Skip to content

Commit 3c53732

Browse files
nikicnikic
committed
Fix undef var exception handling in JMP_NULL
We need to initialize the result variable in the exceptional case as well. Fixes oss-fuzz #25526.
1 parent a009d37 commit 3c53732

File tree

3 files changed

+21
-6
lines changed

3 files changed

+21
-6
lines changed

Zend/tests/nullsafe_operator/039.phpt

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
--TEST--
2+
Handling of undef variable exception in JMP_NULL
3+
--FILE--
4+
<?php
5+
6+
set_error_handler(function($_, $m) {
7+
throw new Exception($m);
8+
});
9+
10+
try {
11+
$foo?->foo;
12+
} catch (Exception $e) {
13+
echo $e->getMessage(), "\n";
14+
}
15+
16+
?>
17+
--EXPECT--
18+
Undefined variable $foo

Zend/zend_vm_def.h

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7376,15 +7376,14 @@ ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMPVARCV, JMP_ADDR)
73767376
zval *result = EX_VAR(opline->result.var);
73777377

73787378
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
7379+
ZVAL_NULL(result);
73797380
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
73807381
SAVE_OPLINE();
73817382
ZVAL_UNDEFINED_OP1();
73827383
if (UNEXPECTED(EG(exception) != NULL)) {
73837384
HANDLE_EXCEPTION();
73847385
}
73857386
}
7386-
7387-
ZVAL_NULL(result);
73887387
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
73897388
ZVAL_FALSE(result);
73907389
} else {

Zend/zend_vm_execute.h

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5279,15 +5279,14 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_CON
52795279
zval *result = EX_VAR(opline->result.var);
52805280

52815281
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
5282+
ZVAL_NULL(result);
52825283
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
52835284
SAVE_OPLINE();
52845285
ZVAL_UNDEFINED_OP1();
52855286
if (UNEXPECTED(EG(exception) != NULL)) {
52865287
HANDLE_EXCEPTION();
52875288
}
52885289
}
5289-
5290-
ZVAL_NULL(result);
52915290
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
52925291
ZVAL_FALSE(result);
52935292
} else {
@@ -12047,15 +12046,14 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_JMP_NULL_SPEC_TMPV
1204712046
zval *result = EX_VAR(opline->result.var);
1204812047

1204912048
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
12049+
ZVAL_NULL(result);
1205012050
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
1205112051
SAVE_OPLINE();
1205212052
ZVAL_UNDEFINED_OP1();
1205312053
if (UNEXPECTED(EG(exception) != NULL)) {
1205412054
HANDLE_EXCEPTION();
1205512055
}
1205612056
}
12057-
12058-
ZVAL_NULL(result);
1205912057
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
1206012058
ZVAL_FALSE(result);
1206112059
} else {

0 commit comments

Comments
 (0)