|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patch bug61011.patch for Reproducible crash Bug #61011Patch version 2012-02-11 03:13 UTC Return to Bug #61011 | Download this patchThis patch renders other patches obsolete Obsolete patches: Patch Revisions:Developer: laruence@php.net
Index: Zend/zend_vm_def.h
===================================================================
--- Zend/zend_vm_def.h (revision 323122)
+++ Zend/zend_vm_def.h (working copy)
@@ -1039,6 +1039,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (OP1_TYPE != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+ FREE_OP1();
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -2234,7 +2242,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -2414,7 +2423,8 @@
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
EX(called_scope) = ce;
EX(object) = NULL;
@@ -2964,6 +2974,7 @@
catch_ce = CACHED_PTR(opline->op1.literal->cache_slot);
} else {
catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC);
+
CACHE_PTR(opline->op1.literal->cache_slot, catch_ce);
}
ce = Z_OBJCE_P(EG(exception));
@@ -3492,7 +3503,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -3879,6 +3891,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (OP1_TYPE != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+ FREE_OP1();
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -4368,6 +4390,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
Index: Zend/zend_vm_execute.h
===================================================================
--- Zend/zend_vm_execute.h (revision 323122)
+++ Zend/zend_vm_execute.h (working copy)
@@ -1267,7 +1267,8 @@
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
EX(called_scope) = ce;
EX(object) = NULL;
@@ -1568,7 +1569,8 @@
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
EX(called_scope) = ce;
EX(object) = NULL;
@@ -1731,7 +1733,8 @@
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
EX(called_scope) = ce;
EX(object) = NULL;
@@ -1927,7 +1930,8 @@
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
EX(called_scope) = ce;
EX(object) = NULL;
@@ -3236,6 +3240,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CONST != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -3402,7 +3414,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -3570,7 +3583,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -3752,6 +3766,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CONST != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -3816,6 +3840,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -4188,7 +4216,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -4711,6 +4740,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CONST != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -4853,7 +4890,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -5113,6 +5151,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CONST != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -5177,6 +5225,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -5247,6 +5299,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CONST != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -5389,7 +5449,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -5631,6 +5692,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CONST != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -5695,6 +5766,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -6045,7 +6120,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -6161,6 +6237,7 @@
catch_ce = CACHED_PTR(opline->op1.literal->cache_slot);
} else {
catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC);
+
CACHE_PTR(opline->op1.literal->cache_slot, catch_ce);
}
ce = Z_OBJCE_P(EG(exception));
@@ -7629,6 +7706,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+ zval_dtor(free_op1.var);
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -8055,6 +8140,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_TMP_VAR != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+ zval_dtor(free_op1.var);
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -8119,6 +8214,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -8975,6 +9074,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+ zval_dtor(free_op1.var);
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -9378,6 +9485,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_TMP_VAR != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+ zval_dtor(free_op1.var);
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -9442,6 +9559,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -9512,6 +9633,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+ zval_dtor(free_op1.var);
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -9781,6 +9910,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_TMP_VAR != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+ zval_dtor(free_op1.var);
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -9845,6 +9984,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -12568,6 +12711,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_VAR != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+ if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -13358,7 +13509,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -13526,7 +13678,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -13708,6 +13861,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_VAR != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+ if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -13912,6 +14075,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -15511,7 +15678,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -16791,6 +16959,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_VAR != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+ if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -17638,7 +17814,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -17898,6 +18075,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_VAR != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+ if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -18102,6 +18289,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -18582,6 +18773,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_VAR != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+ if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -18890,7 +19089,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -19132,6 +19332,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_VAR != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+ if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -19196,6 +19406,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -20712,7 +20926,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -22212,7 +22427,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline->op1.literal->cache_slot, ce);
