diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | Zend/tests/bug71539.phpt | 16 | ||||
| -rw-r--r-- | Zend/tests/bug71539_1.phpt | 30 | ||||
| -rw-r--r-- | Zend/tests/bug71539_2.phpt | 30 | ||||
| -rw-r--r-- | Zend/tests/bug71539_3.phpt | 19 | ||||
| -rw-r--r-- | Zend/tests/bug71539_4.phpt | 19 | ||||
| -rw-r--r-- | Zend/tests/bug71539_5.phpt | 19 | ||||
| -rw-r--r-- | Zend/tests/bug71539_6.phpt | 15 | ||||
| -rw-r--r-- | Zend/zend_compile.c | 15 | ||||
| -rw-r--r-- | Zend/zend_vm_def.h | 18 | ||||
| -rw-r--r-- | Zend/zend_vm_execute.h | 299 | ||||
| -rw-r--r-- | Zend/zend_vm_opcodes.c | 4 | ||||
| -rw-r--r-- | Zend/zend_vm_opcodes.h | 1 |
13 files changed, 356 insertions, 131 deletions
@@ -5,6 +5,8 @@ PHP NEWS - Core: . Fixed bug #72543 (Different references behavior comparing to PHP 5) (Laruence, Dmitry, Nikita) + . Fixed bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) + (Dmitry, Nikita) - pcntl . Implemented asynchronous signal handling without TICKS. (Dmitry) diff --git a/Zend/tests/bug71539.phpt b/Zend/tests/bug71539.phpt new file mode 100644 index 0000000000..16b5ed8358 --- /dev/null +++ b/Zend/tests/bug71539.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) +--FILE-- +<?php +$array = []; +$array[0] =& $array['']; +$array[0] = 42; +var_dump($array); +?> +--EXPECT-- +array(2) { + [""]=> + &int(42) + [0]=> + &int(42) +} diff --git a/Zend/tests/bug71539_1.phpt b/Zend/tests/bug71539_1.phpt new file mode 100644 index 0000000000..935c9155a4 --- /dev/null +++ b/Zend/tests/bug71539_1.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #71539.1 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) +--FILE-- +<?php +$x = (object)['a'=>1,'b'=>2,'c'=>3,'d'=>4,'e'=>5,'f'=>6,'g'=>7]; +$x->h =& $x->i; +$x->h = 42; +var_dump($x); +?> +--EXPECT-- +object(stdClass)#1 (9) { + ["a"]=> + int(1) + ["b"]=> + int(2) + ["c"]=> + int(3) + ["d"]=> + int(4) + ["e"]=> + int(5) + ["f"]=> + int(6) + ["g"]=> + int(7) + ["i"]=> + &int(42) + ["h"]=> + &int(42) +} diff --git a/Zend/tests/bug71539_2.phpt b/Zend/tests/bug71539_2.phpt new file mode 100644 index 0000000000..380da467fb --- /dev/null +++ b/Zend/tests/bug71539_2.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #71539.2 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) +--FILE-- +<?php +$a = [0,1,2,3,4,5,6]; +$a[200] =& $a[100]; +$a[100] =42; +var_dump($a); +?> +--EXPECT-- +array(9) { + [0]=> + int(0) + [1]=> + int(1) + [2]=> + int(2) + [3]=> + int(3) + [4]=> + int(4) + [5]=> + int(5) + [6]=> + int(6) + [100]=> + &int(42) + [200]=> + &int(42) +} diff --git a/Zend/tests/bug71539_3.phpt b/Zend/tests/bug71539_3.phpt new file mode 100644 index 0000000000..7212a6de47 --- /dev/null +++ b/Zend/tests/bug71539_3.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #71539.3 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) +--FILE-- +<?php +$array = []; +$array[0][0] =& $array['']; +$array[0][0] = 42; +var_dump($array); +?> +--EXPECT-- +array(2) { + [""]=> + &int(42) + [0]=> + array(1) { + [0]=> + &int(42) + } +} diff --git a/Zend/tests/bug71539_4.phpt b/Zend/tests/bug71539_4.phpt new file mode 100644 index 0000000000..5b9cee05c1 --- /dev/null +++ b/Zend/tests/bug71539_4.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #71539.4 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) +--FILE-- +<?php +$array = [0=>[]]; +$array[0][0] =& $array[0]['']; +$array[0][0] = 42; +var_dump($array); +?> +--EXPECT-- +array(1) { + [0]=> + array(2) { + [""]=> + &int(42) + [0]=> + &int(42) + } +} diff --git a/Zend/tests/bug71539_5.phpt b/Zend/tests/bug71539_5.phpt new file mode 100644 index 0000000000..14559bf65e --- /dev/null +++ b/Zend/tests/bug71539_5.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #71539.5 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) +--FILE-- +<?php +$array = []; +$array['']->prop =& $array[0]; +$array[0] = 42; +var_dump($array); +?> +--EXPECT-- +array(2) { + [0]=> + &int(42) + [""]=> + object(stdClass)#1 (1) { + ["prop"]=> + &int(42) + } +} diff --git a/Zend/tests/bug71539_6.phpt b/Zend/tests/bug71539_6.phpt new file mode 100644 index 0000000000..2bf4f6b1e0 --- /dev/null +++ b/Zend/tests/bug71539_6.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #71539.5 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) +--FILE-- +<?php +$name = 'a'; +for ($i = 0; $i < 100000; $i++) { + if ($name != 'i') { + $$name =& $GLOBALS; + } + $name++; +} +?> +OK +--EXPECT-- +OK
