dmitry                                   Wed, 28 Dec 2011 09:59:39 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=321463

Log:
Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax)

Bug: https://bugs.php.net/60613 (Closed) Segmentation fault with $cls->{expr}() 
syntax
      
Changed paths:
    U   php/php-src/branches/PHP_5_4/NEWS
    A   php/php-src/branches/PHP_5_4/Zend/tests/bug60613.phpt
    U   php/php-src/branches/PHP_5_4/Zend/zend_compile.c
    A   php/php-src/trunk/Zend/tests/bug60613.phpt
    U   php/php-src/trunk/Zend/zend_compile.c

Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS   2011-12-28 09:53:15 UTC (rev 321462)
+++ php/php-src/branches/PHP_5_4/NEWS   2011-12-28 09:59:39 UTC (rev 321463)
@@ -2,6 +2,7 @@
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Jan 2012, PHP 5.4.0 RC5
 - Core:
+  . Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
   . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)

 - CLI SAPI:

Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60613.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60613.phpt                       
        (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60613.phpt       2011-12-28 
09:59:39 UTC (rev 321463)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #60613 (Segmentation fault with $cls->{expr}() syntax)
+--FILE--
+<?php
+class Cls {
+    function __call($name, $arg) {
+    }
+}
+
+$cls = new Cls();
+$cls->{0}();
+$cls->{1.0}();
+$cls->{true}();
+$cls->{false}();
+$cls->{null}();
+echo "ok\n";
+--EXPECT--
+ok
+

Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===================================================================
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c    2011-12-28 09:53:15 UTC 
(rev 321462)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c    2011-12-28 09:59:39 UTC 
(rev 321463)
@@ -89,7 +89,8 @@
        } while (0)

 #define FREE_POLYMORPHIC_CACHE_SLOT(literal) do { \
-               if (CG(active_op_array)->literals[literal].cache_slot == \
+               if (CG(active_op_array)->literals[literal].cache_slot != -1 && \
+                   CG(active_op_array)->literals[literal].cache_slot == \
                    CG(active_op_array)->last_cache_slot - 
POLYMORPHIC_CACHE_SLOT_SIZE) { \
                        CG(active_op_array)->literals[literal].cache_slot = -1; 
\
                        CG(active_op_array)->last_cache_slot -= 
POLYMORPHIC_CACHE_SLOT_SIZE; \

Added: php/php-src/trunk/Zend/tests/bug60613.phpt
===================================================================
--- php/php-src/trunk/Zend/tests/bug60613.phpt                          (rev 0)
+++ php/php-src/trunk/Zend/tests/bug60613.phpt  2011-12-28 09:59:39 UTC (rev 
321463)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #60613 (Segmentation fault with $cls->{expr}() syntax)
+--FILE--
+<?php
+class Cls {
+    function __call($name, $arg) {
+    }
+}
+
+$cls = new Cls();
+$cls->{0}();
+$cls->{1.0}();
+$cls->{true}();
+$cls->{false}();
+$cls->{null}();
+echo "ok\n";
+--EXPECT--
+ok
+

Modified: php/php-src/trunk/Zend/zend_compile.c
===================================================================
--- php/php-src/trunk/Zend/zend_compile.c       2011-12-28 09:53:15 UTC (rev 
321462)
+++ php/php-src/trunk/Zend/zend_compile.c       2011-12-28 09:59:39 UTC (rev 
321463)
@@ -89,7 +89,8 @@
        } while (0)

 #define FREE_POLYMORPHIC_CACHE_SLOT(literal) do { \
-               if (CG(active_op_array)->literals[literal].cache_slot == \
+               if (CG(active_op_array)->literals[literal].cache_slot != -1 && \
+                   CG(active_op_array)->literals[literal].cache_slot == \
                    CG(active_op_array)->last_cache_slot - 
POLYMORPHIC_CACHE_SLOT_SIZE) { \
                        CG(active_op_array)->literals[literal].cache_slot = -1; 
\
                        CG(active_op_array)->last_cache_slot -= 
POLYMORPHIC_CACHE_SLOT_SIZE; \

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to