|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patch bug61011.patch for Reproducible crash Bug #61011Patch version 2012-02-08 16:05 UTC Return to Bug #61011 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions: 2012-02-11 03:13 UTC | 2012-02-08 16:05 UTCDeveloper: laruence@php.netLine 5 (now 5), was 911 lines, now 199 lines @@ -1039,6 +1039,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (!ce) { + FREE_OP1(); + if (OP1_TYPE != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + FREE_OP1(); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -2234,7 +2242,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -2414,7 +2423,8 @@ if (Z_TYPE_PP(obj) == IS_STRING) { ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } EX(called_scope) = ce; EX(object) = NULL; @@ -2964,6 +2974,7 @@ catch_ce = CACHED_PTR(opline->op1.literal->cache_slot); } else { catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC); + CACHE_PTR(opline->op1.literal->cache_slot, catch_ce); } ce = Z_OBJCE_P(EG(exception)); @@ -3492,7 +3503,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -3879,6 +3891,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (OP1_TYPE != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV) { + zval_ptr_dtor(&varname); + } + FREE_OP1(); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -4368,6 +4390,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { Index: Zend/zend_vm_execute.h =================================================================== --- Zend/zend_vm_execute.h (revision 323122) +++ Zend/zend_vm_execute.h (working copy) @@ -1267,7 +1267,8 @@ if (Z_TYPE_PP(obj) == IS_STRING) { ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } EX(called_scope) = ce; EX(object) = NULL; @@ -1568,7 +1569,8 @@ if (Z_TYPE_PP(obj) == IS_STRING) { ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } EX(called_scope) = ce; EX(object) = NULL; @@ -1731,7 +1733,8 @@ if (Z_TYPE_PP(obj) == IS_STRING) { ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } EX(called_scope) = ce; EX(object) = NULL; @@ -1927,7 +1930,8 @@ if (Z_TYPE_PP(obj) == IS_STRING) { ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_PP(obj)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } EX(called_scope) = ce; EX(object) = NULL; @@ -3236,6 +3240,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CONST != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -3402,7 +3414,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -3570,7 +3583,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -3752,6 +3766,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CONST != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) { + zval_ptr_dtor(&varname); + } @@ -3236,6 +3236,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (!ce) { + + if (IS_CONST != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -4711,6 +4719,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (!ce) { + + if (IS_CONST != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -5247,6 +5263,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (!ce) { + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -3816,6 +3840,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -4188,7 +4216,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -4711,6 +4740,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CONST != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -4853,7 +4890,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -5113,6 +5151,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CONST != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) { + zval_ptr_dtor(&varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -5177,6 +5225,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -5247,6 +5299,14 @@ @@ -7629,6 +7653,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CONST != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -5389,7 +5449,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -5631,6 +5692,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CONST != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_CONST == IS_VAR || IS_CONST == IS_CV) { + zval_ptr_dtor(&varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -5695,6 +5766,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -6045,7 +6120,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -6161,6 +6237,7 @@ catch_ce = CACHED_PTR(opline->op1.literal->cache_slot); } else { catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC); + CACHE_PTR(opline->op1.literal->cache_slot, catch_ce); } ce = Z_OBJCE_P(EG(exception)); @@ -7629,6 +7706,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + zval_dtor(free_op1.var); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -8055,6 +8140,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_TMP_VAR != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) { + zval_ptr_dtor(&varname); + } + zval_dtor(free_op1.var); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -8119,6 +8214,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -8975,6 +9074,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + zval_dtor(free_op1.var); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -9378,6 +9485,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_TMP_VAR != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) { + zval_ptr_dtor(&varname); + } + zval_dtor(free_op1.var); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -9442,6 +9559,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -9512,6 +9633,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (!ce) { + zval_dtor(free_op1.var); + if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -8975,6 +9007,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (!ce) { + zval_dtor(free_op1.var); + if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + zval_dtor(free_op1.var); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -9781,6 +9910,16 @@ @@ -9512,6 +9552,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_TMP_VAR != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) { + zval_ptr_dtor(&varname); + } + if (!ce) { + zval_dtor(free_op1.var); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -9845,6 +9984,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -12568,6 +12711,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -13358,7 +13509,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -13526,7 +13678,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -13708,6 +13861,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_VAR != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) { + zval_ptr_dtor(&varname); + } + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -13912,6 +14075,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -15511,7 +15678,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -16791,6 +16959,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -17638,7 +17814,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -17898,6 +18075,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_VAR != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) { + zval_ptr_dtor(&varname); + if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -18102,6 +18289,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -18582,6 +18773,14 @@ @@ -12568,6 +12616,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (!ce) { + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + if (IS_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -18890,7 +19089,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -19132,6 +19332,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { + zval_dtor(&tmp_varname); + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -16791,6 +16847,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_VAR != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_VAR == IS_VAR || IS_VAR == IS_CV) { + zval_ptr_dtor(&varname); + } + if (!ce) { + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -19196,6 +19406,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -20712,7 +20926,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL_P(opline->op1.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -22212,7 +22427,8 @@ } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, opline->extended_value TSRMLS_CC); if (UNEXPECTED(ce == NULL)) { - zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL_P(opline->op2.zv)); + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); } CACHE_PTR(opline->op1.literal->cache_slot, ce); } @@ -28292,6 +28508,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CV != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -29218,6 +29442,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CV != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_CV == IS_VAR || IS_CV == IS_CV) { + zval_ptr_dtor(&varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -29420,6 +29654,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -32168,6 +32406,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CV != IS_CONST && varname == &tmp_varname) { + if (IS_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -33151,6 +33397,16 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CV != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_CV == IS_VAR || IS_CV == IS_CV) { + zval_ptr_dtor(&varname); + } + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -33353,6 +33609,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -33830,6 +34090,14 @@ @@ -18582,6 +18646,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CV != IS_CONST && varname == &tmp_varname) { + if (!ce) { + if (free_op1.var) {zval_ptr_dtor(&free_op1.var);}; + if (IS_VAR != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -28292,6 +28364,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (!ce) { + + if (IS_CV != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -34264,6 +34532,16 @@ @@ -32168,6 +32248,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + if (IS_CV != IS_CONST && varname == &tmp) { + zval_dtor(&tmp); + } else if (IS_CV == IS_VAR || IS_CV == IS_CV) { + zval_ptr_dtor(&varname); + } + if (!ce) { + + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { @@ -34328,6 +34606,10 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (UNEXPECTED(ce == NULL)) { + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { Index: main/rfc1867.c =================================================================== --- main/rfc1867.c (revision 323122) +++ main/rfc1867.c (working copy) @@ -691,6 +691,7 @@ php_rfc1867_getword_t getword; php_rfc1867_getword_conf_t getword_conf; php_rfc1867_basename_t _basename; + long count = 0; if (php_rfc1867_encoding_translation(TSRMLS_C) && internal_encoding) { getword = php_rfc1867_getword; @@ -861,7 +862,7 @@ } } - if (sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { + if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { if (php_rfc1867_callback != NULL) { multipart_event_formdata event_formdata; size_t newlength = new_val_len; @@ -879,15 +880,21 @@ new_val_len = newlength; } safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC); - } else if (php_rfc1867_callback != NULL) { - multipart_event_formdata event_formdata; + } else { + if (count == PG(max_input_vars) + 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + } + + if (php_rfc1867_callback != NULL) { + multipart_event_formdata event_formdata; - event_formdata.post_bytes_processed = SG(read_post_bytes); - event_formdata.name = param; - event_formdata.value = &value; - event_formdata.length = value_len; - event_formdata.newlength = NULL; - php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC); + event_formdata.post_bytes_processed = SG(read_post_bytes); + event_formdata.name = param; + event_formdata.value = &value; + event_formdata.length = value_len; + event_formdata.newlength = NULL; + php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC); + if (IS_CV != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } } if (!strcasecmp(param, "MAX_FILE_SIZE")) { Index: main/php_variables.c =================================================================== --- main/php_variables.c (revision 323123) +++ main/php_variables.c (working copy) @@ -183,18 +183,9 @@ } else { if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { - if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); - } - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); - } else { - zval_dtor(val); - free_alloca(var_orig, use_heap); - return; - } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } } symtable1 = Z_ARRVAL_PP(gpc_element_p); @@ -231,14 +222,7 @@ zend_symtable_exists(symtable1, index, index_len + 1)) { zval_ptr_dtor(&gpc_element); } else { - if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); - } - zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); - } else { - zval_ptr_dtor(&gpc_element); - } + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } } } @@ -249,6 +233,7 @@ { char *var, *val, *e, *s, *p; zval *array_ptr = (zval *) arg; + long count = 0; if (SG(request_info).post_data == NULL) { return; @@ -262,6 +247,10 @@ if ((val = memchr(s, '=', (p - s)))) { /* have a value */ unsigned int val_len, new_val_len; + if (++count > PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + return; + } var = s; php_url_decode(var, (val - s)); @@ -295,6 +284,7 @@ zval *array_ptr; int free_buffer = 0; char *strtok_buf = NULL; + long count = 0; switch (arg) { case PARSE_POST: @@ -384,6 +374,11 @@ + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } + if (++count > PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables reached %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + break; + } } else { @@ -33830,6 +33918,14 @@ ce = CACHED_PTR(opline->op2.literal->cache_slot); } else { ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op2.zv), Z_STRLEN_P(opline->op2.zv), opline->op2.literal + 1, 0 TSRMLS_CC); + if (!ce) { + if (val) { /* have a value */ int val_len; unsigned int new_val_len; + if (IS_CV != IS_CONST && varname == &tmp_varname) { + zval_dtor(&tmp_varname); + } + CHECK_EXCEPTION(); + ZEND_VM_NEXT_OPCODE(); + } CACHE_PTR(opline->op2.literal->cache_slot, ce); } } else { |
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 17:01:28 2024 UTC |