php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #61011
Patch bug61011.phpt revision 2012-02-11 03:14 UTC by laruence@php.net
revision 2012-02-08 16:05 UTC by laruence@php.net
Patch bug61011.patch revision 2012-02-11 03:13 UTC by laruence@php.net
revision 2012-02-08 16:05 UTC by laruence@php.net

Patch bug61011.patch for Reproducible crash Bug #61011

Patch version 2012-02-11 03:13 UTC

Return to Bug #61011 | Download this patch
This patch renders other patches obsolete

Obsolete patches:

Patch Revisions:

Developer: laruence@php.net

Index: Zend/zend_vm_def.h
===================================================================
--- Zend/zend_vm_def.h	(revision 323122)
+++ Zend/zend_vm_def.h	(working copy)
@@ -1039,6 +1039,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (OP1_TYPE != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+					FREE_OP1();
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -2234,7 +2242,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -2414,7 +2423,8 @@
 			if (Z_TYPE_PP(obj) == IS_STRING) {
 				ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				EX(called_scope) = ce;
 				EX(object) = NULL;
@@ -2964,6 +2974,7 @@
 		catch_ce = CACHED_PTR(opline->op1.literal->cache_slot);
 	} else {
 		catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC);
+		
 		CACHE_PTR(opline->op1.literal->cache_slot, catch_ce);
 	}
 	ce = Z_OBJCE_P(EG(exception));
@@ -3492,7 +3503,8 @@
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				CACHE_PTR(opline->op1.literal->cache_slot, ce);
 			}
@@ -3879,6 +3891,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (OP1_TYPE != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+					FREE_OP1();
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -4368,6 +4390,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
Index: Zend/zend_vm_execute.h
===================================================================
--- Zend/zend_vm_execute.h	(revision 323122)
+++ Zend/zend_vm_execute.h	(working copy)
@@ -1267,7 +1267,8 @@
 			if (Z_TYPE_PP(obj) == IS_STRING) {
 				ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				EX(called_scope) = ce;
 				EX(object) = NULL;
@@ -1568,7 +1569,8 @@
 			if (Z_TYPE_PP(obj) == IS_STRING) {
 				ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				EX(called_scope) = ce;
 				EX(object) = NULL;
@@ -1731,7 +1733,8 @@
 			if (Z_TYPE_PP(obj) == IS_STRING) {
 				ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				EX(called_scope) = ce;
 				EX(object) = NULL;
@@ -1927,7 +1930,8 @@
 			if (Z_TYPE_PP(obj) == IS_STRING) {
 				ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				EX(called_scope) = ce;
 				EX(object) = NULL;
@@ -3236,6 +3240,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CONST != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -3402,7 +3414,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -3570,7 +3583,8 @@
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				CACHE_PTR(opline->op1.literal->cache_slot, ce);
 			}
@@ -3752,6 +3766,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CONST != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -3816,6 +3840,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -4188,7 +4216,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -4711,6 +4740,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CONST != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -4853,7 +4890,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -5113,6 +5151,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CONST != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -5177,6 +5225,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -5247,6 +5299,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CONST != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -5389,7 +5449,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -5631,6 +5692,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CONST != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -5695,6 +5766,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -6045,7 +6120,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -6161,6 +6237,7 @@
 		catch_ce = CACHED_PTR(opline->op1.literal->cache_slot);
 	} else {
 		catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC);
+
 		CACHE_PTR(opline->op1.literal->cache_slot, catch_ce);
 	}
 	ce = Z_OBJCE_P(EG(exception));
@@ -7629,6 +7706,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+					zval_dtor(free_op1.var);
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -8055,6 +8140,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_TMP_VAR != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+					zval_dtor(free_op1.var);
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -8119,6 +8214,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -8975,6 +9074,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+					zval_dtor(free_op1.var);
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -9378,6 +9485,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_TMP_VAR != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+					zval_dtor(free_op1.var);
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -9442,6 +9559,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -9512,6 +9633,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+					zval_dtor(free_op1.var);
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -9781,6 +9910,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_TMP_VAR != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+					zval_dtor(free_op1.var);
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -9845,6 +9984,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -12568,6 +12711,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_VAR != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+					if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -13358,7 +13509,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -13526,7 +13678,8 @@
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				CACHE_PTR(opline->op1.literal->cache_slot, ce);
 			}
@@ -13708,6 +13861,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_VAR != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+					if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -13912,6 +14075,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -15511,7 +15678,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -16791,6 +16959,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_VAR != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+					if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -17638,7 +17814,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -17898,6 +18075,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_VAR != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+					if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -18102,6 +18289,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -18582,6 +18773,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_VAR != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+					if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -18890,7 +19089,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -19132,6 +19332,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_VAR != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+					if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -19196,6 +19406,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -20712,7 +20926,8 @@
 		} else {
 			ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 			if (UNEXPECTED(ce == NULL)) {
-				zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv));
+				CHECK_EXCEPTION();
+				ZEND_VM_NEXT_OPCODE();
 			}
 			CACHE_PTR(opline->op1.literal->cache_slot, ce);
 		}
@@ -22212,7 +22427,8 @@
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC);
 				if (UNEXPECTED(ce == NULL)) {
-					zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv));
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
 				}
 				CACHE_PTR(opline->op1.literal->cache_slot, ce);
 			}
@@ -28292,6 +28508,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CV != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -29218,6 +29442,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CV != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_CV == IS_VAR || IS_CV == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -29420,6 +29654,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -32168,6 +32406,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CV != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -33151,6 +33397,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CV != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_CV == IS_VAR || IS_CV == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -33353,6 +33609,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
@@ -33830,6 +34090,14 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CV != IS_CONST && varname == &tmp_varname) {
+						zval_dtor(&tmp_varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -34264,6 +34532,16 @@
 				ce = CACHED_PTR(opline->op2.literal->cache_slot);
 			} else {
 				ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+				if (UNEXPECTED(ce == NULL)) {
+					if (IS_CV != IS_CONST && varname == &tmp) {
+						zval_dtor(&tmp);
+					} else if (IS_CV == IS_VAR || IS_CV == IS_CV) {
+						zval_ptr_dtor(&varname);
+					}
+
+					CHECK_EXCEPTION();
+					ZEND_VM_NEXT_OPCODE();
+				}
 				CACHE_PTR(opline->op2.literal->cache_slot, ce);
 			}
 		} else {
@@ -34328,6 +34606,10 @@
 					ce = CACHED_PTR(opline->op2.literal->cache_slot);
 				} else {
 					ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC);
+					if (UNEXPECTED(ce == NULL)) {
+						CHECK_EXCEPTION();
+						ZEND_VM_NEXT_OPCODE();
+					}
 					CACHE_PTR(opline->op2.literal->cache_slot, ce);
 				}
 			} else {
Index: main/rfc1867.c
===================================================================
--- main/rfc1867.c	(revision 323122)
+++ main/rfc1867.c	(working copy)
@@ -691,6 +691,7 @@
 	php_rfc1867_getword_t getword;
 	php_rfc1867_getword_conf_t getword_conf;
 	php_rfc1867_basename_t _basename;
+	long count = 0;
 
