stas Wed, 16 Mar 2011 05:25:02 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=309265
Log:
fix UMR when variable name is an object and __toString is used
# zend_call_function checks IS_REF on This
Changed paths:
U php/php-src/trunk/Zend/zend_vm_def.h
U php/php-src/trunk/Zend/zend_vm_execute.h
U php/php-src/trunk/Zend/zend_vm_opcodes.h
Modified: php/php-src/trunk/Zend/zend_vm_def.h
===================================================================
--- php/php-src/trunk/Zend/zend_vm_def.h 2011-03-16 03:14:21 UTC (rev 309264)
+++ php/php-src/trunk/Zend/zend_vm_def.h 2011-03-16 05:25:02 UTC (rev 309265)
@@ -1023,6 +1023,8 @@
if (OP1_TYPE != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -1205,7 +1207,7 @@
/* We are going to assign the result by reference */
if (UNEXPECTED(opline->extended_value != 0)) {
zval **retval_ptr = EX_T(opline->result.var).var.ptr_ptr;
-
+
if (retval_ptr) {
Z_DELREF_PP(retval_ptr);
SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr);
@@ -1386,7 +1388,7 @@
PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr);
EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr;
}
-
+
if (IS_OP2_TMP_FREE()) {
MAKE_REAL_ZVAL_PTR(property);
}
@@ -1414,7 +1416,7 @@
SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr);
Z_ADDREF_PP(retval_ptr);
}
-
+
CHECK_EXCEPTION();
ZEND_VM_NEXT_OPCODE();
}
@@ -2071,7 +2073,7 @@
SAVE_OPLINE();
var = GET_OP2_ZVAL_PTR(BP_VAR_R);
-
+
if (OP1_TYPE == IS_UNUSED) {
/* Initialize for erealloc in add_string_to_string */
Z_STRVAL_P(str) = NULL;
@@ -2166,7 +2168,7 @@
if (EXPECTED(EX(object) != NULL) &&
EXPECTED(Z_TYPE_P(EX(object)) == IS_OBJECT)) {
EX(called_scope) = Z_OBJCE_P(EX(object));
-
+
if (OP2_TYPE != IS_CONST ||
(EX(fbc) = CACHED_POLYMORPHIC_PTR(opline->op2.literal->cache_slot, EX(called_scope))) == NULL) {
zval *object = EX(object);
@@ -2189,10 +2191,10 @@
} else {
zend_error_noreturn(E_ERROR, "Call to a member function %s() on a non-object", function_name_strval);
}
-
+
if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) {
EX(object) = NULL;
- } else {
+ } else {
if (!PZVAL_IS_REF(EX(object))) {
Z_ADDREF_P(EX(object)); /* For $this pointer */
} else {
@@ -2428,9 +2430,9 @@
cv++;
}
}
-
+
nested = EX(nested);
-
+
zend_vm_stack_free(execute_data TSRMLS_CC);
if (nested) {
@@ -3093,7 +3095,7 @@
char *space;
char *class_name;
zend_execute_data *ptr;
-
+
if (EG(active_op_array)->scope) {
class_name = EG(active_op_array)->scope->name;
space = "::";
@@ -3491,7 +3493,7 @@
zend_free_op free_op2;
zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
ulong hval;
-
+
switch (Z_TYPE_P(offset)) {
case IS_DOUBLE:
hval = zend_dval_to_lval(Z_DVAL_P(offset));
@@ -3824,7 +3826,7 @@
SAVE_OPLINE();
container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET);
offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
-
+
if (OP1_TYPE != IS_VAR || container) {
if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
SEPARATE_ZVAL_IF_NOT_REF(container);
@@ -4007,7 +4009,7 @@
if (!ce || !ce->get_iterator) {
Z_ADDREF_P(array_ptr);
}
- } else if (OP1_TYPE == IS_CONST ||
+ } else if (OP1_TYPE == IS_CONST ||
((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) &&
!Z_ISREF_P(array_ptr) &&
Z_REFCOUNT_P(array_ptr) > 1)) {
@@ -4251,7 +4253,7 @@
if (zend_hash_quick_find(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, (void **) &value) == FAILURE) {
isset = 0;
}
- } else {
+ } else {
isset = 0;
}
} else {
@@ -4326,7 +4328,7 @@
SAVE_OPLINE();
container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_IS);
-
+
offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) {
