Skip to content

Commit 233b659

Browse files
dstogovdstogov
committed
Merge branch 'PHP-8.1'
* PHP-8.1: Fix memory leak
2 parents 2f52956 + 8e2406c commit 233b659

File tree

5 files changed

+217
-95
lines changed

5 files changed

+217
-95
lines changed

Zend/tests/nullsafe_operator/040.phpt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
--TEST--
2+
Memory leak in JMP_NULL
3+
--FILE--
4+
<?php
5+
function &returns_ref($unused) {
6+
global $foo;
7+
return $foo;
8+
}
9+
10+
function &returns_ref2() {
11+
return returns_ref(returns_ref(null)?->null);
12+
}
13+
14+
$foo2 = &returns_ref2();
15+
$foo2 = 'foo';
16+
var_dump($foo);
17+
?>
18+
--EXPECT--
19+
string(3) "foo"

Zend/zend_vm_def.h

Lines changed: 29 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -7542,39 +7542,44 @@ ZEND_VM_COLD_CONST_HANDLER(169, ZEND_COALESCE, CONST|TMP|VAR|CV, JMP_ADDR)
75427542
ZEND_VM_NEXT_OPCODE();
75437543
}
75447544

7545-
ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMPVARCV, JMP_ADDR)
7545+
ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMP|VAR|CV, JMP_ADDR)
75467546
{
75477547
USE_OPLINE
7548-
zval *val;
7548+
zval *val, *result;
75497549

75507550
val = GET_OP1_ZVAL_PTR_UNDEF(BP_VAR_R);
7551-
if (OP1_TYPE != IS_CONST) {
7552-
ZVAL_DEREF(val);
7553-
}
7554-
7555-
if (Z_TYPE_INFO_P(val) > IS_NULL) {
7556-
ZEND_VM_NEXT_OPCODE();
7557-
} else {
7558-
zval *result = EX_VAR(opline->result.var);
75597551

7560-
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
7561-
ZVAL_NULL(result);
7562-
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
7563-
SAVE_OPLINE();
7564-
ZVAL_UNDEFINED_OP1();
7565-
if (UNEXPECTED(EG(exception) != NULL)) {
7566-
HANDLE_EXCEPTION();
7552+
if (Z_TYPE_P(val) > IS_NULL) {
7553+
do {
7554+
if ((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) && Z_TYPE_P(val) == IS_REFERENCE) {
7555+
val = Z_REFVAL_P(val);
7556+
if (Z_TYPE_P(val) <= IS_NULL) {
7557+
FREE_OP1();
7558+
break;
75677559
}
75687560
}
7569-
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
7570-
ZVAL_FALSE(result);
7571-
} else {
7572-
ZEND_ASSERT(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EMPTY);
7573-
ZVAL_TRUE(result);
7574-
}
7561+
ZEND_VM_NEXT_OPCODE();
7562+
} while (0);
7563+
}
75757564

7576-
ZEND_VM_JMP_EX(OP_JMP_ADDR(opline, opline->op2), 0);
7565+
result = EX_VAR(opline->result.var);
7566+
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
7567+
ZVAL_NULL(result);
7568+
if (OP1_TYPE == IS_CV && UNEXPECTED(Z_TYPE_P(val) == IS_UNDEF)) {
7569+
SAVE_OPLINE();
7570+
ZVAL_UNDEFINED_OP1();
7571+
if (UNEXPECTED(EG(exception) != NULL)) {
7572+
HANDLE_EXCEPTION();
7573+
}
7574+
}
7575+
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
7576+
ZVAL_FALSE(result);
7577+
} else {
7578+
ZEND_ASSERT(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EMPTY);
7579+
ZVAL_TRUE(result);
75777580
}
7581+
7582+
ZEND_VM_JMP_EX(OP_JMP_ADDR(opline, opline->op2), 0);
75787583
}
75797584

75807585
ZEND_VM_HOT_HANDLER(31, ZEND_QM_ASSIGN, CONST|TMP|VAR|CV, ANY)

0 commit comments

Comments
 (0)