 	if (php_rfc1867_encoding_translation(TSRMLS_C) && internal_encoding) {
 		getword = php_rfc1867_getword;
@@ -861,7 +862,7 @@
 					}
 				}
 
-				if (sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) {
+				if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) {
 					if (php_rfc1867_callback != NULL) {
 						multipart_event_formdata event_formdata;
 						size_t newlength = new_val_len;
@@ -879,15 +880,21 @@
 						new_val_len = newlength;
 					}
 					safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC);
-				} else if (php_rfc1867_callback != NULL) {
-					multipart_event_formdata event_formdata;
+				} else {
+					if (count == PG(max_input_vars) + 1) {
+						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+					}
+				
+					if (php_rfc1867_callback != NULL) {
+						multipart_event_formdata event_formdata;
 
-					event_formdata.post_bytes_processed = SG(read_post_bytes);
-					event_formdata.name = param;
-					event_formdata.value = &value;
-					event_formdata.length = value_len;
-					event_formdata.newlength = NULL;
-					php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC);
+						event_formdata.post_bytes_processed = SG(read_post_bytes);
+						event_formdata.name = param;
+						event_formdata.value = &value;
+						event_formdata.length = value_len;
+						event_formdata.newlength = NULL;
+						php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC);
+					}
 				}
 
 				if (!strcasecmp(param, "MAX_FILE_SIZE")) {
Index: main/php_variables.c
===================================================================
--- main/php_variables.c	(revision 323123)
+++ main/php_variables.c	(working copy)
@@ -183,18 +183,9 @@
 			} else {
 				if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE
 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
-					if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
-						if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
-							php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-						}
-						MAKE_STD_ZVAL(gpc_element);
-						array_init(gpc_element);
-						zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-					} else {
-						zval_dtor(val);
-						free_alloca(var_orig, use_heap);
-						return;
-					}
+					MAKE_STD_ZVAL(gpc_element);
+					array_init(gpc_element);
+					zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 				}
 			}
 			symtable1 = Z_ARRVAL_PP(gpc_element_p);
@@ -231,14 +222,7 @@
 				zend_symtable_exists(symtable1, index, index_len + 1)) {
 				zval_ptr_dtor(&gpc_element);
 			} else {
-				if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
-					if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
-						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-					}
-					zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-				} else {
-					zval_ptr_dtor(&gpc_element);
-				}
+				zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 			}
 		}
 	}
@@ -249,6 +233,7 @@
 {
 	char *var, *val, *e, *s, *p;
 	zval *array_ptr = (zval *) arg;
+	long count = 0;
 
 	if (SG(request_info).post_data == NULL) {
 		return;
@@ -262,6 +247,10 @@
 		if ((val = memchr(s, '=', (p - s)))) { /* have a value */
 			unsigned int val_len, new_val_len;
 
+			if (++count > PG(max_input_vars)) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+				return;
+			}
 			var = s;
 
 			php_url_decode(var, (val - s));
@@ -295,6 +284,7 @@
 	zval *array_ptr;
 	int free_buffer = 0;
 	char *strtok_buf = NULL;
+	long count = 0;
 	
 	switch (arg) {
 		case PARSE_POST:
@@ -384,6 +374,11 @@
 			}
 		}
 
+		if (++count > PG(max_input_vars)) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+			break;
+		}
+
 		if (val) { /* have a value */
 			int val_len;
 			unsigned int new_val_len;
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC