From 8211026fa7d34b34262d7a3d84395bd83aeb74f4 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 21 Feb 2014 16:39:59 +0800 Subject: [PATCH 1/7] Fixed segfault in ext/standard/tests/strings/add-and-stripslashes.phpt --- ext/standard/string.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ext/standard/string.c b/ext/standard/string.c index 6a96b3cecda..8aa0d5970cd 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -3318,8 +3318,8 @@ PHP_FUNCTION(addcslashes) Escapes single quote, double quotes and backslash characters in a string with backslashes */ PHP_FUNCTION(addslashes) { - char *str; - int str_len; + char *str, *new_str; + int str_len, new_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) { return; @@ -3333,10 +3333,9 @@ PHP_FUNCTION(addslashes) //??? str_len, //??? &Z_STRLEN_P(return_value), 0 //??? TSRMLS_CC), 0); - RETURN_STRING(php_addslashes(str, - str_len, - &Z_STRLEN_P(return_value), 0 - TSRMLS_CC)); + new_str = php_addslashes(str, str_len, &new_len, 0 TSRMLS_CC); + RETVAL_STRINGL(new_str, new_len); + efree(new_str); } /* }}} */ From e193944b3eec77a58d8eb727cb0364de6b70dd72 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 21 Feb 2014 16:56:23 +0800 Subject: [PATCH 2/7] Fixed segfault in ext/standard/tests/strings/addslashes_variation1.php --- Zend/zend_interfaces.c | 2 + Zend/zend_object_handlers.c | 6 +- Zend/zend_vm_def.h | 6 +- Zend/zend_vm_execute.h | 120 ++++++++++++++++++++++++------------ 4 files changed, 89 insertions(+), 45 deletions(-) diff --git a/Zend/zend_interfaces.c b/Zend/zend_interfaces.c index 75f6165c3b9..ab23590960b 100644 --- a/Zend/zend_interfaces.c +++ b/Zend/zend_interfaces.c @@ -62,6 +62,7 @@ ZEND_API zval* zend_call_method(zval *object, zend_class_entry *obj_ce, zend_fun * needed later inside zend_call_function. */ fci.function_table = !object ? EG(function_table) : NULL; result = zend_call_function(&fci, NULL TSRMLS_CC); + zval_ptr_dtor(&fci.function_name); } else { zend_fcall_info_cache fcic; @@ -97,6 +98,7 @@ ZEND_API zval* zend_call_method(zval *object, zend_class_entry *obj_ce, zend_fun } fcic.object_ptr = object; result = zend_call_function(&fci, &fcic TSRMLS_CC); + zval_ptr_dtor(&fci.function_name); } if (result == FAILURE) { /* error at c-level */ diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c index bf688df65f4..eef85d51e78 100644 --- a/Zend/zend_object_handlers.c +++ b/Zend/zend_object_handlers.c @@ -1526,9 +1526,9 @@ ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int ty if (EXPECTED(Z_TYPE(retval) == IS_STRING)) { //??? INIT_PZVAL(writeobj); if (readobj == writeobj) { - zval_dtor(readobj); + zval_ptr_dtor(readobj); } - ZVAL_ZVAL(writeobj, &retval, 1, 1); + ZVAL_COPY_VALUE(writeobj, &retval); if (Z_TYPE_P(writeobj) != type) { convert_to_explicit_type(writeobj, type); } @@ -1537,7 +1537,7 @@ ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int ty zval_ptr_dtor(&retval); //??? INIT_PZVAL(writeobj); if (readobj == writeobj) { - zval_dtor(readobj); + zval_ptr_dtor(readobj); } ZVAL_EMPTY_STRING(writeobj); zend_error(E_RECOVERABLE_ERROR, "Method %s::__toString() must return a string value", ce->name->val); diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index b8868e2a96d..8c0971195c1 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -3620,7 +3620,9 @@ ZEND_VM_HANDLER(72, ZEND_ADD_ARRAY_ELEMENT, CONST|TMP|VAR|CV, CONST|TMP|VAR|UNUS zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=GET_OP1_ZVAL_PTR(BP_VAR_R); if (IS_OP1_TMP_FREE()) { /* temporary variable */ @@ -3634,7 +3636,7 @@ ZEND_VM_HANDLER(72, ZEND_ADD_ARRAY_ELEMENT, CONST|TMP|VAR|CV, CONST|TMP|VAR|UNUS ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; FREE_OP1_IF_VAR(); - } else if (OP1_TYPE == IS_CV) { + } else if (OP1_TYPE == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index dc54e0efea9..be5c464ff85 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -3910,7 +3910,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CONST_HANDLER(ZEND_O zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=opline->op1.zv; if (0) { /* temporary