Patch bug65372.patch for Reproducible crash Bug #65372
Patch version 2013-08-02 01:59 UTC
Return to Bug #65372 |
Download this patch
Patch Revisions:
Developer: laruence@php.net
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 7346078..83e40b5 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2910,9 +2910,11 @@ ZEND_VM_HANDLER(111, ZEND_RETURN_BY_REF, CONST|TMP|VAR|CV, ANY)
} else if (EX_T(opline->op1.var).var.ptr_ptr == &EX_T(opline->op1.var).var.ptr) {
zend_error(E_NOTICE, "Only variable references should be returned by reference");
if (EG(return_value_ptr_ptr)) {
- retval_ptr = *retval_ptr_ptr;
- *EG(return_value_ptr_ptr) = retval_ptr;
- Z_ADDREF_P(retval_ptr);
+ zval *ret;
+
+ ALLOC_ZVAL(ret);
+ INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+ *EG(return_value_ptr_ptr) = ret;
}
break;
}
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 6e466e4..339e34b 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2324,9 +2324,11 @@ static int ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CONST_HANDLER(ZEND_OPCODE_HAND
} else if (EX_T(opline->op1.var).var.ptr_ptr == &EX_T(opline->op1.var).var.ptr) {
zend_error(E_NOTICE, "Only variable references should be returned by reference");
if (EG(return_value_ptr_ptr)) {
- retval_ptr = *retval_ptr_ptr;
- *EG(return_value_ptr_ptr) = retval_ptr;
- Z_ADDREF_P(retval_ptr);
+ zval *ret;
+
+ ALLOC_ZVAL(ret);
+ INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+ *EG(return_value_ptr_ptr) = ret;
}
break;
}
@@ -6743,9 +6745,11 @@ static int ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLE
} else if (EX_T(opline->op1.var).var.ptr_ptr == &EX_T(opline->op1.var).var.ptr) {
zend_error(E_NOTICE, "Only variable references should be returned by reference");
if (EG(return_value_ptr_ptr)) {
- retval_ptr = *retval_ptr_ptr;
- *EG(return_value_ptr_ptr) = retval_ptr;
- Z_ADDREF_P(retval_ptr);
+ zval *ret;
+
+ ALLOC_ZVAL(ret);
+ INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+ *EG(return_value_ptr_ptr) = ret;
}
break;
}
@@ -11055,9 +11059,11 @@ static int ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLE
} else if (EX_T(opline->op1.var).var.ptr_ptr == &EX_T(opline->op1.var).var.ptr) {
zend_error(E_NOTICE, "Only variable references should be returned by reference");
if (EG(return_value_ptr_ptr)) {
- retval_ptr = *retval_ptr_ptr;
- *EG(return_value_ptr_ptr) = retval_ptr;
- Z_ADDREF_P(retval_ptr);
+ zval *ret;
+
+ ALLOC_ZVAL(ret);
+ INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+ *EG(return_value_ptr_ptr) = ret;
}
break;
}
@@ -27030,9 +27036,11 @@ static int ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER
} else if (EX_T(opline->op1.var).var.ptr_ptr == &EX_T(opline->op1.var).var.ptr) {
zend_error(E_NOTICE, "Only variable references should be returned by reference");
if (EG(return_value_ptr_ptr)) {
- retval_ptr = *retval_ptr_ptr;
- *EG(return_value_ptr_ptr) = retval_ptr;
- Z_ADDREF_P(retval_ptr);
+ zval *ret;
+
+ ALLOC_ZVAL(ret);
+ INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+ *EG(return_value_ptr_ptr) = ret;
}
break;
}
|