Skip to content

Commit 9fb4cd1

Browse files
dstogovdstogov
committed
Fixed bug #54585 (track_errors causes segfault)
1 parent 380c3e5 commit 9fb4cd1

File tree

3 files changed

+54
-39
lines changed

3 files changed

+54
-39
lines changed

Zend/tests/bug54585.phpt

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
--TEST--
2+
Bug #54585 (track_errors causes segfault)
3+
--INI--
4+
track_errors=On
5+
--FILE--
6+
<?php
7+
function testing($source) {
8+
unset($source[$cos]);
9+
}
10+
testing($_GET);
11+
echo "ok\n";
12+
?>
13+
--EXPECTF--
14+
Notice: Undefined variable: cos in %sbug54585.php on line 3
15+
ok

Zend/zend_vm_def.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3835,12 +3835,12 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
38353835

38363836
SAVE_OPLINE();
38373837
container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET);
3838+
if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
3839+
SEPARATE_ZVAL_IF_NOT_REF(container);
3840+
}
38383841
offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
38393842

38403843
if (OP1_TYPE != IS_VAR || container) {
3841-
if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
3842-
SEPARATE_ZVAL_IF_NOT_REF(container);
3843-
}
38443844
switch (Z_TYPE_PP(container)) {
38453845
case IS_ARRAY: {
38463846
HashTable *ht = Z_ARRVAL_PP(container);

Zend/zend_vm_execute.h

Lines changed: 36 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -13275,12 +13275,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAND
1327513275

1327613276
SAVE_OPLINE();
1327713277
container = _get_zval_ptr_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
13278+
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
13279+
SEPARATE_ZVAL_IF_NOT_REF(container);
13280+
}
1327813281
offset = opline->op2.zv;
1327913282

1328013283
if (IS_VAR != IS_VAR || container) {
13281-
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
13282-
SEPARATE_ZVAL_IF_NOT_REF(container);
13283-
}
1328413284
switch (Z_TYPE_PP(container)) {
1328513285
case IS_ARRAY: {
1328613286
HashTable *ht = Z_ARRVAL_PP(container);
@@ -15259,12 +15259,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLE
1525915259

1526015260
SAVE_OPLINE();
1526115261
container = _get_zval_ptr_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
15262+
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
15263+
SEPARATE_ZVAL_IF_NOT_REF(container);
15264+
}
1526215265
offset = _get_zval_ptr_tmp(opline->op2.var, EX_Ts(), &free_op2 TSRMLS_CC);
1526315266

1526415267
if (IS_VAR != IS_VAR || container) {
15265-
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
15266-
SEPARATE_ZVAL_IF_NOT_REF(container);
15267-
}
1526815268
switch (Z_TYPE_PP(container)) {
1526915269
case IS_ARRAY: {
1527015270
HashTable *ht = Z_ARRVAL_PP(container);
@@ -17439,12 +17439,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDLE
1743917439

1744017440
SAVE_OPLINE();
1744117441
container = _get_zval_ptr_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
17442+
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
17443+
SEPARATE_ZVAL_IF_NOT_REF(container);
17444+
}
1744217445
offset = _get_zval_ptr_var(opline->op2.var, EX_Ts(), &free_op2 TSRMLS_CC);
1744317446

1744417447
if (IS_VAR != IS_VAR || container) {
17445-
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
17446-
SEPARATE_ZVAL_IF_NOT_REF(container);
17447-
}
1744817448
switch (Z_TYPE_PP(container)) {
1744917449
case IS_ARRAY: {
1745017450
HashTable *ht = Z_ARRVAL_PP(container);
@@ -20431,12 +20431,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER
2043120431

2043220432
SAVE_OPLINE();
2043320433
container = _get_zval_ptr_ptr_var(opline->op1.var, EX_Ts(), &free_op1 TSRMLS_CC);
20434+
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
20435+
SEPARATE_ZVAL_IF_NOT_REF(container);
20436+
}
2043420437
offset = _get_zval_ptr_cv_BP_VAR_R(EX_CVs(), opline->op2.var TSRMLS_CC);
2043520438

2043620439
if (IS_VAR != IS_VAR || container) {
20437-
if (IS_VAR == IS_CV && container != &EG(uninitialized_zval_ptr)) {
20438-
SEPARATE_ZVAL_IF_NOT_REF(container);
20439-
}
2044020440
switch (Z_TYPE_PP(container)) {
2044120441
case IS_ARRAY: {
2044220442
HashTable *ht = Z_ARRVAL_PP(container);
@@ -21753,12 +21753,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_H
2175321753

2175421754
SAVE_OPLINE();
2175521755
container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
21756+
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
21757+
SEPARATE_ZVAL_IF_NOT_REF(container);
21758+
}
2175621759
offset = opline->op2.zv;
2175721760

2175821761
if (IS_UNUSED != IS_VAR || container) {
21759-
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
21760-
SEPARATE_ZVAL_IF_NOT_REF(container);
21761-
}
2176221762
switch (Z_TYPE_PP(container)) {
2176321763
case IS_ARRAY: {
2176421764
HashTable *ht = Z_ARRVAL_PP(container);
@@ -22896,12 +22896,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_TMP_HANDLER(ZEND_OPCODE_HAN
2289622896

2289722897
SAVE_OPLINE();
2289822898
container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
22899+
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
22900+
SEPARATE_ZVAL_IF_NOT_REF(container);
22901+
}
2289922902
offset = _get_zval_ptr_tmp(opline->op2.var, EX_Ts(), &free_op2 TSRMLS_CC);
2290022903

