stas Wed, 16 Mar 2011 05:25:02 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=309265
Log: fix UMR when variable name is an object and __toString is used # zend_call_function checks IS_REF on This Changed paths: U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h U php/php-src/trunk/Zend/zend_vm_opcodes.h
Modified: php/php-src/trunk/Zend/zend_vm_def.h =================================================================== --- php/php-src/trunk/Zend/zend_vm_def.h 2011-03-16 03:14:21 UTC (rev 309264) +++ php/php-src/trunk/Zend/zend_vm_def.h 2011-03-16 05:25:02 UTC (rev 309265) @@ -1023,6 +1023,8 @@ if (OP1_TYPE != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -1205,7 +1207,7 @@ /* We are going to assign the result by reference */ if (UNEXPECTED(opline->extended_value != 0)) { zval **retval_ptr = EX_T(opline->result.var).var.ptr_ptr; - + if (retval_ptr) { Z_DELREF_PP(retval_ptr); SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr); @@ -1386,7 +1388,7 @@ PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; } - + if (IS_OP2_TMP_FREE()) { MAKE_REAL_ZVAL_PTR(property); } @@ -1414,7 +1416,7 @@ SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr); Z_ADDREF_PP(retval_ptr); } - + CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); } @@ -2071,7 +2073,7 @@ SAVE_OPLINE(); var = GET_OP2_ZVAL_PTR(BP_VAR_R); - + if (OP1_TYPE == IS_UNUSED) { /* Initialize for erealloc in add_string_to_string */ Z_STRVAL_P(str) = NULL; @@ -2166,7 +2168,7 @@ if (EXPECTED(EX(object) != NULL) && EXPECTED(Z_TYPE_P(EX(object)) == IS_OBJECT)) { EX(called_scope) = Z_OBJCE_P(EX(object)); - + if (OP2_TYPE != IS_CONST || (EX(fbc) = CACHED_POLYMORPHIC_PTR(opline->op2.literal->cache_slot, EX(called_scope))) == NULL) { zval *object = EX(object); @@ -2189,10 +2191,10 @@ } else { zend_error_noreturn(E_ERROR, "Call to a member function %s() on a non-object", function_name_strval); } - + if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) { EX(object) = NULL; - } else { + } else { if (!PZVAL_IS_REF(EX(object))) { Z_ADDREF_P(EX(object)); /* For $this pointer */ } else { @@ -2428,9 +2430,9 @@ cv++; } } - + nested = EX(nested); - + zend_vm_stack_free(execute_data TSRMLS_CC); if (nested) { @@ -3093,7 +3095,7 @@ char *space; char *class_name; zend_execute_data *ptr; - + if (EG(active_op_array)->scope) { class_name = EG(active_op_array)->scope->name; space = "::"; @@ -3491,7 +3493,7 @@ zend_free_op free_op2; zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R); ulong hval; - + switch (Z_TYPE_P(offset)) { case IS_DOUBLE: hval = zend_dval_to_lval(Z_DVAL_P(offset)); @@ -3824,7 +3826,7 @@ SAVE_OPLINE(); container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET); offset = GET_OP2_ZVAL_PTR(BP_VAR_R); - + if (OP1_TYPE != IS_VAR || container) { if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) { SEPARATE_ZVAL_IF_NOT_REF(container); @@ -4007,7 +4009,7 @@ if (!ce || !ce->get_iterator) { Z_ADDREF_P(array_ptr); } - } else if (OP1_TYPE == IS_CONST || + } else if (OP1_TYPE == IS_CONST || ((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) && !Z_ISREF_P(array_ptr) && Z_REFCOUNT_P(array_ptr) > 1)) { @@ -4251,7 +4253,7 @@ if (zend_hash_quick_find(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, (void **) &value) == FAILURE) { isset = 0; } - } else { + } else { isset = 0; } } else { @@ -4326,7 +4328,7 @@ SAVE_OPLINE(); container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_IS); - + offset = GET_OP2_ZVAL_PTR(BP_VAR_R); if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { @@ -4701,7 +4703,7 @@ SAVE_OPLINE(); expr = GET_OP1_ZVAL_PTR(BP_VAR_R); - + if (Z_TYPE_P(expr) == IS_OBJECT && Z_OBJ_HT_P(expr)->get_class_entry) { result = instanceof_function(Z_OBJCE_P(expr), EX_T(opline->op2.var).class_entry TSRMLS_CC); } else { @@ -4783,9 +4785,9 @@ { zend_op *opline = EX(opline); zend_class_entry *ce = EX_T(opline->op1.var).class_entry; - + zend_do_bind_traits(ce TSRMLS_CC); - + ZEND_VM_NEXT_OPCODE(); } @@ -4796,7 +4798,7 @@ zend_uint catch_op_num = 0; int catched = 0; zval restored_error_reporting; - + void **stack_frame = (void**)(((char*)EX_Ts()) + (ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * EX(op_array)->T)); @@ -4891,7 +4893,7 @@ { USE_OPLINE int ret; - + SAVE_OPLINE(); ret = zend_user_opcode_handlers[opline->opcode](ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_INTERNAL); LOAD_OPLINE(); Modified: php/php-src/trunk/Zend/zend_vm_execute.h =================================================================== --- php/php-src/trunk/Zend/zend_vm_execute.h 2011-03-16 03:14:21 UTC (rev 309264) +++ php/php-src/trunk/Zend/zend_vm_execute.h 2011-03-16 05:25:02 UTC (rev 309265) @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | Zend Engine | +----------------------------------------------------------------------+ - | Copyright (c) 1998-2011 Zend Technologies Ltd. (http://www.zend.com) | + | Copyright (c) 1998-2010 Zend Technologies Ltd. (http://www.zend.com) | +----------------------------------------------------------------------+ | This source file is subject to version 2.00 of the Zend license, | | that is bundled with this package in the file LICENSE, and is | @@ -2874,6 +2874,8 @@ if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -4351,6 +4353,8 @@ if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -4883,6 +4887,8 @@ if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -7188,6 +7194,8 @@ if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -8538,6 +8546,8 @@ if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -9072,6 +9082,8 @@ if (IS_TMP_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -12053,6 +12065,8 @@ if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -16248,6 +16262,8 @@ if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -18020,6 +18036,8 @@ if (IS_VAR != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -27579,6 +27597,8 @@ if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -31431,6 +31451,8 @@ if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } @@ -33076,6 +33098,8 @@ if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(varname) != IS_STRING)) { ZVAL_COPY_VALUE(&tmp_varname, varname); zval_copy_ctor(&tmp_varname); + Z_SET_REFCOUNT(tmp_varname, 1); + Z_UNSET_ISREF(tmp_varname); convert_to_string(&tmp_varname); varname = &tmp_varname; } Modified: php/php-src/trunk/Zend/zend_vm_opcodes.h =================================================================== --- php/php-src/trunk/Zend/zend_vm_opcodes.h 2011-03-16 03:14:21 UTC (rev 309264) +++ php/php-src/trunk/Zend/zend_vm_opcodes.h 2011-03-16 05:25:02 UTC (rev 309265) @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | Zend Engine | +----------------------------------------------------------------------+ - | Copyright (c) 1998-2011 Zend Technologies Ltd. (http://www.zend.com) | + | Copyright (c) 1998-2010 Zend Technologies Ltd. (http://www.zend.com) | +----------------------------------------------------------------------+ | This source file is subject to version 2.00 of the Zend license, | | that is bundled with this package in the file LICENSE, and is |
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php