variable */ @@ -3924,7 +3926,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CONST_HANDLER(ZEND_O ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CONST == IS_CV) { + } else if (IS_CONST == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -4747,7 +4749,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_TMP_HANDLER(ZEND_OPC zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=opline->op1.zv; if (0) { /* temporary variable */ @@ -4761,7 +4765,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_TMP_HANDLER(ZEND_OPC ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CONST == IS_CV) { + } else if (IS_CONST == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -5544,7 +5548,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_VAR_HANDLER(ZEND_OPC zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=opline->op1.zv; if (0) { /* temporary variable */ @@ -5558,7 +5564,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_VAR_HANDLER(ZEND_OPC ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CONST == IS_CV) { + } else if (IS_CONST == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -6193,7 +6199,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_UNUSED_HANDLER(ZEND_ zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=opline->op1.zv; if (0) { /* temporary variable */ @@ -6207,7 +6215,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_UNUSED_HANDLER(ZEND_ ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CONST == IS_CV) { + } else if (IS_CONST == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -7073,7 +7081,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CV_HANDLER(ZEND_OPCO zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=opline->op1.zv; if (0) { /* temporary variable */ @@ -7087,7 +7097,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CV_HANDLER(ZEND_OPCO ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CONST == IS_CV) { + } else if (IS_CONST == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -8836,7 +8846,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CONST_HANDLER(ZEND_OPC zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (1) { /* temporary variable */ @@ -8850,7 +8862,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CONST_HANDLER(ZEND_OPC ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_TMP_VAR == IS_CV) { + } else if (IS_TMP_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -9648,7 +9660,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_TMP_HANDLER(ZEND_OPCOD zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (1) { /* temporary variable */ @@ -9662,7 +9676,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_TMP_HANDLER(ZEND_OPCOD ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_TMP_VAR == IS_CV) { + } else if (IS_TMP_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -10453,7 +10467,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_VAR_HANDLER(ZEND_OPCOD zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (1) { /* temporary variable */ @@ -10467,7 +10483,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_VAR_HANDLER(ZEND_OPCOD ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_TMP_VAR == IS_CV) { + } else if (IS_TMP_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -10991,7 +11007,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_UNUSED_HANDLER(ZEND_OP zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (1) { /* temporary variable */ @@ -11005,7 +11023,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_UNUSED_HANDLER(ZEND_OP ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_TMP_VAR == IS_CV) { + } else if (IS_TMP_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -11800,7 +11818,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CV_HANDLER(ZEND_OPCODE zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (1) { /* temporary variable */ @@ -11814,7 +11834,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CV_HANDLER(ZEND_OPCODE ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_TMP_VAR == IS_CV) { + } else if (IS_TMP_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -15053,7 +15073,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_CONST_HANDLER(ZEND_OPC zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_var(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (0) { /* temporary variable */ @@ -15067,7 +15089,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_CONST_HANDLER(ZEND_OPC ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; zval_ptr_dtor_nogc(free_op1.var); - } else if (IS_VAR == IS_CV) { + } else if (IS_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -17181,7 +17203,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_TMP_HANDLER(ZEND_OPCOD zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_var(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (0) { /* temporary variable */ @@ -17195,7 +17219,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_TMP_HANDLER(ZEND_OPCOD ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; zval_ptr_dtor_nogc(free_op1.var); - } else if (IS_VAR == IS_CV) { + } else if (IS_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -19356,7 +19380,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_VAR_HANDLER(ZEND_OPCOD zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_var(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (0) { /* temporary variable */ @@ -19370,7 +19396,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_VAR_HANDLER(ZEND_OPCOD ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; zval_ptr_dtor_nogc(free_op1.var); - } else if (IS_VAR == IS_CV) { + } else if (IS_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -20692,7 +20718,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_UNUSED_HANDLER(ZEND_OP zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_var(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (0) { /* temporary variable */ @@ -20706,7 +20734,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_UNUSED_HANDLER(ZEND_OP ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; zval_ptr_dtor_nogc(free_op1.var); - } else if (IS_VAR == IS_CV) { + } else if (IS_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -22606,7 +22634,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_CV_HANDLER(ZEND_OPCODE zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_var(opline->op1.var, execute_data, &free_op1 TSRMLS_CC); if (0) { /* temporary variable */ @@ -22620,7 +22650,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_CV_HANDLER(ZEND_OPCODE ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; zval_ptr_dtor_nogc(free_op1.var); - } else if (IS_VAR == IS_CV) { + } else if (IS_VAR == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -31338,7 +31368,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_CONST_HANDLER(ZEND_OPCO zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); if (0) { /* temporary variable */ @@ -31352,7 +31384,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_CONST_HANDLER(ZEND_OPCO ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CV == IS_CV) { + } else if (IS_CV == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -33340,7 +33372,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_TMP_HANDLER(ZEND_OPCODE zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); if (0) { /* temporary variable */ @@ -33354,7 +33388,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_TMP_HANDLER(ZEND_OPCODE ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CV == IS_CV) { + } else if (IS_CV == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -35389,7 +35423,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_VAR_HANDLER(ZEND_OPCODE zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); if (0) { /* temporary variable */ @@ -35403,7 +35439,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_VAR_HANDLER(ZEND_OPCODE ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CV == IS_CV) { + } else if (IS_CV == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -36606,7 +36642,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_UNUSED_HANDLER(ZEND_OPC zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); if (0) { /* temporary