Merge branch 'PHP-5.5'

dstogov · dstogov · commit ec173433dac5 · 2013-08-29T11:57:19.000+04:00
* PHP-5.5:
  Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var)

Conflicts:
	NEWS
diff --git a/ext/opcache/Optimizer/pass1_5.c b/ext/opcache/Optimizer/pass1_5.c
@@ -458,6 +458,7 @@ if (ZEND_OPTIMIZER_PASS_1 & OPTIMIZATION_LEVEL) {
 			    int var = opline->result.var;
 			    int level = 0;
 				zend_op *op = opline + 1;
+				zend_op *use = NULL;
 
 				while (op < end) {
 					if (op->opcode == ZEND_BEGIN_SILENCE) {
@@ -470,21 +471,36 @@ if (ZEND_OPTIMIZER_PASS_1 & OPTIMIZATION_LEVEL) {
 						}
 					}
 					if (op->op1_type == IS_VAR && op->op1.var == var) {
-						op->op1_type = IS_CV;
-						op->op1.var = zend_optimizer_lookup_cv(op_array,
+						if (use) {
+							/* used more than once */
+							use = NULL;
+							break;
+						}
+						use = op;
+					} else if (op->op2_type == IS_VAR && op->op2.var == var) {
+						if (use) {
+							/* used more than once */
+							use = NULL;
+							break;
+						}
+						use = op;
+					}
+					op++;
+				}
+				if (use) {
+					if (use->op1_type == IS_VAR && use->op1.var == var) {
+						use->op1_type = IS_CV;
+						use->op1.var = zend_optimizer_lookup_cv(op_array,
 							Z_STRVAL(ZEND_OP1_LITERAL(opline)),
 							Z_STRLEN(ZEND_OP1_LITERAL(opline)));
 						MAKE_NOP(opline);
-						break;
-					} else if (op->op2_type == IS_VAR && op->op2.var == var) {
-						op->op2_type = IS_CV;
-						op->op2.var = zend_optimizer_lookup_cv(op_array,
+					} else if (use->op2_type == IS_VAR && use->op2.var == var) {
+						use->op2_type = IS_CV;
+						use->op2.var = zend_optimizer_lookup_cv(op_array,
 							Z_STRVAL(ZEND_OP1_LITERAL(opline)),
 							Z_STRLEN(ZEND_OP1_LITERAL(opline)));
 						MAKE_NOP(opline);
-						break;
 					}
-					op++;
 				}
 			}
 			break;
diff --git a/ext/opcache/tests/bug65510.phpt b/ext/opcache/tests/bug65510.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var)
+--INI--
+allow_url_include=1
+opcache.enable=1
+opcache.enable_cli=1
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+function parseQuery() {
+    $m = array("l", "a", "r", "u", "e", "n", "c", "e");
+    foreach($m as $n) {
+        @list($a, $b) = $n;
+    }
+}
+parseQuery();
+echo "ok\n";
+--EXPECT--
+ok