\ No newline at end of file diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index bf1615e8bb..af5f5034be 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -3029,7 +3029,20 @@ void zend_compile_assign_ref(znode *result, zend_ast *ast) /* {{{ */ offset = zend_delayed_compile_begin(); zend_delayed_compile_var(&target_node, target_ast, BP_VAR_W); - zend_delayed_compile_var(&source_node, source_ast, BP_VAR_W); + zend_compile_var(&source_node, source_ast, BP_VAR_W); + + if ((target_ast->kind != ZEND_AST_VAR + || target_ast->child[0]->kind != ZEND_AST_ZVAL) + && source_node.op_type != IS_CV) { + /* Both LHS and RHS expressions may modify the same data structure, + * and the modification during RHS evaluation may dangle the pointer + * to the result of the LHS evaluation. + * Use MAKE_REF instruction to replace direct pointer with REFERENCE. + * See: Bug #71539 + */ + zend_emit_op(&source_node, ZEND_MAKE_REF, &source_node, NULL); + } + zend_delayed_compile_end(offset); if (source_node.op_type != IS_VAR && zend_is_call(source_ast)) { diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index f39ce0ec6a..5cae574c53 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -8102,6 +8102,24 @@ ZEND_VM_HANDLER(49, ZEND_CHECK_VAR, CV, UNUSED) ZEND_VM_NEXT_OPCODE(); } +ZEND_VM_HANDLER(51, ZEND_MAKE_REF, VAR, UNUSED) +{ + USE_OPLINE + zval *op1 = EX_VAR(opline->op1.var); + + if (EXPECTED(Z_TYPE_P(op1) == IS_INDIRECT)) { + op1 = Z_INDIRECT_P(op1); + if (EXPECTED(!Z_ISREF_P(op1))) { + ZVAL_MAKE_REF(op1); + } + GC_REFCOUNT(Z_REF_P(op1))++; + ZVAL_REF(EX_VAR(opline->result.var), Z_REF_P(op1)); + } else { + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), op1); + } + ZEND_VM_NEXT_OPCODE(); +} + ZEND_VM_TYPE_SPEC_HANDLER(ZEND_ADD, (res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG && op2_info == MAY_BE_LONG), ZEND_ADD_LONG_NO_OVERFLOW, CONST|TMPVARCV, CONST|TMPVARCV, SPEC(NO_CONST_CONST,COMMUTATIVE)) { USE_OPLINE diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 803414ac9d..83eb35f610 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -21821,6 +21821,24 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_VAR_UNUSED_HANDLER( ZEND_VM_RETURN(); } +static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_MAKE_REF_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) +{ + USE_OPLINE + zval *op1 = EX_VAR(opline->op1.var); + + if (EXPECTED(Z_TYPE_P(op1) == IS_INDIRECT)) { + op1 = Z_INDIRECT_P(op1); + if (EXPECTED(!Z_ISREF_P(op1))) { + ZVAL_MAKE_REF(op1); + } + GC_REFCOUNT(Z_REF_P(op1))++; + ZVAL_REF(EX_VAR(opline->result.var), Z_REF_P(op1)); + } else { + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), op1); + } + ZEND_VM_NEXT_OPCODE(); +} + static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IS_IDENTICAL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { USE_OPLINE @@ -58465,6 +58483,31 @@ void zend_init_opcodes_handlers(void) ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_MAKE_REF_SPEC_VAR_UNUSED_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, + ZEND_NULL_HANDLER, ZEND_BOOL_SPEC_CONST_HANDLER, ZEND_BOOL_SPEC_TMPVAR_HANDLER, ZEND_BOOL_SPEC_TMPVAR_HANDLER, @@ -61597,36 +61640,35 @@ void zend_init_opcodes_handlers(void) 1433 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 1458 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 1483 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG, - 4571, - 1493 | SPEC_RULE_OP1, - 1498 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1493 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1518 | SPEC_RULE_OP1, 1523 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 1548 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 1573 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 1598, - 1599 | SPEC_RULE_OP1, - 1604 | SPEC_RULE_OP2, - 1609 | SPEC_RULE_RETVAL, - 1611 | SPEC_RULE_OP2, - 1616 | SPEC_RULE_OP1, - 1621, - 1622 | SPEC_RULE_OP2, - 1627 | SPEC_RULE_OP1, - 1632 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG, - 1642 | SPEC_RULE_OP1, - 1647 | SPEC_RULE_OP1, - 1652 | SPEC_RULE_OP2, - 1657 | SPEC_RULE_OP1, - 1662 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1598 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1623, + 1624 | SPEC_RULE_OP1, + 1629 | SPEC_RULE_OP2, + 1634 | SPEC_RULE_RETVAL, + 1636 | SPEC_RULE_OP2, + 1641 | SPEC_RULE_OP1, + 1646, + 1647 | SPEC_RULE_OP2, + 1652 | SPEC_RULE_OP1, + 1657 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG, + 1667 | SPEC_RULE_OP1, + 1672 | SPEC_RULE_OP1, + 1677 | SPEC_RULE_OP2, + 1682 | SPEC_RULE_OP1, 1687 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 1712 | SPEC_RULE_OP1, - 1717 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1712 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1737 | SPEC_RULE_OP1, 1742 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 1767 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 1792 | SPEC_RULE_OP1, - 1797 | SPEC_RULE_OP1, - 1802 | SPEC_RULE_OP1, - 1807 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1792 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 1817 | SPEC_RULE_OP1, + 1822 | SPEC_RULE_OP1, + 1827 | SPEC_RULE_OP1, 1832 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 1857 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 1882 | SPEC_RULE_OP1 | SPEC_RULE_OP2, @@ -61646,80 +61688,80 @@ void zend_init_opcodes_handlers(void) 2232 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 2257 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 2282 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 4571, - 2307, - 2308, - 2309, - 2310, - 2311, - 2312 | SPEC_RULE_OP1, - 2317 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 2342 | SPEC_RULE_OP1, - 2347 | SPEC_RULE_OP2, - 2352 | SPEC_RULE_OP1, - 2357 | SPEC_RULE_OP1, - 2362 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2307 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 4596, + 2332, + 2333, + 2334, + 2335, + 2336, + 2337 | SPEC_RULE_OP1, + 2342 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2367 | SPEC_RULE_OP1, + 2372 | SPEC_RULE_OP2, + 2377 | SPEC_RULE_OP1, + 2382 | SPEC_RULE_OP1, 2387 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 2412 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 2437 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 2462 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG, - 2472 | SPEC_RULE_OP1, - 2477 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 2502, - 2503 | SPEC_RULE_OP1, - 2508 | SPEC_RULE_OP1, - 2513 | SPEC_RULE_OP1, - 2518 | SPEC_RULE_OP1, - 2523 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 2548 | SPEC_RULE_OP1, - 2553 | SPEC_RULE_OP1, - 2558 | SPEC_RULE_OP1, - 2563 | SPEC_RULE_OP2, - 2568 | SPEC_RULE_RETVAL, - 2570 | SPEC_RULE_RETVAL, - 2572 | SPEC_RULE_RETVAL, - 2574 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2462 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2487 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG, + 2497 | SPEC_RULE_OP1, + 2502 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2527, + 2528 | SPEC_RULE_OP1, + 2533 | SPEC_RULE_OP1, + 2538 | SPEC_RULE_OP1, + 2543 | SPEC_RULE_OP1, + 2548 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2573 | SPEC_RULE_OP1, + 2578 | SPEC_RULE_OP1, + 2583 | SPEC_RULE_OP1, + 2588 | SPEC_RULE_OP2, + 2593 | SPEC_RULE_RETVAL, + 2595 | SPEC_RULE_RETVAL, + 2597 | SPEC_RULE_RETVAL, 2599 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 2624 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 2649 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 2674 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA, - 2799, - 2800 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 2825, - 2826 | SPEC_RULE_OP2, - 2831, - 2832 | SPEC_RULE_OP1, - 2837 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 2862 | SPEC_RULE_OP2, - 2867 | SPEC_RULE_OP2, - 2872, - 2873 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA, - 2998 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 3023, - 3024, - 3025, - 3026 | SPEC_RULE_OP1, - 3031 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 3056, - 3057, - 3058 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 3083, - 3084, - 3085, - 3086 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 3111 | SPEC_RULE_OP1, - 3116, - 3117, - 3118, - 3119, - 3120 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 3145 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_DIM_OBJ, - 3220 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 3245 | SPEC_RULE_OP1, - 3250 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 3275, - 3276 | SPEC_RULE_OP2, - 3281 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2674 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2699 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA, + 2824, + 2825 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2850, + 2851 | SPEC_RULE_OP2, + 2856, + 2857 | SPEC_RULE_OP1, + 