Skip to content

Commit 8e2406c

Browse files
dstogovdstogov
committed
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0: Fix memory leak
2 parents a23f3dd + a60a9b4 commit 8e2406c

File tree

5 files changed

+217
-95
lines changed

5 files changed

+217
-95
lines changed

Zend/tests/nullsafe_operator/040.phpt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
--TEST--
2+
Memory leak in JMP_NULL
3+
--FILE--
4+
<?php
5+
function &returns_ref($unused) {
6+
global $foo;
7+
return $foo;
8+
}
9+
10+
function &returns_ref2() {
11+
return returns_ref(returns_ref(null)?->null);
12+
}
13+
14+
$foo2 = &returns_ref2();
15+
$foo2 = 'foo';
16+
var_dump($foo);
17+
?>
18+
--EXPECT--
19+
string(3) "foo"

Zend/zend_vm_def.h

Lines changed: 29 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -7513,39 +7513,44 @@ ZEND_VM_COLD_CONST_HANDLER(169, ZEND_COALESCE, CONST|TMP|VAR|CV, JMP_ADDR)
75137513
ZEND_VM_NEXT_OPCODE();
75147514
}
75157515

7516-
ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMPVARCV, JMP_ADDR)
7516+
ZEND_VM_HOT_NOCONST_HANDLER(198, ZEND_JMP_NULL, CONST|TMP|VAR|CV, JMP_ADDR)
75177517
{
75187518
USE_OPLINE
7519-
zval *val;
7519+
zval *val, *result;
75207520

75217521
val = GET_OP1_ZVAL_PTR_UNDEF(BP_VAR_R);
7522-
if (OP1_TYPE != IS_CONST) {
7523-
ZVAL_DEREF(val);
7524-
}
7525-
7526-
if (Z_TYPE_INFO_P(val) > IS_NULL) {
7527-
ZEND_VM_NEXT_OPCODE();
7528-
} else {
7529-
zval *result = EX_VAR(opline->result.var);
75307522

7531-
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
7532-
ZVAL_NULL(result);
7533-
if (UNEXPECTED(Z_TYPE_INFO_P(val) == IS_UNDEF)) {
7534-
SAVE_OPLINE();
7535-
ZVAL_UNDEFINED_OP1();
7536-
if (UNEXPECTED(EG(exception) != NULL)) {
7537-
HANDLE_EXCEPTION();
7523+
if (Z_TYPE_P(val) > IS_NULL) {
7524+
do {
7525+
if ((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) && Z_TYPE_P(val) == IS_REFERENCE) {
7526+
val = Z_REFVAL_P(val);
7527+
if (Z_TYPE_P(val) <= IS_NULL) {
7528+
FREE_OP1();
7529+
break;
75387530
}
75397531
}
7540-
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
7541-
ZVAL_FALSE(result);
7542-
} else {
7543-
ZEND_ASSERT(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EMPTY);
7544-
ZVAL_TRUE(result);
7545-
}
7532+
ZEND_VM_NEXT_OPCODE();
7533+
} while (0);
7534+
}
75467535

7547-
ZEND_VM_JMP_EX(OP_JMP_ADDR(opline, opline->op2), 0);
7536+
result = EX_VAR(opline->result.var);
7537+
if (EXPECTED(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EXPR)) {
7538+
ZVAL_NULL(result);
7539+
if (OP1_TYPE == IS_CV && UNEXPECTED(Z_TYPE_P(val) == IS_UNDEF)) {
7540+
SAVE_OPLINE();
7541+
ZVAL_UNDEFINED_OP1();
7542+
if (UNEXPECTED(EG(exception) != NULL)) {
7543+
HANDLE_EXCEPTION();
7544+
}
7545+
}
7546+
} else if (opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_ISSET) {
7547+
ZVAL_FALSE(result);
7548+
} else {
7549+
ZEND_ASSERT(opline->extended_value == ZEND_SHORT_CIRCUITING_CHAIN_EMPTY);
7550+
ZVAL_TRUE(result);
75487551
}
7552+
7553+
ZEND_VM_JMP_EX(OP_JMP_ADDR(opline, opline->op2), 0);
75497554
}
75507555

75517556
ZEND_VM_HOT_HANDLER(31, ZEND_QM_ASSIGN, CONST|TMP|VAR|CV, ANY)

0 commit comments

Comments
 (0)