@@ -4701,7 +4703,7 @@
SAVE_OPLINE();
expr = GET_OP1_ZVAL_PTR(BP_VAR_R);
-
+
if (Z_TYPE_P(expr) == IS_OBJECT && Z_OBJ_HT_P(expr)->get_class_entry) {
result = instanceof_function(Z_OBJCE_P(expr), EX_T(opline->op2.var).class_entry TSRMLS_CC);
} else {
@@ -4783,9 +4785,9 @@
{
zend_op *opline = EX(opline);
zend_class_entry *ce = EX_T(opline->op1.var).class_entry;
-
+
zend_do_bind_traits(ce TSRMLS_CC);
-
+
ZEND_VM_NEXT_OPCODE();
}
@@ -4796,7 +4798,7 @@
zend_uint catch_op_num = 0;
int catched = 0;
zval restored_error_reporting;
-
+
void **stack_frame = (void**)(((char*)EX_Ts()) +
(ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * EX(op_array)->T));
@@ -4891,7 +4893,7 @@
{
USE_OPLINE
int ret;
-
+
SAVE_OPLINE();
ret = zend_user_opcode_handlers[opline->opcode](ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_INTERNAL);
LOAD_OPLINE();
Modified: php/php-src/trunk/Zend/zend_vm_execute.h
===================================================================
--- php/php-src/trunk/Zend/zend_vm_execute.h 2011-03-16 03:14:21 UTC (rev 309264)
+++ php/php-src/trunk/Zend/zend_vm_execute.h 2011-03-16 05:25:02 UTC (rev 309265)
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| Zend Engine |
+----------------------------------------------------------------------+
- | Copyright (c) 1998-2011 Zend Technologies Ltd. (http://www.zend.com) |
+ | Copyright (c) 1998-2010 Zend Technologies Ltd. (http://www.zend.com) |
+----------------------------------------------------------------------+
| This source file is subject to version 2.00 of the Zend license, |
| that is bundled with this package in the file LICENSE, and is |
@@ -2874,6 +2874,8 @@
if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -4351,6 +4353,8 @@
if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -4883,6 +4887,8 @@
if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -7188,6 +7194,8 @@
if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -8538,6 +8546,8 @@
if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -9072,6 +9082,8 @@
if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -12053,6 +12065,8 @@
if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -16248,6 +16262,8 @@
if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -18020,6 +18036,8 @@
if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -27579,6 +27597,8 @@
if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -31431,6 +31451,8 @@
if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
@@ -33076,6 +33098,8 @@
if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) {
ZVAL_COPY_VALUE(&tmp_varname, varname);
zval_copy_ctor(&tmp_varname);
+ Z_SET_REFCOUNT(tmp_varname, 1);
+ Z_UNSET_ISREF(tmp_varname);
convert_to_string(&tmp_varname);
varname = &tmp_varname;
}
Modified: php/php-src/trunk/Zend/zend_vm_opcodes.h
===================================================================
--- php/php-src/trunk/Zend/zend_vm_opcodes.h 2011-03-16 03:14:21 UTC (rev 309264)
+++ php/php-src/trunk/Zend/zend_vm_opcodes.h 2011-03-16 05:25:02 UTC (rev 309265)
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| Zend Engine |
+----------------------------------------------------------------------+
- | Copyright (c) 1998-2011 Zend Technologies Ltd. (http://www.zend.com) |
+ | Copyright (c) 1998-2010 Zend Technologies Ltd. (http://www.zend.com) |
+----------------------------------------------------------------------+
| This source file is subject to version 2.00 of the Zend license, |
| that is bundled with this package in the file LICENSE, and is |
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