2862 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 2887 | SPEC_RULE_OP2, + 2892 | SPEC_RULE_OP2, + 2897, + 2898 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA, + 3023 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 3048, + 3049, + 3050, + 3051 | SPEC_RULE_OP1, + 3056 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 3081, + 3082, + 3083 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 3108, + 3109, + 3110, + 3111 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 3136 | SPEC_RULE_OP1, + 3141, + 3142, + 3143, + 3144, + 3145 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 3170 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_DIM_OBJ, + 3245 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 3270 | SPEC_RULE_OP1, + 3275 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 3300, + 3301 | SPEC_RULE_OP2, 3306 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 3331 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 3356 | SPEC_RULE_OP1 | SPEC_RULE_OP2, @@ -61731,9 +61773,10 @@ void zend_init_opcodes_handlers(void) 3506 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 3531 | SPEC_RULE_OP1 | SPEC_RULE_OP2, 3556 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 4571, 3581 | SPEC_RULE_OP1 | SPEC_RULE_OP2, - 4571 + 4596, + 3606 | SPEC_RULE_OP1 | SPEC_RULE_OP2, + 4596 }; zend_opcode_handlers = labels; zend_handlers_count = sizeof(labels) / sizeof(void*); @@ -61840,7 +61883,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3606 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3631 | SPEC_RULE_OP1 | SPEC_RULE_OP2; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61848,7 +61891,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3631 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3656 | SPEC_RULE_OP1 | SPEC_RULE_OP2; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61856,7 +61899,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3656 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3681 | SPEC_RULE_OP1 | SPEC_RULE_OP2; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61867,17 +61910,17 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3681 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3706 | SPEC_RULE_OP1 | SPEC_RULE_OP2; } else if ((op1_info == MAY_BE_LONG && op2_info == MAY_BE_LONG)) { if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3706 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3731 | SPEC_RULE_OP1 | SPEC_RULE_OP2; } else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) { if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3731 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3756 | SPEC_RULE_OP1 | SPEC_RULE_OP2; } break; case ZEND_MUL: @@ -61885,7 +61928,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3756 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3781 | SPEC_RULE_OP1 | SPEC_RULE_OP2; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61893,7 +61936,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3781 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3806 | SPEC_RULE_OP1 | SPEC_RULE_OP2; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61901,7 +61944,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3806 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 3831 | SPEC_RULE_OP1 | SPEC_RULE_OP2; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61912,7 +61955,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3831 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 3856 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61920,7 +61963,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3906 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 3931 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61931,7 +61974,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 3981 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 4006 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61939,7 +61982,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 4056 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 4081 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; if (op->op1_type > op->op2_type) { zend_swap_operands(op); } @@ -61950,12 +61993,12 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 4131 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 4156 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; } else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) { if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 