF_P(EX(object)); /* For $this pointer */
} else {
@@ -2428,9 +2430,9 @@ ZEND_VM_HELPER(zend_leave_helper, ANY, ANY)
cv++;
}
}
-
+
nested = EX(nested);
-
+
zend_vm_stack_free(execute_data TSRMLS_CC);
if (nested) {
@@ -3093,7 +3095,7 @@ ZEND_VM_HANDLER(63, ZEND_RECV, ANY, ANY)
char *space;
char *class_name;
zend_execute_data *ptr;
-
+
if (EG(active_op_array)->scope) {
class_name = EG(active_op_array)->scope->name;
space = "::";
@@ -3491,7 +3493,7 @@ ZEND_VM_HANDLER(72, ZEND_ADD_ARRAY_ELEMENT, CONST|TMP|VAR|CV, CONST|TMP|VAR|UNUS
zend_free_op free_op2;
zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
ulong hval;
-
+
switch (Z_TYPE_P(offset)) {
case IS_DOUBLE:
hval = zend_dval_to_lval(Z_DVAL_P(offset));
@@ -3824,7 +3826,7 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
SAVE_OPLINE();
container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET);
offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
-
+
if (OP1_TYPE != IS_VAR || container) {
if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
SEPARATE_ZVAL_IF_NOT_REF(container);
@@ -4007,7 +4009,7 @@ ZEND_VM_HANDLER(77, ZEND_FE_RESET, CONST|TMP|VAR|CV, ANY)
if (!ce || !ce->get_iterator) {
Z_ADDREF_P(array_ptr);
}
- } else if (OP1_TYPE == IS_CONST ||
+ } else if (OP1_TYPE == IS_CONST ||
((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) &&
!Z_ISREF_P(array_ptr) &&
Z_REFCOUNT_P(array_ptr) > 1)) {
@@ -4251,7 +4253,7 @@ ZEND_VM_HANDLER(114, ZEND_ISSET_ISEMPTY_VAR, CONST|TMP|VAR|CV, UNUSED|CONST|VAR)
if (zend_hash_quick_find(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, (void **) &value) == FAILURE) {
isset = 0;
}
- } else {
+ } else {
isset = 0;
}
} else {
@@ -4326,7 +4328,7 @@ ZEND_VM_HELPER_EX(zend_isset_isempty_dim_prop_obj_handler, VAR|UNUSED|CV, CONST|
SAVE_OPLINE();
container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_IS);
-
+
offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) {
@@ -4701,7 +4703,7 @@ ZEND_VM_HANDLER(138, ZEND_INSTANCEOF, TMP|VAR|CV, ANY)
SAVE_OPLINE();
expr = GET_OP1_ZVAL_PTR(BP_VAR_R);
-
+
if (Z_TYPE_P(expr) == IS_OBJECT && Z_OBJ_HT_P(expr)->get_class_entry) {
result = instanceof_function(Z_OBJCE_P(expr), EX_T(opline->op2.var).class_entry TSRMLS_CC);
} else {
@@ -4783,9 +4785,9 @@ ZEND_VM_HANDLER(155, ZEND_BIND_TRAITS, ANY, ANY)
{
zend_op *opline = EX(opline);
zend_class_entry *ce = EX_T(opline->op1.var).class_entry;
-
+
zend_do_bind_traits(ce TSRMLS_CC);
-
+
ZEND_VM_NEXT_OPCODE();
}
@@ -4796,7 +4798,7 @@ ZEND_VM_HANDLER(149, ZEND_HANDLE_EXCEPTION, ANY, ANY)
zend_uint catch_op_num = 0;
int catched = 0;
zval restored_error_reporting;
-
+
void **stack_frame = (void**)(((char*)EX_Ts()) +
(ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * EX(op_array)->T));
@@ -4891,7 +4893,7 @@ ZEND_VM_HANDLER(150, ZEND_USER_OPCODE, ANY, ANY)
{
USE_OPLINE
int ret;
-
+
SAVE_OPLINE();
ret = zend_user_opcode_handlers[opline->opcode](ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_INTERNAL);
LOAD_OPLINE();
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 720228274a..ad210ab7d9 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| Zend Engine |
+----------------------------------------------------------------------+
- | Copyright (c) 1998-2011 Zend Technologies Ltd. (http://www.zend.com) |
+ | Copyright (c) 1998-2010 Zend Technologies Ltd. (http://www.zend.com) |
+----------------------------------------------------------------------+
| This source file is subject to version 2.00 of the Zend license, |
| that is bundled with this package in the file LICENSE, and is |
@@ -2874,6 +2874,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_CONST(int type
if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -4351,6 +4353,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_VAR(int type,
if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -4883,6 +4887,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_UNUSED(int typ
if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -7188,6 +7194,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_CONST(int type,
if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -8538,6 +8546,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_VAR(int type, ZE
if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -9072,6 +9082,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_UNUSED(int type,
if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -12053,6 +12065,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_CONST(int type,
if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -16248,6 +16262,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_VAR(int type, ZE
if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -18020,6 +18036,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_UNUSED(int type,
if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -27579,6 +27597,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_CONST(int type, Z
if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -31431,6 +31451,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_VAR(int type, ZEN
if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -33076,6 +33098,8 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_UNUSED(int type,
if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
diff --git a/Zend/zend_vm_opcodes.h b/Zend/zend_vm_opcodes.h
index ed80ddc7a5..4cd1ac4346 100644
--- a/Zend/zend_vm_opcodes.h
+++ b/Zend/zend_vm_opcodes.h
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| Zend Engine |
+----------------------------------------------------------------------+
- | Copyright (c) 1998-2011 Zend Technologies Ltd. (http://www.zend.com) |
+ | Copyright (c) 1998-2010 Zend Technologies Ltd. (http://www.zend.com) |
+----------------------------------------------------------------------+
| This source file is subject to version 2.00 of the Zend license, |
| that is bundled with this package in the file LICENSE, and is |
View Lorry Controller Status