}
@@ -28292,6 +28508,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CV != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -29218,6 +29442,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CV != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_CV == IS_VAR || IS_CV == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -29420,6 +29654,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -32168,6 +32406,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CV != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -33151,6 +33397,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CV != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_CV == IS_VAR || IS_CV == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -33353,6 +33609,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -33830,6 +34090,14 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CV != IS_CONST && varname == &tmp_varname) {
+ zval_dtor(&tmp_varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -34264,6 +34532,16 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ if (IS_CV != IS_CONST && varname == &tmp) {
+ zval_dtor(&tmp);
+ } else if (IS_CV == IS_VAR || IS_CV == IS_CV) {
+ zval_ptr_dtor(&varname);
+ }
+
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
@@ -34328,6 +34606,10 @@
ce = CACHED_PTR(opline->op2.literal->cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+ if (UNEXPECTED(ce == NULL)) {
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+ }
CACHE_PTR(opline->op2.literal->cache_slot, ce);
}
} else {
Index: main/rfc1867.c
===================================================================
--- main/rfc1867.c (revision 323122)
+++ main/rfc1867.c (working copy)
@@ -691,6 +691,7 @@
php_rfc1867_getword_t getword;
php_rfc1867_getword_conf_t getword_conf;
php_rfc1867_basename_t _basename;
+ long count = 0;
if (php_rfc1867_encoding_translation(TSRMLS_C) && internal_encoding) {
getword = php_rfc1867_getword;
@@ -861,7 +862,7 @@
}
}
- if (sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) {
+ if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) {
if (php_rfc1867_callback != NULL) {
multipart_event_formdata event_formdata;
size_t newlength = new_val_len;
@@ -879,15 +880,21 @@
new_val_len = newlength;
}
safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC);
- } else if (php_rfc1867_callback != NULL) {
- multipart_event_formdata event_formdata;
+ } else {
+ if (count == PG(max_input_vars) + 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+ }
+
+ if (php_rfc1867_callback != NULL) {
+ multipart_event_formdata event_formdata;
- event_formdata.post_bytes_processed = SG(read_post_bytes);
- event_formdata.name = param;
- event_formdata.value = &value;
- event_formdata.length = value_len;
- event_formdata.newlength = NULL;
- php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC);
+ event_formdata.post_bytes_processed = SG(read_post_bytes);
+ event_formdata.name = param;
+ event_formdata.value = &value;
+ event_formdata.length = value_len;
+ event_formdata.newlength = NULL;
+ php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC);
+ }
}
if (!strcasecmp(param, "MAX_FILE_SIZE")) {
Index: main/php_variables.c
===================================================================
--- main/php_variables.c (revision 323123)
+++ main/php_variables.c (working copy)
@@ -183,18 +183,9 @@
} else {
if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
- if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
- if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
- }
- MAKE_STD_ZVAL(gpc_element);
- array_init(gpc_element);
- zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
- } else {
- zval_dtor(val);
- free_alloca(var_orig, use_heap);
- return;
- }
+ MAKE_STD_ZVAL(gpc_element);
+ array_init(gpc_element);
+ zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
}
}
symtable1 = Z_ARRVAL_PP(gpc_element_p);
@@ -231,14 +222,7 @@
zend_symtable_exists(symtable1, index, index_len + 1)) {
zval_ptr_dtor(&gpc_element);
} else {
- if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
- if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
- }
- zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
- } else {
- zval_ptr_dtor(&gpc_element);
- }
+ zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
}
}
}
@@ -249,6 +233,7 @@
{
char *var, *val, *e, *s, *p;
zval *array_ptr = (zval *) arg;
+ long count = 0;
if (SG(request_info).post_data == NULL) {
return;
@@ -262,6 +247,10 @@
if ((val = memchr(s, '=', (p - s)))) { /* have a value */
unsigned int val_len, new_val_len;
+ if (++count > PG(max_input_vars)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+ return;
+ }
var = s;
php_url_decode(var, (val - s));
@@ -295,6 +284,7 @@
zval *array_ptr;
int free_buffer = 0;
char *strtok_buf = NULL;
+ long count = 0;
switch (arg) {
case PARSE_POST:
@@ -384,6 +374,11 @@
}
}
+ if (++count > PG(max_input_vars)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+ break;
+ }
+
if (val) { /* have a value */
int val_len;
unsigned int new_val_len;
|
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 09:00:01 2025 UTC |