Skip to content

Commit 301ee26

Browse files
dstogovdstogov
committed
Fixed situation, when CHECH_EXCEPTION() might change value of "opline" variable and the following "opline" useages would access elements of different opcode. That might lead to unpredictable behavior. (Only PHP-7 with GCC global register variables was affected).
CHECK_EXCEPTION() macro is removed. ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTIO() should be used instead. It's equivalent to old CHECK_EXCEPTION() + ZEND_VM_NEXT_OPCODE(). As a side effect, this also slightly improved performnce of builds with GCC >= 4.8.
1 parent 993a658 commit 301ee26

File tree

5 files changed

+993
-1831
lines changed

5 files changed

+993
-1831
lines changed

Zend/zend_compile.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2681,7 +2681,8 @@ uint32_t zend_compile_args(zend_ast *ast, zend_function *fbc) /* {{{ */
26812681
}
26822682
} else {
26832683
zend_compile_expr(&arg_node, arg);
2684-
if (arg_node.op_type & (IS_VAR|IS_CV)) {
2684+
ZEND_ASSERT(arg_node.op_type != IS_CV);
2685+
if (arg_node.op_type == IS_VAR) {
26852686
opcode = ZEND_SEND_VAR_NO_REF;
26862687
if (fbc && ARG_MUST_BE_SENT_BY_REF(fbc, arg_num)) {
26872688
flags |= ZEND_ARG_SEND_BY_REF;

Zend/zend_execute.c

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2552,11 +2552,21 @@ void zend_cleanup_unfinished_execution(zend_execute_data *execute_data, uint32_t
25522552
# endif
25532553
#endif
25542554

2555-
#define ZEND_VM_NEXT_OPCODE() \
2555+
#define ZEND_VM_NEXT_OPCODE_EX(check_exception, skip) \
25562556
CHECK_SYMBOL_TABLES() \
2557-
ZEND_VM_INC_OPCODE(); \
2557+
if (check_exception) { \
2558+
OPLINE = EX(opline) + (skip); \
2559+
} else { \
2560+
OPLINE = opline + (skip); \
2561+
} \
25582562
ZEND_VM_CONTINUE()
25592563

2564+
#define ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION() \
2565+
ZEND_VM_NEXT_OPCODE_EX(1, 1)
2566+
2567+
#define ZEND_VM_NEXT_OPCODE() \
2568+
ZEND_VM_NEXT_OPCODE_EX(0, 1)
2569+
25602570
#define ZEND_VM_SET_NEXT_OPCODE(new_op) \
25612571
CHECK_SYMBOL_TABLES() \
25622572
OPLINE = new_op

0 commit comments

Comments
 (0)