variable */ @@ -36620,7 +36658,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_UNUSED_HANDLER(ZEND_OPC ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CV == IS_CV) { + } else if (IS_CV == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } @@ -38381,7 +38419,9 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_CV_HANDLER(ZEND_OPCODE_ zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets"); } SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr); - Z_ADDREF_P(expr_ptr); + if (Z_COUNTED_P(expr_ptr)) { + Z_ADDREF_P(expr_ptr); + } } else { expr_ptr=_get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var TSRMLS_CC); if (0) { /* temporary variable */ @@ -38395,7 +38435,7 @@ static int ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_CV_HANDLER(ZEND_OPCODE_ ZVAL_DUP(&new_expr, expr_ptr); expr_ptr = &new_expr; - } else if (IS_CV == IS_CV) { + } else if (IS_CV == IS_CV && Z_COUNTED_P(expr_ptr)) { Z_ADDREF_P(expr_ptr); } } From 2b7ca1c7560a4e2d5d527ba429e0a5fa306624c6 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 21 Feb 2014 21:12:12 +0800 Subject: [PATCH 3/7] Fixed segfault due to missing REFCOUNTED check --- Zend/zend.h | 10 +++++----- Zend/zend_API.c | 4 +++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Zend/zend.h b/Zend/zend.h index 44266c29ce8..b62a022e42d 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -733,11 +733,11 @@ END_EXTERN_C() Z_SET_REFCOUNT_PP(ppzv_dest, refcount); \ } -#define SEPARATE_ARG_IF_REF(varptr) \ - if (Z_ISREF_P(varptr)) { \ - ZVAL_DUP(varptr, Z_REFVAL_P(varptr)); \ - } else { \ - Z_ADDREF_P(varptr); \ +#define SEPARATE_ARG_IF_REF(varptr) \ + if (Z_ISREF_P(varptr)) { \ + ZVAL_DUP(varptr, Z_REFVAL_P(varptr)); \ + } else if (IS_REFCOUNTED(Z_TYPE_P(varptr))) { \ + Z_ADDREF_P(varptr); \ } #define READY_TO_DESTROY(zv) \ diff --git a/Zend/zend_API.c b/Zend/zend_API.c index e2737a270ca..f1ba8717121 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -176,7 +176,9 @@ ZEND_API int zend_copy_parameters_array(int param_count, zval *argument_array TS while (param_count-->0) { zval *param = p-(arg_count--); - Z_ADDREF_P(param); + if (Z_REFCOUNTED_P(param)) { + Z_ADDREF_P(param); + } add_next_index_zval(argument_array, param); } From 882b0a3c24c5a4574761ab32a8d17ab5af6d09ba Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 21 Feb 2014 21:20:50 +0800 Subject: [PATCH 4/7] Fixed segfault due to invalid write --- Zend/zend_language_scanner.c | 312 ++++++++++++++++++----------------- Zend/zend_language_scanner.l | 22 ++- 2 files changed, 177 insertions(+), 157 deletions(-) diff --git a/Zend/zend_language_scanner.c b/Zend/zend_language_scanner.c index 9bcbd552985..20ca452b5a7 100644 --- a/Zend/zend_language_scanner.c +++ b/Zend/zend_language_scanner.c @@ -1094,7 +1094,7 @@ yyc_INITIAL: yy3: YYDEBUG(3, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1744 "Zend/zend_language_scanner.l" +#line 1754 "Zend/zend_language_scanner.l" { if (YYCURSOR > YYLIMIT) { return 0; @@ -1171,7 +1171,7 @@ yy5: yy6: YYDEBUG(6, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1734 "Zend/zend_language_scanner.l" +#line 1744 "Zend/zend_language_scanner.l" { if (CG(short_tags)) { ZVAL_STRINGL(zendlval, yytext, yyleng); @@ -1188,7 +1188,7 @@ yy7: if ((yych = *YYCURSOR) == '=') goto yy43; YYDEBUG(8, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1713 "Zend/zend_language_scanner.l" +#line 1723 "Zend/zend_language_scanner.l" { if (CG(asp_tags)) { //??? ZVAL_STRINGL(zendlval, yytext, yyleng); @@ -1385,7 +1385,7 @@ yy35: ++YYCURSOR; YYDEBUG(38, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1676 "Zend/zend_language_scanner.l" +#line 1686 "Zend/zend_language_scanner.l" { YYCTYPE *bracket = (YYCTYPE*)zend_memrchr(yytext, '<', yyleng - (sizeof("script language=php>") - 1)); @@ -1428,7 +1428,7 @@ yy43: ++YYCURSOR; YYDEBUG(44, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1693 "Zend/zend_language_scanner.l" +#line 1703 "Zend/zend_language_scanner.l" { if (CG(asp_tags)) { //??? ZVAL_STRINGL(zendlval, yytext, yyleng); @@ -1445,7 +1445,7 @@ yy45: ++YYCURSOR; YYDEBUG(46, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1705 "Zend/zend_language_scanner.l" +#line 1715 "Zend/zend_language_scanner.l" { //??? ZVAL_STRINGL(zendlval, yytext, yyleng); ZVAL_STR(zendlval, STR_EMPTY_ALLOC()); /* tricky way to no copying - intentional */ @@ -1479,7 +1479,7 @@ yy50: yy51: YYDEBUG(51, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1725 "Zend/zend_language_scanner.l" +#line 1735 "Zend/zend_language_scanner.l" { //??? ZVAL_STRINGL(zendlval, yytext, yyleng); ZVAL_STR(zendlval, STR_EMPTY_ALLOC()); /* tricky way, no copying intentional */ @@ -1558,7 +1558,7 @@ yyc_ST_BACKQUOTE: yy56: YYDEBUG(56, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2184 "Zend/zend_language_scanner.l" +#line 2194 "Zend/zend_language_scanner.l" { if (YYCURSOR > YYLIMIT) { return 0; @@ -1610,7 +1610,7 @@ yy58: ++YYCURSOR; YYDEBUG(59, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2128 "Zend/zend_language_scanner.l" +#line 2138 "Zend/zend_language_scanner.l" { BEGIN(ST_IN_SCRIPTING); return '`'; @@ -1625,7 +1625,7 @@ yy61: ++YYCURSOR; YYDEBUG(62, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2115 "Zend/zend_language_scanner.l" +#line 2125 "Zend/zend_language_scanner.l" { Z_LVAL_P(zendlval) = (long) '{'; yy_push_state(ST_IN_SCRIPTING TSRMLS_CC); @@ -1648,7 +1648,7 @@ yy63: yy65: YYDEBUG(65, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1823 "Zend/zend_language_scanner.l" +#line 1833 "Zend/zend_language_scanner.l" { zend_copy_value(zendlval, (yytext+1), (yyleng-1)); return T_VARIABLE; @@ -1678,7 +1678,7 @@ yy70: ++YYCURSOR; YYDEBUG(71, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1816 "Zend/zend_language_scanner.l" +#line 1826 "Zend/zend_language_scanner.l" { yyless(yyleng - 1); yy_push_state(ST_VAR_OFFSET TSRMLS_CC); @@ -1703,7 +1703,7 @@ yy73: ++YYCURSOR; YYDEBUG(74, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1807 "Zend/zend_language_scanner.l" +#line 1817 "Zend/zend_language_scanner.l" { yyless(yyleng - 3); yy_push_state(ST_LOOKING_FOR_PROPERTY TSRMLS_CC); @@ -1778,7 +1778,7 @@ yy77: yy78: YYDEBUG(78, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2134 "Zend/zend_language_scanner.l" +#line 2144 "Zend/zend_language_scanner.l" { if (GET_DOUBLE_QUOTES_SCANNED_LENGTH()) { YYCURSOR += GET_DOUBLE_QUOTES_SCANNED_LENGTH() - 1; @@ -1838,7 +1838,7 @@ yy80: ++YYCURSOR; YYDEBUG(81, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2123 "Zend/zend_language_scanner.l" +#line 2133 "Zend/zend_language_scanner.l" { BEGIN(ST_IN_SCRIPTING); return '"'; @@ -1853,7 +1853,7 @@ yy83: ++YYCURSOR; YYDEBUG(84, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2115 "Zend/zend_language_scanner.l" +#line 2125 "Zend/zend_language_scanner.l" { Z_LVAL_P(zendlval) = (long) '{'; yy_push_state(ST_IN_SCRIPTING TSRMLS_CC); @@ -1876,7 +1876,7 @@ yy85: yy87: YYDEBUG(87, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1823 "Zend/zend_language_scanner.l" +#line 1833 "Zend/zend_language_scanner.l" { zend_copy_value(zendlval, (yytext+1), (yyleng-1)); return T_VARIABLE; @@ -1906,7 +1906,7 @@ yy92: ++YYCURSOR; YYDEBUG(93, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1816 "Zend/zend_language_scanner.l" +#line 1826 "Zend/zend_language_scanner.l" { yyless(yyleng - 1); yy_push_state(ST_VAR_OFFSET TSRMLS_CC); @@ -1931,7 +1931,7 @@ yy95: ++YYCURSOR; YYDEBUG(96, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1807 "Zend/zend_language_scanner.l" +#line 1817 "Zend/zend_language_scanner.l" { yyless(yyleng - 3); yy_push_state(ST_LOOKING_FOR_PROPERTY TSRMLS_CC); @@ -1949,7 +1949,7 @@ yyc_ST_END_HEREDOC: ++YYCURSOR; YYDEBUG(100, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2101 "Zend/zend_language_scanner.l" +#line 2111 "Zend/zend_language_scanner.l" { zend_heredoc_label *heredoc_label = zend_ptr_stack_pop(&SCNG(heredoc_label_stack)); @@ -2024,7 +2024,7 @@ yy103: yy104: YYDEBUG(104, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2226 "Zend/zend_language_scanner.l" +#line 2236 "Zend/zend_language_scanner.l" { int newline = 0; @@ -2112,7 +2112,7 @@ yy107: ++YYCURSOR; YYDEBUG(108, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2115 "Zend/zend_language_scanner.l" +#line 2125 "Zend/zend_language_scanner.l" { Z_LVAL_P(zendlval) = (long) '{'; yy_push_state(ST_IN_SCRIPTING TSRMLS_CC); @@ -2135,7 +2135,7 @@ yy109: yy111: YYDEBUG(111, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1823 "Zend/zend_language_scanner.l" +#line 1833 "Zend/zend_language_scanner.l" { zend_copy_value(zendlval, (yytext+1), (yyleng-1)); return T_VARIABLE; @@ -2165,7 +2165,7 @@ yy116: ++YYCURSOR; YYDEBUG(117, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1816 "Zend/zend_language_scanner.l" +#line 1826 "Zend/zend_language_scanner.l" { yyless(yyleng - 1); yy_push_state(ST_VAR_OFFSET TSRMLS_CC); @@ -2190,7 +2190,7 @@ yy119: ++YYCURSOR; YYDEBUG(120, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1807 "Zend/zend_language_scanner.l" +#line 1817 "Zend/zend_language_scanner.l" { yyless(yyleng - 3); yy_push_state(ST_LOOKING_FOR_PROPERTY TSRMLS_CC); @@ -2380,7 +2380,7 @@ yy123: yy124: YYDEBUG(124, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1845 "Zend/zend_language_scanner.l" +#line 1855 "Zend/zend_language_scanner.l" { zend_copy_value(zendlval, yytext, yyleng); return T_STRING; @@ -2981,7 +2981,7 @@ yy176: yy177: YYDEBUG(177, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1851 "Zend/zend_language_scanner.l" +#line 1861 "Zend/zend_language_scanner.l" { while (YYCURSOR < YYLIMIT) { switch (*YYCURSOR++) { @@ -3022,7 +3022,7 @@ yy178: yy179: YYDEBUG(179, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1938 "Zend/zend_language_scanner.l" +#line 1948 "Zend/zend_language_scanner.l" { register char *s, *t; char *end; @@ -3095,7 +3095,7 @@ yy180: yy181: YYDEBUG(181, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2005 "Zend/zend_language_scanner.l" +#line 2015 "Zend/zend_language_scanner.l" { int bprefix = (yytext[0] != '"') ? 1 : 0; @@ -3142,7 +3142,7 @@ yy182: ++YYCURSOR; YYDEBUG(183, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2095 "Zend/zend_language_scanner.l" +#line 2105 "Zend/zend_language_scanner.l" { BEGIN(ST_BACKQUOTE); return '`'; @@ -3153,7 +3153,7 @@ yy184: ++YYCURSOR; YYDEBUG(185, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2357 "Zend/zend_language_scanner.l" +#line 2367 "Zend/zend_language_scanner.l" { if (YYCURSOR > YYLIMIT) { return 0; @@ -3355,7 +3355,7 @@ yy206: yy207: YYDEBUG(207, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1918 "Zend/zend_language_scanner.l" +#line 1928 "Zend/zend_language_scanner.l" { //??? ZVAL_STRINGL(zendlval, yytext, yyleng); ZVAL_STR(zendlval, STR_EMPTY_ALLOC()); /* tricky way to no copying - intentional */ @@ -3396,7 +3396,7 @@ yy210: yy212: YYDEBUG(212, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1823 "Zend/zend_language_scanner.l" +#line 1833 "Zend/zend_language_scanner.l" { zend_copy_value(zendlval, (yytext+1), (yyleng-1)); return T_VARIABLE; @@ -3491,7 +3491,7 @@ yy228: yy229: YYDEBUG(229, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1926 "Zend/zend_language_scanner.l" +#line 1936 "Zend/zend_language_scanner.l" { if (CG(asp_tags)) { BEGIN(INITIAL); @@ -3530,7 +3530,7 @@ yy234: yy235: YYDEBUG(235, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1885 "Zend/zend_language_scanner.l" +#line 1895 "Zend/zend_language_scanner.l" { int doc_com; @@ -3837,7 +3837,7 @@ yy275: yy276: YYDEBUG(276, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2047 "Zend/zend_language_scanner.l" +#line 2057 "Zend/zend_language_scanner.l" { char *s; int bprefix = (yytext[0] != '<') ? 