diff options
author | Ondřej Surý <ondrej@sury.org> | 2014-07-02 13:10:19 +0200 |
---|---|---|
committer | Ondřej Surý <ondrej@sury.org> | 2014-07-02 13:10:19 +0200 |
commit | 09ed144817606a3a835391b12455e6d9cb3a0ae2 (patch) | |
tree | 1284c43d38c82704eada3d721265b96ae8b4aee3 /Zend | |
parent | 60d44b592c4c4fdcbbf92db2882a97a9cc54713c (diff) | |
download | php-09ed144817606a3a835391b12455e6d9cb3a0ae2.tar.gz |
New upstream version 5.6.0~rc2+dfsgupstream/5.6.0_rc2+dfsg
Diffstat (limited to 'Zend')
-rw-r--r-- | Zend/tests/67468.phpt | 11 | ||||
-rw-r--r-- | Zend/tests/bug67368.phpt | 12 | ||||
-rw-r--r-- | Zend/zend_ast.c | 3 | ||||
-rw-r--r-- | Zend/zend_execute.c | 20 | ||||
-rw-r--r-- | Zend/zend_highlight.c | 2 | ||||
-rw-r--r-- | Zend/zend_indent.c | 2 | ||||
-rw-r--r-- | Zend/zend_vm_def.h | 7 | ||||
-rw-r--r-- | Zend/zend_vm_execute.h | 7 |
8 files changed, 60 insertions, 4 deletions
diff --git a/Zend/tests/67468.phpt b/Zend/tests/67468.phpt new file mode 100644 index 000000000..767217644 --- /dev/null +++ b/Zend/tests/67468.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #67468 (Segfault in highlight_file()/highlight_string()) +--SKIPIF-- +<?php if(!function_exists("leak")) print "skip only for debug builds"; ?> +--FILE-- +<?php +highlight_string("<?php __CLASS__;", true); +echo "done"; +?> +--EXPECT-- +done diff --git a/Zend/tests/bug67368.phpt b/Zend/tests/bug67368.phpt new file mode 100644 index 000000000..c92e994b9 --- /dev/null +++ b/Zend/tests/bug67368.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #67368 (Memory leak with immediately dereferenced array in class constant) +--INI-- +report_memleaks=1 +--FILE-- +<?php +class FooBar { + const bar = ["bar" => 3]["bar"]; +} +echo "okey"; +--EXPECTF-- +okey diff --git a/Zend/zend_ast.c b/Zend/zend_ast.c index 583a52321..12f940552 100644 --- a/Zend/zend_ast.c +++ b/Zend/zend_ast.c @@ -328,8 +328,7 @@ ZEND_API void zend_ast_evaluate(zval *result, zend_ast *ast, zend_class_entry *s { zval *tmp; zend_fetch_dimension_by_zval(&tmp, &op1, &op2 TSRMLS_CC); - *result = *tmp; - efree(tmp); + ZVAL_ZVAL(result, tmp, 1, 1); } zval_dtor(&op1); zval_dtor(&op2); diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index ad92c5fb6..6ada04e1c 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -943,6 +943,26 @@ copy_value: } } +static void zval_deep_copy(zval **p) +{ + zval *value; + + ALLOC_ZVAL(value); + *value = **p; + if (Z_TYPE_P(value) == IS_ARRAY) { + HashTable *ht; + + ALLOC_HASHTABLE(ht); + zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(value)), NULL, ZVAL_PTR_DTOR, 0); + zend_hash_copy(ht, Z_ARRVAL_P(value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *)); + Z_ARRVAL_P(value) = ht; + } else { + zval_copy_ctor(value); + } + INIT_PZVAL(value); + *p = value; +} + /* Utility Functions for Extensions */ static void zend_extension_statement_handler(const zend_extension *extension, zend_op_array *op_array TSRMLS_DC) { diff --git a/Zend/zend_highlight.c b/Zend/zend_highlight.c index 68f2b7b72..31d99b7df 100644 --- a/Zend/zend_highlight.c +++ b/Zend/zend_highlight.c @@ -150,7 +150,7 @@ ZEND_API void zend_highlight(zend_syntax_highlighter_ini *syntax_highlighter_ini case T_DOC_COMMENT: break; default: - efree(token.value.str.val); + str_efree(token.value.str.val); break; } } diff --git a/Zend/zend_indent.c b/Zend/zend_indent.c index cacdf8df3..920d41281 100644 --- a/Zend/zend_indent.c +++ b/Zend/zend_indent.c @@ -139,7 +139,7 @@ dflt_printout: case T_WHITESPACE: break; default: - efree(token.value.str.val); + str_efree(token.value.str.val); break; } } diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index cd7dbf498..c3fb86ddd 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -3422,6 +3422,13 @@ ZEND_VM_HANDLER(64, ZEND_RECV_INIT, ANY, CONST) if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) { Z_SET_REFCOUNT_P(assignment_value, 1); zval_update_constant(&assignment_value, 0 TSRMLS_CC); + } else if (Z_TYPE_P(assignment_value) == IS_ARRAY) { + HashTable *ht; + + ALLOC_HASHTABLE(ht); + zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0); + zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *)); + Z_ARRVAL_P(assignment_value) = ht; } else { zval_copy_ctor(assignment_value); } diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 29a8c0c80..3fa94d12a 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -1624,6 +1624,13 @@ static int ZEND_FASTCALL ZEND_RECV_INIT_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) { Z_SET_REFCOUNT_P(assignment_value, 1); zval_update_constant(&assignment_value, 0 TSRMLS_CC); + } else if (Z_TYPE_P(assignment_value) == IS_ARRAY) { + HashTable *ht; + + ALLOC_HASHTABLE(ht); + zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0); + zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *)); + Z_ARRVAL_P(assignment_value) = ht; } else { zval_copy_ctor(assignment_value); } |