laruence Tue, 27 Dec 2011 08:38:18 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=321429
Log:
Fix bug #60611 (Segmentation fault with Cls::{expr}() syntax)
Bug: https://bugs.php.net/60611 (Open) Segmentation fault with Cls::{expr}()
syntax
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
A php/php-src/trunk/Zend/tests/bug60611.phpt
U php/php-src/trunk/Zend/zend_compile.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-27 06:24:33 UTC (rev 321428)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-27 08:38:18 UTC (rev 321429)
@@ -1,6 +1,9 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Jan 2012, PHP 5.4.0 RC5
+- Core:
+ . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
+
- CLI SAPI:
. Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt 2011-12-27
08:38:18 UTC (rev 321429)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #60611 (Segmentation fault with Cls::{expr}() syntax)
+--FILE--
+<?php
+class Cls {
+ function __call($name, $arg) {
+ }
+ static function __callStatic($name, $arg) {
+ }
+}
+
+Cls::{0}();
+Cls::{1.0}();
+Cls::{true}();
+Cls::{false}();
+Cls::{null}();
+
+$cls = new Cls;
+$cls->{0}();
+$cls->{1.0}();
+$cls->{true}();
+$cls->{false}();
+$cls->{null}();
+
+echo "done";
+?>
+--EXPECT--
+done
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===================================================================
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2011-12-27 06:24:33 UTC
(rev 321428)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2011-12-27 08:38:18 UTC
(rev 321429)
@@ -1973,9 +1973,10 @@
if (last_op->opcode == ZEND_FETCH_OBJ_R) {
if (last_op->op2_type == IS_CONST) {
zval name;
-
name = CONSTANT(last_op->op2.constant);
- if (!IS_INTERNED(Z_STRVAL(name))) {
+ if (Z_TYPE(name) != IS_STRING) {
+ convert_to_string(&name);
+ } else if (!IS_INTERNED(Z_STRVAL(name))) {
Z_STRVAL(name) = estrndup(Z_STRVAL(name),
Z_STRLEN(name));
}
FREE_POLYMORPHIC_CACHE_SLOT(last_op->op2.constant);
@@ -2367,7 +2368,11 @@
zend_op *opline;
if (method_name->op_type == IS_CONST) {
- char *lcname =
zend_str_tolower_dup(Z_STRVAL(method_name->u.constant),
Z_STRLEN(method_name->u.constant));
+ char *lcname;
+ if (Z_TYPE(method_name->u.constant) != IS_STRING) {
+ convert_to_string(&method_name->u.constant);
+ }
+ lcname =
zend_str_tolower_dup(Z_STRVAL(method_name->u.constant),
Z_STRLEN(method_name->u.constant));
if ((sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) ==
Z_STRLEN(method_name->u.constant) &&
memcmp(lcname, ZEND_CONSTRUCTOR_FUNC_NAME,
sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) == 0) {
zval_dtor(&method_name->u.constant);
Added: php/php-src/trunk/Zend/tests/bug60611.phpt
===================================================================
--- php/php-src/trunk/Zend/tests/bug60611.phpt (rev 0)
+++ php/php-src/trunk/Zend/tests/bug60611.phpt 2011-12-27 08:38:18 UTC (rev
321429)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #60611 (Segmentation fault with Cls::{expr}() syntax)
+--FILE--
+<?php
+class Cls {
+ function __call($name, $arg) {
+ }
+ static function __callStatic($name, $arg) {
+ }
+}
+
+Cls::{0}();
+Cls::{1.0}();
+Cls::{true}();
+Cls::{false}();
+Cls::{null}();
+
+$cls = new Cls;
+$cls->{0}();
+$cls->{1.0}();
+$cls->{true}();
+$cls->{false}();
+$cls->{null}();
+
+echo "done";
+?>
+--EXPECT--
+done
Modified: php/php-src/trunk/Zend/zend_compile.c
===================================================================
--- php/php-src/trunk/Zend/zend_compile.c 2011-12-27 06:24:33 UTC (rev
321428)
+++ php/php-src/trunk/Zend/zend_compile.c 2011-12-27 08:38:18 UTC (rev
321429)
@@ -1973,9 +1973,10 @@
if (last_op->opcode == ZEND_FETCH_OBJ_R) {
if (last_op->op2_type == IS_CONST) {
zval name;
-
name = CONSTANT(last_op->op2.constant);
- if (!IS_INTERNED(Z_STRVAL(name))) {
+ if (Z_TYPE(name) != IS_STRING) {
+ convert_to_string(&name);
+ } else if (!IS_INTERNED(Z_STRVAL(name))) {
Z_STRVAL(name) = estrndup(Z_STRVAL(name),
Z_STRLEN(name));
}
FREE_POLYMORPHIC_CACHE_SLOT(last_op->op2.constant);
@@ -2367,7 +2368,11 @@
zend_op *opline;
if (method_name->op_type == IS_CONST) {
- char *lcname =
zend_str_tolower_dup(Z_STRVAL(method_name->u.constant),
Z_STRLEN(method_name->u.constant));
+ char *lcname;
+ if (Z_TYPE(method_name->u.constant) != IS_STRING) {
+ convert_to_string(&method_name->u.constant);
+ }
+ lcname =
zend_str_tolower_dup(Z_STRVAL(method_name->u.constant),
Z_STRLEN(method_name->u.constant));
if ((sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) ==
Z_STRLEN(method_name->u.constant) &&
memcmp(lcname, ZEND_CONSTRUCTOR_FUNC_NAME,
sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) == 0) {
zval_dtor(&method_name->u.constant);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
