diff options
| -rw-r--r-- | Zend/zend_execute_API.c | 4 | ||||
| -rw-r--r-- | Zend/zend_object_handlers.c | 8 | ||||
| -rw-r--r-- | Zend/zend_operators.c | 4 | ||||
| -rw-r--r-- | ext/spl/php_spl.c | 11 | ||||
| -rw-r--r-- | ext/standard/incomplete_class.c | 4 | ||||
| -rw-r--r-- | ext/standard/var.c | 3 | ||||
| -rw-r--r-- | ext/standard/var_unserializer.c | 46 | ||||
| -rw-r--r-- | ext/standard/var_unserializer.re | 16 |
8 files changed, 50 insertions, 46 deletions
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 7fb89bc046..425a04756b 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -371,10 +371,10 @@ ZEND_API const char *get_active_function_name(TSRMLS_D) /* {{{ */ } switch (EG(current_execute_data)->function_state.function->type) { case ZEND_USER_FUNCTION: { - const char *function_name = ((zend_op_array *) EG(current_execute_data)->function_state.function)->function_name->val; + zend_string *function_name = ((zend_op_array *) EG(current_execute_data)->function_state.function)->function_name; if (function_name) { - return function_name; + return function_name->val; } else { return "main"; } diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c index 1f9d5f24d0..48f1bc641a 100644 --- a/Zend/zend_object_handlers.c +++ b/Zend/zend_object_handlers.c @@ -86,7 +86,9 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */ prop_info->offset >= 0 && Z_TYPE(zobj->properties_table[prop_info->offset]) != IS_UNDEF) { zval *zv = zend_hash_add(zobj->properties, prop_info->name, &zobj->properties_table[prop_info->offset]); - ZVAL_INDIRECT(&zobj->properties_table[prop_info->offset], zv); + if (EXPECTED(zv)) { + ZVAL_INDIRECT(&zobj->properties_table[prop_info->offset], zv); + } } } while (ce->parent && ce->parent->default_properties_count) { @@ -100,7 +102,7 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */ prop_info->offset >= 0 && Z_TYPE(zobj->properties_table[prop_info->offset]) != IS_UNDEF) { zval *zv = zend_hash_add(zobj->properties, prop_info->name, &zobj->properties_table[prop_info->offset]); - if (zv) { + if (EXPECTED(zv != NULL)) { ZVAL_INDIRECT(&zobj->properties_table[prop_info->offset], zv); } } @@ -567,7 +569,7 @@ found: /* To check: can't *variable_ptr be some system variable like error_zval here? */ ZVAL_COPY_VALUE(Z_REFVAL_P(variable_ptr), value); - if (Z_REFCOUNT_P(value) > 0) { + if (Z_REFCOUNTED_P(value) && Z_REFCOUNT_P(value) > 0) { zval_copy_ctor(Z_REFVAL_P(variable_ptr)); } zval_dtor(&garbage); diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 849f4d3bd3..2c3d657d0b 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -1704,7 +1704,7 @@ ZEND_API int compare_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* { } /* }}} */ -static int hash_zval_identical_function(const zval **z1, const zval **z2) /* {{{ */ +static int hash_zval_identical_function(const zval *z1, const zval *z2) /* {{{ */ { zval result; TSRMLS_FETCH(); @@ -1714,7 +1714,7 @@ static int hash_zval_identical_function(const zval **z1, const zval **z2) /* {{{ * whereas this comparison function is expected to return 0 on identity, * and non zero otherwise. */ - if (is_identical_function(&result, (zval *) *z1, (zval *) *z2 TSRMLS_CC)==FAILURE) { + if (is_identical_function(&result, z1, z2 TSRMLS_CC)==FAILURE) { return 1; } return !Z_LVAL(result); diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c index 26f39eb513..002820b6fc 100644 --- a/ext/spl/php_spl.c +++ b/ext/spl/php_spl.c @@ -394,14 +394,16 @@ typedef struct { zend_class_entry *ce; } autoload_func_info; -static void autoload_func_info_dtor(autoload_func_info *alfi) +static void autoload_func_info_dtor(zval *element) { + autoload_func_info *alfi = (autoload_func_info*)Z_PTR_P(element); if (alfi->obj) { zval_ptr_dtor(alfi->obj); } if (alfi->closure) { zval_ptr_dtor(alfi->closure); } + efree(alfi); } /* {{{ proto void spl_autoload_call(string class_name) @@ -553,10 +555,9 @@ PHP_FUNCTION(spl_autoload_register) alfi.closure = zcallable; Z_ADDREF_P(zcallable); - lc_name = STR_ALLOC(func_name_len + 2 + sizeof(zend_uint), 0); + lc_name = STR_ALLOC(func_name_len + sizeof(zend_uint), 0); zend_str_tolower_copy(lc_name->val, func_name, func_name_len); memcpy(lc_name->val + func_name_len, &Z_OBJ_HANDLE_P(zcallable), sizeof(zend_uint)); - lc_name->len += sizeof(zend_uint); lc_name->val[lc_name->len] = '\0'; } else { lc_name = STR_ALLOC(func_name_len, 0); @@ -597,14 +598,14 @@ PHP_FUNCTION(spl_autoload_register) spl_alfi.ce = NULL; spl_alfi.closure = NULL; zend_hash_str_add_mem(SPL_G(autoload_functions), "spl_autoload", sizeof("spl_autoload") - 1, - (void *)&spl_alfi, sizeof(autoload_func_info)); + &spl_alfi, sizeof(autoload_func_info)); if (prepend && SPL_G(autoload_functions)->nNumOfElements > 1) { /* Move the newly created element to the head of the hashtable */ HT_MOVE_TAIL_TO_HEAD(SPL_G(autoload_functions)); } } - if (zend_hash_add_mem(SPL_G(autoload_functions), lc_name, &alfi.func_ptr, sizeof(autoload_func_info)) == NULL) { + if (zend_hash_add_mem(SPL_G(autoload_functions), lc_name, &alfi, sizeof(autoload_func_info)) == NULL) { if (obj_ptr && !(alfi.func_ptr->common.fn_flags & ZEND_ACC_STATIC)) { Z_DELREF_P(alfi.obj); } diff --git a/ext/standard/incomplete_class.c b/ext/standard/incomplete_class.c index d8aa461b05..3cbe70479d 100644 --- a/ext/standard/incomplete_class.c +++ b/ext/standard/incomplete_class.c @@ -41,10 +41,10 @@ static void incomplete_class_message(zval *object, int error_type TSRMLS_DC) class_name = php_lookup_class_name(object); if (class_name) { - php_error_docref(NULL TSRMLS_CC, error_type, INCOMPLETE_CLASS_MSG, "unknown"); - } else { php_error_docref(NULL TSRMLS_CC, error_type, INCOMPLETE_CLASS_MSG, class_name->val); STR_RELEASE(class_name); + } else { + php_error_docref(NULL TSRMLS_CC, error_type, INCOMPLETE_CLASS_MSG, "unknown"); } } /* }}} */ diff --git a/ext/standard/var.c b/ext/standard/var.c index fa67905f12..a074ea2c12 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -810,6 +810,7 @@ static void php_var_serialize_intern(smart_str *buf, zval *struc, HashTable *var BG(serialize_lock)++; res = call_user_function_ex(CG(function_table), struc, &fname, &retval, 0, 0, 1, NULL TSRMLS_CC); BG(serialize_lock)--; + zval_dtor(&fname); if (EG(exception)) { zval_ptr_dtor(&retval); @@ -830,9 +831,9 @@ static void php_var_serialize_intern(smart_str *buf, zval *struc, HashTable *var } return; } + zval_ptr_dtor(&retval); } - zval_ptr_dtor(&retval); /* fall-through */ } case IS_ARRAY: { diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 8d640f7fc8..90502dc1f1 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -306,7 +306,6 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) { zval_dtor(&key); - zval_dtor(&data); return 0; } @@ -409,10 +408,10 @@ static inline int object_common2(UNSERIALIZE_PARAMETER, long elements) BG(serialize_lock)++; call_user_function_ex(CG(function_table), rval, &fname, &retval, 0, 0, 1, NULL TSRMLS_CC); BG(serialize_lock)--; + zval_dtor(&fname); + zval_dtor(&retval); } - zval_ptr_dtor(&retval); - if (EG(exception)) { return 0; } @@ -445,7 +444,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) -#line 449 "ext/standard/var_unserializer.c" +#line 448 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -507,7 +506,7 @@ yy2: yy3: #line 785 "ext/standard/var_unserializer.re" { return 0; } -#line 511 "ext/standard/var_unserializer.c" +#line 510 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; @@ -556,7 +555,7 @@ yy14: php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 560 "ext/standard/var_unserializer.c" +#line 559 "ext/standard/var_unserializer.c" yy16: yych = *++YYCURSOR; goto yy3; @@ -586,7 +585,7 @@ yy20: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 641 "ext/standard/var_unserializer.re" +#line 640 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; long elements; @@ -663,12 +662,13 @@ yy20: /* Call unserialize callback */ ZVAL_STRING(&user_func, PG(unserialize_callback_func)); - ZVAL_STR(&args[0], class_name); + + ZVAL_STR(&args[0], STR_COPY(class_name)); BG(serialize_lock)++; if (call_user_function_ex(CG(function_table), NULL, &user_func, &retval, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) { BG(serialize_lock)--; if (EG(exception)) { - STR_FREE(class_name); + STR_RELEASE(class_name); zval_ptr_dtor(&user_func); zval_ptr_dtor(&args[0]); return 0; @@ -683,7 +683,7 @@ yy20: BG(serialize_lock)--; zval_ptr_dtor(&retval); if (EG(exception)) { - STR_FREE(class_name); + STR_RELEASE(class_name); zval_ptr_dtor(&user_func); zval_ptr_dtor(&args[0]); return 0; @@ -711,7 +711,7 @@ yy20: if (ret && incomplete_class) { php_store_class_name(rval, class_name->val, len2); } - STR_FREE(class_name); + STR_RELEASE(class_name); return ret; } @@ -720,7 +720,7 @@ yy20: if (incomplete_class) { php_store_class_name(rval, class_name->val, len2); } - STR_FREE(class_name); + STR_RELEASE(class_name); return object_common2(UNSERIALIZE_PASSTHRU, elements); } @@ -749,7 +749,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 633 "ext/standard/var_unserializer.re" +#line 632 "ext/standard/var_unserializer.re" { //??? INIT_PZVAL(rval); @@ -778,7 +778,7 @@ yy34: yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; -#line 615 "ext/standard/var_unserializer.re" +#line 614 "ext/standard/var_unserializer.re" { long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -817,7 +817,7 @@ yy41: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 586 "ext/standard/var_unserializer.re" +#line 585 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -867,7 +867,7 @@ yy48: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 559 "ext/standard/var_unserializer.re" +#line 558 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -982,7 +982,7 @@ yy61: } yy63: ++YYCURSOR; -#line 550 "ext/standard/var_unserializer.re" +#line 549 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 use_double: @@ -1050,7 +1050,7 @@ yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 534 "ext/standard/var_unserializer.re" +#line 533 "ext/standard/var_unserializer.re" { *p = YYCURSOR; @@ -1093,7 +1093,7 @@ yy79: if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; -#line 508 "ext/standard/var_unserializer.re" +#line 507 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 int digits = YYCURSOR - start - 3; @@ -1127,7 +1127,7 @@ yy83: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 502 "ext/standard/var_unserializer.re" +#line 501 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_BOOL(rval, parse_iv(start + 2)); @@ -1136,7 +1136,7 @@ yy83: #line 1137 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; -#line 496 "ext/standard/var_unserializer.re" +#line 495 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_NULL(rval); @@ -1165,7 +1165,7 @@ yy91: if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; -#line 473 "ext/standard/var_unserializer.re" +#line 472 "ext/standard/var_unserializer.re" { long id; @@ -1211,7 +1211,7 @@ yy97: if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; -#line 453 "ext/standard/var_unserializer.re" +#line 452 "ext/standard/var_unserializer.re" { long id; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index c22f5c0c69..6e644905dc 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -310,7 +310,6 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) { zval_dtor(&key); - zval_dtor(&data); return 0; } @@ -413,10 +412,10 @@ static inline int object_common2(UNSERIALIZE_PARAMETER, long elements) BG(serialize_lock)++; call_user_function_ex(CG(function_table), rval, &fname, &retval, 0, 0, 1, NULL TSRMLS_CC); BG(serialize_lock)--; + zval_dtor(&fname); + zval_dtor(&retval); } - zval_ptr_dtor(&retval); - if (EG(exception)) { return 0; } @@ -714,12 +713,13 @@ object ":" uiv ":" ["] { /* Call unserialize callback */ ZVAL_STRING(&user_func, PG(unserialize_callback_func)); - ZVAL_STR(&args[0], class_name); + + ZVAL_STR(&args[0], STR_COPY(class_name)); BG(serialize_lock)++; if (call_user_function_ex(CG(function_table), NULL, &user_func, &retval, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) { BG(serialize_lock)--; if (EG(exception)) { - STR_FREE(class_name); + STR_RELEASE(class_name); zval_ptr_dtor(&user_func); zval_ptr_dtor(&args[0]); return 0; @@ -734,7 +734,7 @@ object ":" uiv ":" ["] { BG(serialize_lock)--; zval_ptr_dtor(&retval); if (EG(exception)) { - STR_FREE(class_name); + STR_RELEASE(class_name); zval_ptr_dtor(&user_func); zval_ptr_dtor(&args[0]); return 0; @@ -762,7 +762,7 @@ object ":" uiv ":" ["] { if (ret && incomplete_class) { php_store_class_name(rval, class_name->val, len2); } - STR_FREE(class_name); + STR_RELEASE(class_name); return ret; } @@ -771,7 +771,7 @@ object ":" uiv ":" ["] { if (incomplete_class) { php_store_class_name(rval, class_name->val, len2); } - STR_FREE(class_name); + STR_RELEASE(class_name); return object_common2(UNSERIALIZE_PASSTHRU, elements); } |