New upstream version 5.6.0~rc2+dfsgupstream/5.6.0_rc2+dfsg

author: Ondřej Surý <ondrej@sury.org> 2014-07-02 13:10:19 +0200
committer: Ondřej Surý <ondrej@sury.org> 2014-07-02 13:10:19 +0200
commit: 09ed144817606a3a835391b12455e6d9cb3a0ae2 (patch)
tree: 1284c43d38c82704eada3d721265b96ae8b4aee3 /Zend
parent: 60d44b592c4c4fdcbbf92db2882a97a9cc54713c (diff)
download: php-09ed144817606a3a835391b12455e6d9cb3a0ae2.tar.gz
8 files changed, 60 insertions, 4 deletions
diff --git a/Zend/tests/67468.phpt b/Zend/tests/67468.phpt
new file mode 100644
index 000000000..767217644
--- /dev/null
+++ b/Zend/tests/67468.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #67468 (Segfault in highlight_file()/highlight_string())
+--SKIPIF--
+<?php if(!function_exists("leak")) print "skip only for debug builds"; ?>
+--FILE--
+<?php
+highlight_string("<?php __CLASS__;", true);
+echo "done";
+?>
+--EXPECT--
+done
diff --git a/Zend/tests/bug67368.phpt b/Zend/tests/bug67368.phpt
new file mode 100644
index 000000000..c92e994b9
--- /dev/null
+++ b/Zend/tests/bug67368.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug #67368 (Memory leak with immediately dereferenced array in class constant)
+--INI--
+report_memleaks=1
+--FILE--
+<?php
+class FooBar {
+		const bar = ["bar" => 3]["bar"];
+}
+echo "okey";
+--EXPECTF--
+okey
diff --git a/Zend/zend_ast.c b/Zend/zend_ast.c
index 583a52321..12f940552 100644
--- a/Zend/zend_ast.c
+++ b/Zend/zend_ast.c
@@ -328,8 +328,7 @@ ZEND_API void zend_ast_evaluate(zval *result, zend_ast *ast, zend_class_entry *s
 			{
 				zval *tmp;
 				zend_fetch_dimension_by_zval(&tmp, &op1, &op2 TSRMLS_CC);
-				*result = *tmp;
-				efree(tmp);
+				ZVAL_ZVAL(result, tmp, 1, 1);
 			}
 			zval_dtor(&op1);
 			zval_dtor(&op2);
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index ad92c5fb6..6ada04e1c 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -943,6 +943,26 @@ copy_value:
 	}
 }
 
+static void zval_deep_copy(zval **p)
+{
+	zval *value;
+
+	ALLOC_ZVAL(value);
+	*value = **p;
+	if (Z_TYPE_P(value) == IS_ARRAY) {
+		HashTable *ht;
+
+		ALLOC_HASHTABLE(ht);
+		zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(value)), NULL, ZVAL_PTR_DTOR, 0);
+		zend_hash_copy(ht, Z_ARRVAL_P(value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *));
+		Z_ARRVAL_P(value) = ht;
+	} else {
+		zval_copy_ctor(value);
+	}
+	INIT_PZVAL(value);
+	*p = value;
+}
+
 /* Utility Functions for Extensions */
 static void zend_extension_statement_handler(const zend_extension *extension, zend_op_array *op_array TSRMLS_DC)
 {
diff --git a/Zend/zend_highlight.c b/Zend/zend_highlight.c
index 68f2b7b72..31d99b7df 100644
--- a/Zend/zend_highlight.c
+++ b/Zend/zend_highlight.c
@@ -150,7 +150,7 @@ ZEND_API void zend_highlight(zend_syntax_highlighter_ini *syntax_highlighter_ini
 				case T_DOC_COMMENT:
 					break;
 				default:
-					efree(token.value.str.val);
+					str_efree(token.value.str.val);
 					break;
 			}
 		}
diff --git a/Zend/zend_indent.c b/Zend/zend_indent.c
index cacdf8df3..920d41281 100644
--- a/Zend/zend_indent.c
+++ b/Zend/zend_indent.c
@@ -139,7 +139,7 @@ dflt_printout:
 			case T_WHITESPACE:
 				break;
 			default:
-				efree(token.value.str.val);
+				str_efree(token.value.str.val);
 				break;
 			}
 		}
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index cd7dbf498..c3fb86ddd 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -3422,6 +3422,13 @@ ZEND_VM_HANDLER(64, ZEND_RECV_INIT, ANY, CONST)
 		if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) {
 			Z_SET_REFCOUNT_P(assignment_value, 1);
 			zval_update_constant(&assignment_value, 0 TSRMLS_CC);
+		} else if (Z_TYPE_P(assignment_value) == IS_ARRAY) {
+			HashTable *ht;
+
+			ALLOC_HASHTABLE(ht);
+			zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0);
+			zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *));
+			Z_ARRVAL_P(assignment_value) = ht;
 		} else {
 			zval_copy_ctor(assignment_value);
 		}
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 29a8c0c80..3fa94d12a 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1624,6 +1624,13 @@ static int ZEND_FASTCALL  ZEND_RECV_INIT_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_
 		if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) {
 			Z_SET_REFCOUNT_P(assignment_value, 1);
 			zval_update_constant(&assignment_value, 0 TSRMLS_CC);
+		} else if (Z_TYPE_P(assignment_value) == IS_ARRAY) {
+			HashTable *ht;
+
+			ALLOC_HASHTABLE(ht);
+			zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0);
+			zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *));
+			Z_ARRVAL_P(assignment_value) = ht;
 		} else {
 			zval_copy_ctor(assignment_value);
 		}
author	Ondřej Surý <ondrej@sury.org>	2014-07-02 13:10:19 +0200
committer	Ondřej Surý <ondrej@sury.org>	2014-07-02 13:10:19 +0200
commit	09ed144817606a3a835391b12455e6d9cb3a0ae2 (patch)
tree	1284c43d38c82704eada3d721265b96ae8b4aee3 /Zend
parent	60d44b592c4c4fdcbbf92db2882a97a9cc54713c (diff)
download	php-09ed144817606a3a835391b12455e6d9cb3a0ae2.tar.gz