2290122904
if (IS_UNUSED != IS_VAR || container) {
22902-
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
22903-
SEPARATE_ZVAL_IF_NOT_REF(container);
22904-
}
2290522905
switch (Z_TYPE_PP(container)) {
2290622906
case IS_ARRAY: {
2290722907
HashTable *ht = Z_ARRVAL_PP(container);
@@ -24039,12 +24039,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_VAR_HANDLER(ZEND_OPCODE_HAN
2403924039

2404024040
SAVE_OPLINE();
2404124041
container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
24042+
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
24043+
SEPARATE_ZVAL_IF_NOT_REF(container);
24044+
}
2404224045
offset = _get_zval_ptr_var(opline->op2.var, EX_Ts(), &free_op2 TSRMLS_CC);
2404324046

2404424047
if (IS_UNUSED != IS_VAR || container) {
24045-
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
24046-
SEPARATE_ZVAL_IF_NOT_REF(container);
24047-
}
2404824048
switch (Z_TYPE_PP(container)) {
2404924049
case IS_ARRAY: {
2405024050
HashTable *ht = Z_ARRVAL_PP(container);
@@ -25448,12 +25448,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAND
2544825448

2544925449
SAVE_OPLINE();
2545025450
container = _get_obj_zval_ptr_ptr_unused(TSRMLS_C);
25451+
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
25452+
SEPARATE_ZVAL_IF_NOT_REF(container);
25453+
}
2545125454
offset = _get_zval_ptr_cv_BP_VAR_R(EX_CVs(), opline->op2.var TSRMLS_CC);
2545225455

2545325456
if (IS_UNUSED != IS_VAR || container) {
25454-
if (IS_UNUSED == IS_CV && container != &EG(uninitialized_zval_ptr)) {
25455-
SEPARATE_ZVAL_IF_NOT_REF(container);
25456-
}
2545725457
switch (Z_TYPE_PP(container)) {
2545825458
case IS_ARRAY: {
2545925459
HashTable *ht = Z_ARRVAL_PP(container);
@@ -28595,12 +28595,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDL
2859528595

2859628596
SAVE_OPLINE();
2859728597
container = _get_zval_ptr_ptr_cv_BP_VAR_UNSET(EX_CVs(), opline->op1.var TSRMLS_CC);
28598+
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
28599+
SEPARATE_ZVAL_IF_NOT_REF(container);
28600+
}
2859828601
offset = opline->op2.zv;
2859928602

2860028603
if (IS_CV != IS_VAR || container) {
28601-
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
28602-
SEPARATE_ZVAL_IF_NOT_REF(container);
28603-
}
2860428604
switch (Z_TYPE_PP(container)) {
2860528605
case IS_ARRAY: {
2860628606
HashTable *ht = Z_ARRVAL_PP(container);
@@ -30453,12 +30453,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDLER
3045330453

3045430454
SAVE_OPLINE();
3045530455
container = _get_zval_ptr_ptr_cv_BP_VAR_UNSET(EX_CVs(), opline->op1.var TSRMLS_CC);
30456+
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
30457+
SEPARATE_ZVAL_IF_NOT_REF(container);
30458+
}
3045630459
offset = _get_zval_ptr_tmp(opline->op2.var, EX_Ts(), &free_op2 TSRMLS_CC);
3045730460

3045830461
if (IS_CV != IS_VAR || container) {
30459-
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
30460-
SEPARATE_ZVAL_IF_NOT_REF(container);
30461-
}
3046230462
switch (Z_TYPE_PP(container)) {
3046330463
case IS_ARRAY: {
3046430464
HashTable *ht = Z_ARRVAL_PP(container);
@@ -32506,12 +32506,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLER
3250632506

3250732507
SAVE_OPLINE();
3250832508
container = _get_zval_ptr_ptr_cv_BP_VAR_UNSET(EX_CVs(), opline->op1.var TSRMLS_CC);
32509+
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
32510+
SEPARATE_ZVAL_IF_NOT_REF(container);
32511+
}
3250932512
offset = _get_zval_ptr_var(opline->op2.var, EX_Ts(), &free_op2 TSRMLS_CC);
3251032513

3251132514
if (IS_CV != IS_VAR || container) {
32512-
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
32513-
SEPARATE_ZVAL_IF_NOT_REF(container);
32514-
}
3251532515
switch (Z_TYPE_PP(container)) {
3251632516
case IS_ARRAY: {
3251732517
HashTable *ht = Z_ARRVAL_PP(container);
@@ -35235,12 +35235,12 @@ static int ZEND_FASTCALL ZEND_UNSET_DIM_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_
3523535235

3523635236
SAVE_OPLINE();
3523735237
container = _get_zval_ptr_ptr_cv_BP_VAR_UNSET(EX_CVs(), opline->op1.var TSRMLS_CC);
35238+
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
35239+
SEPARATE_ZVAL_IF_NOT_REF(container);
35240+
}
3523835241
offset = _get_zval_ptr_cv_BP_VAR_R(EX_CVs(), opline->op2.var TSRMLS_CC);
3523935242

3524035243
if (IS_CV != IS_VAR || container) {
35241-
if (IS_CV == IS_CV && container != &EG(uninitialized_zval_ptr)) {
35242-
SEPARATE_ZVAL_IF_NOT_REF(container);
35243-
}
3524435244
switch (Z_TYPE_PP(container)) {
3524535245
case IS_ARRAY: {
3524635246
HashTable *ht = Z_ARRVAL_PP(container);

0 commit comments

Comments
 (0)