4206 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 4231 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; } break; case ZEND_IS_SMALLER_OR_EQUAL: @@ -61963,70 +62006,70 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 4281 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 4306 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; } else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) { if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) { break; } - spec = 4356 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; + spec = 4381 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH; } break; case ZEND_QM_ASSIGN: if ((op1_info == MAY_BE_DOUBLE)) { - spec = 4521 | SPEC_RULE_OP1; + spec = 4546 | SPEC_RULE_OP1; } else if ((!(op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF)-(MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_LONG|MAY_BE_DOUBLE))))) { - spec = 4526 | SPEC_RULE_OP1; + spec = 4551 | SPEC_RULE_OP1; } break; case ZEND_PRE_INC: if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) { - spec = 4431 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; + spec = 4456 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; } else if ((op1_info == MAY_BE_LONG)) { - spec = 4441 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; + spec = 4466 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; } else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) { - spec = 4451 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; + spec = 4476 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; } break; case ZEND_PRE_DEC: if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) { - spec = 4461 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; + spec = 4486 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; } else if ((op1_info == MAY_BE_LONG)) { - spec = 4471 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; + spec = 4496 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; } else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) { - spec = 4481 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; + spec = 4506 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL; } break; case ZEND_POST_INC: if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) { - spec = 4491 | SPEC_RULE_OP1; + spec = 4516 | SPEC_RULE_OP1; } else if ((op1_info == MAY_BE_LONG)) { - spec = 4496 | SPEC_RULE_OP1; + spec = 4521 | SPEC_RULE_OP1; } else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) { - spec = 4501 | SPEC_RULE_OP1; + spec = 4526 | SPEC_RULE_OP1; } break; case ZEND_POST_DEC: if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) { - spec = 4506 | SPEC_RULE_OP1; + spec = 4531 | SPEC_RULE_OP1; } else if ((op1_info == MAY_BE_LONG)) { - spec = 4511 | SPEC_RULE_OP1; + spec = 4536 | SPEC_RULE_OP1; } else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) { - spec = 4516 | SPEC_RULE_OP1; + spec = 4541 | SPEC_RULE_OP1; } break; case ZEND_SEND_VAR_EX: if ((op1_info & (MAY_BE_UNDEF|MAY_BE_REF)) == 0) { - spec = 4561 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG; + spec = 4586 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG; } break; case ZEND_FETCH_DIM_R: if ((!(op2_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)))) { - spec = 4531 | SPEC_RULE_OP1 | SPEC_RULE_OP2; + spec = 4556 | SPEC_RULE_OP1 | SPEC_RULE_OP2; } break; case ZEND_SEND_VAR: if ((op1_info & (MAY_BE_UNDEF|MAY_BE_REF)) == 0) { - spec = 4556 | SPEC_RULE_OP1; + spec = 4581 | SPEC_RULE_OP1; } break; default: diff --git a/Zend/zend_vm_opcodes.c b/Zend/zend_vm_opcodes.c index 6dd761d9cb..11e9b1368b 100644 --- a/Zend/zend_vm_opcodes.c +++ b/Zend/zend_vm_opcodes.c @@ -73,7 +73,7 @@ static const char *zend_vm_opcodes_names[187] = { "ZEND_CASE", "ZEND_CHECK_VAR", "ZEND_SEND_VAR_NO_REF_EX", - NULL, + "ZEND_MAKE_REF", "ZEND_BOOL", "ZEND_FAST_CONCAT", "ZEND_ROPE_INIT", @@ -263,7 +263,7 @@ static uint32_t zend_vm_opcodes_flags[187] = { 0x00000707, 0x00000101, 0x00001001, - 0x00000000, + 0x00000101, 0x00000007, 0x00000707, 0x01000701, diff --git a/Zend/zend_vm_opcodes.h b/Zend/zend_vm_opcodes.h index 11903abd21..c55d8a8500 100644 --- a/Zend/zend_vm_opcodes.h +++ b/Zend/zend_vm_opcodes.h @@ -118,6 +118,7 @@ END_EXTERN_C() #define ZEND_CASE 48 #define ZEND_CHECK_VAR 49 #define ZEND_SEND_VAR_NO_REF_EX 50 +#define ZEND_MAKE_REF 51 #define ZEND_BOOL 52 #define ZEND_FAST_CONCAT 53 #define ZEND_ROPE_INIT 54 |