1 : 0; @@ -4132,7 +4132,7 @@ yy313: } YYDEBUG(316, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1667 "Zend/zend_language_scanner.l" +#line 1677 "Zend/zend_language_scanner.l" { if (Z_TYPE(CG(current_namespace)) != IS_UNDEF) { ZVAL_DUP(zendlval, &CG(current_namespace)); @@ -4161,7 +4161,7 @@ yy318: } YYDEBUG(321, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1642 "Zend/zend_language_scanner.l" +#line 1652 "Zend/zend_language_scanner.l" { zend_string *filename = zend_get_compiled_filename(TSRMLS_C); zend_string *dirname; @@ -4211,7 +4211,7 @@ yy324: } YYDEBUG(327, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1627 "Zend/zend_language_scanner.l" +#line 1637 "Zend/zend_language_scanner.l" { ZVAL_LONG(zendlval, CG(zend_lineno)); return T_LINE; @@ -4255,16 +4255,26 @@ yy332: { const char *class_name = CG(active_class_entry) ? CG(active_class_entry)->name->val : NULL; const char *func_name = CG(active_op_array)? CG(active_op_array)->function_name->val : NULL; +//??? +// Z_STRLEN_P(zendlval) = zend_spprintf((char**)&Z_STRVAL_P(zendlval), 0, "%s%s%s", +// class_name ? class_name : "", +// class_name && func_name ? "::" : "", +// func_name ? func_name : "" +// ); +// zendlval->type = IS_STRING; + char *method_name; + int method_len; - Z_STRLEN_P(zendlval) = zend_spprintf((char**)&Z_STRVAL_P(zendlval), 0, "%s%s%s", - class_name ? class_name : "", - class_name && func_name ? "::" : "", - func_name ? func_name : "" - ); - zendlval->type = IS_STRING; + method_len = zend_spprintf(&method_name, 0, "%s%s%s", + class_name ? class_name : "", + class_name && func_name ? "::" : "", + func_name ? func_name : "" + ); + ZVAL_STRINGL(zendlval, method_name, method_len); + efree(method_name); return T_METHOD_C; } -#line 4268 "Zend/zend_language_scanner.c" +#line 4278 "Zend/zend_language_scanner.c" yy336: YYDEBUG(336, *YYCURSOR); yych = *++YYCURSOR; @@ -4326,7 +4336,7 @@ yy343: } return T_FUNC_C; } -#line 4330 "Zend/zend_language_scanner.c" +#line 4340 "Zend/zend_language_scanner.c" yy347: YYDEBUG(347, *YYCURSOR); yych = *++YYCURSOR; @@ -4346,7 +4356,7 @@ yy348: } YYDEBUG(351, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1632 "Zend/zend_language_scanner.l" +#line 1642 "Zend/zend_language_scanner.l" { zend_string *filename = zend_get_compiled_filename(TSRMLS_C); @@ -4356,7 +4366,7 @@ yy348: ZVAL_STR(zendlval, filename); return T_FILE; } -#line 4360 "Zend/zend_language_scanner.c" +#line 4370 "Zend/zend_language_scanner.c" yy352: YYDEBUG(352, *YYCURSOR); yych = *++YYCURSOR; @@ -4397,7 +4407,7 @@ yy355: } return T_TRAIT_C; } -#line 4401 "Zend/zend_language_scanner.c" +#line 4411 "Zend/zend_language_scanner.c" yy359: YYDEBUG(359, *YYCURSOR); yych = *++YYCURSOR; @@ -4445,7 +4455,7 @@ yy362: } return T_CLASS_C; } -#line 4449 "Zend/zend_language_scanner.c" +#line 4459 "Zend/zend_language_scanner.c" yy366: YYDEBUG(366, *YYCURSOR); yych = *++YYCURSOR; @@ -4511,7 +4521,7 @@ yy377: { return T_HALT_COMPILER; } -#line 4515 "Zend/zend_language_scanner.c" +#line 4525 "Zend/zend_language_scanner.c" yy379: YYDEBUG(379, *YYCURSOR); yych = *++YYCURSOR; @@ -4535,7 +4545,7 @@ yy381: { return T_USE; } -#line 4539 "Zend/zend_language_scanner.c" +#line 4549 "Zend/zend_language_scanner.c" yy383: YYDEBUG(383, *YYCURSOR); yych = *++YYCURSOR; @@ -4558,7 +4568,7 @@ yy385: { return T_UNSET; } -#line 4562 "Zend/zend_language_scanner.c" +#line 4572 "Zend/zend_language_scanner.c" yy387: YYDEBUG(387, *YYCURSOR); ++YYCURSOR; @@ -4734,7 +4744,7 @@ yy402: { return T_INT_CAST; } -#line 4738 "Zend/zend_language_scanner.c" +#line 4748 "Zend/zend_language_scanner.c" yy405: YYDEBUG(405, *YYCURSOR); yych = *++YYCURSOR; @@ -4782,7 +4792,7 @@ yy410: { return T_DOUBLE_CAST; } -#line 4786 "Zend/zend_language_scanner.c" +#line 4796 "Zend/zend_language_scanner.c" yy414: YYDEBUG(414, *YYCURSOR); yych = *++YYCURSOR; @@ -4856,7 +4866,7 @@ yy424: { return T_STRING_CAST; } -#line 4860 "Zend/zend_language_scanner.c" +#line 4870 "Zend/zend_language_scanner.c" yy428: YYDEBUG(428, *YYCURSOR); yych = *++YYCURSOR; @@ -4893,7 +4903,7 @@ yy431: { return T_ARRAY_CAST; } -#line 4897 "Zend/zend_language_scanner.c" +#line 4907 "Zend/zend_language_scanner.c" yy435: YYDEBUG(435, *YYCURSOR); yych = *++YYCURSOR; @@ -4935,7 +4945,7 @@ yy439: { return T_OBJECT_CAST; } -#line 4939 "Zend/zend_language_scanner.c" +#line 4949 "Zend/zend_language_scanner.c" yy443: YYDEBUG(443, *YYCURSOR); yych = *++YYCURSOR; @@ -4980,7 +4990,7 @@ yy448: { return T_BOOL_CAST; } -#line 4984 "Zend/zend_language_scanner.c" +#line 4994 "Zend/zend_language_scanner.c" yy451: YYDEBUG(451, *YYCURSOR); yych = *++YYCURSOR; @@ -5044,7 +5054,7 @@ yy459: { return T_UNSET_CAST; } -#line 5048 "Zend/zend_language_scanner.c" +#line 5058 "Zend/zend_language_scanner.c" yy463: YYDEBUG(463, *YYCURSOR); yych = *++YYCURSOR; @@ -5062,7 +5072,7 @@ yy464: { return T_VAR; } -#line 5066 "Zend/zend_language_scanner.c" +#line 5076 "Zend/zend_language_scanner.c" yy466: YYDEBUG(466, *YYCURSOR); yych = *++YYCURSOR; @@ -5086,7 +5096,7 @@ yy468: { return T_NEW; } -#line 5090 "Zend/zend_language_scanner.c" +#line 5100 "Zend/zend_language_scanner.c" yy470: YYDEBUG(470, *YYCURSOR); yych = *++YYCURSOR; @@ -5129,7 +5139,7 @@ yy476: { return T_NAMESPACE; } -#line 5133 "Zend/zend_language_scanner.c" +#line 5143 "Zend/zend_language_scanner.c" yy478: YYDEBUG(478, *YYCURSOR); yyaccept = 3; @@ -5155,7 +5165,7 @@ yy480: { return T_CONCAT_EQUAL; } -#line 5159 "Zend/zend_language_scanner.c" +#line 5169 "Zend/zend_language_scanner.c" yy482: YYDEBUG(482, *YYCURSOR); yych = *++YYCURSOR; @@ -5168,7 +5178,7 @@ yy482: { return T_ELLIPSIS; } -#line 5172 "Zend/zend_language_scanner.c" +#line 5182 "Zend/zend_language_scanner.c" yy485: YYDEBUG(485, *YYCURSOR); ++YYCURSOR; @@ -5178,7 +5188,7 @@ yy485: { return T_PAAMAYIM_NEKUDOTAYIM; } -#line 5182 "Zend/zend_language_scanner.c" +#line 5192 "Zend/zend_language_scanner.c" yy487: YYDEBUG(487, *YYCURSOR); ++YYCURSOR; @@ -5204,7 +5214,7 @@ yy489: { return T_MINUS_EQUAL; } -#line 5208 "Zend/zend_language_scanner.c" +#line 5218 "Zend/zend_language_scanner.c" yy491: YYDEBUG(491, *YYCURSOR); ++YYCURSOR; @@ -5214,7 +5224,7 @@ yy491: { return T_DEC; } -#line 5218 "Zend/zend_language_scanner.c" +#line 5228 "Zend/zend_language_scanner.c" yy493: YYDEBUG(493, *YYCURSOR); ++YYCURSOR; @@ -5225,7 +5235,7 @@ yy493: yy_push_state(ST_LOOKING_FOR_PROPERTY TSRMLS_CC); return T_OBJECT_OPERATOR; } -#line 5229 "Zend/zend_language_scanner.c" +#line 5239 "Zend/zend_language_scanner.c" yy495: YYDEBUG(495, *YYCURSOR); yych = *++YYCURSOR; @@ -5274,7 +5284,7 @@ yy500: { return T_PUBLIC; } -#line 5278 "Zend/zend_language_scanner.c" +#line 5288 "Zend/zend_language_scanner.c" yy502: YYDEBUG(502, *YYCURSOR); yych = *++YYCURSOR; @@ -5333,7 +5343,7 @@ yy509: { return T_PROTECTED; } -#line 5337 "Zend/zend_language_scanner.c" +#line 5347 "Zend/zend_language_scanner.c" yy511: YYDEBUG(511, *YYCURSOR); yych = *++YYCURSOR; @@ -5367,7 +5377,7 @@ yy515: { return T_PRIVATE; } -#line 5371 "Zend/zend_language_scanner.c" +#line 5381 "Zend/zend_language_scanner.c" yy517: YYDEBUG(517, *YYCURSOR); ++YYCURSOR; @@ -5380,7 +5390,7 @@ yy517: { return T_PRINT; } -#line 5384 "Zend/zend_language_scanner.c" +#line 5394 "Zend/zend_language_scanner.c" yy519: YYDEBUG(519, *YYCURSOR); yych = *++YYCURSOR; @@ -5409,7 +5419,7 @@ yy522: { return T_GOTO; } -#line 5413 "Zend/zend_language_scanner.c" +#line 5423 "Zend/zend_language_scanner.c" yy524: YYDEBUG(524, *YYCURSOR); yych = *++YYCURSOR; @@ -5437,7 +5447,7 @@ yy527: { return T_GLOBAL; } -#line 5441 "Zend/zend_language_scanner.c" +#line 5451 "Zend/zend_language_scanner.c" yy529: YYDEBUG(529, *YYCURSOR); yych = *++YYCURSOR; @@ -5478,7 +5488,7 @@ yy535: { return T_BREAK; } -#line 5482 "Zend/zend_language_scanner.c" +#line 5492 "Zend/zend_language_scanner.c" yy537: YYDEBUG(537, *YYCURSOR); yych = *++YYCURSOR; @@ -5522,7 +5532,7 @@ yy543: { return T_SWITCH; } -#line 5526 "Zend/zend_language_scanner.c" +#line 5536 "Zend/zend_language_scanner.c" yy545: YYDEBUG(545, *YYCURSOR); yych = *++YYCURSOR; @@ -5550,7 +5560,7 @@ yy548: { return T_STATIC; } -#line 5554 "Zend/zend_language_scanner.c" +#line 5564 "Zend/zend_language_scanner.c" yy550: YYDEBUG(550, *YYCURSOR); yych = *++YYCURSOR; @@ -5581,7 +5591,7 @@ yy553: { return T_AS; } -#line 5585 "Zend/zend_language_scanner.c" +#line 5595 "Zend/zend_language_scanner.c" yy555: YYDEBUG(555, *YYCURSOR); yych = *++YYCURSOR; @@ -5604,7 +5614,7 @@ yy557: { return T_ARRAY; } -#line 5608 "Zend/zend_language_scanner.c" +#line 5618 "Zend/zend_language_scanner.c" yy559: YYDEBUG(559, *YYCURSOR); ++YYCURSOR; @@ -5617,7 +5627,7 @@ yy559: { return T_LOGICAL_AND; } -#line 5621 "Zend/zend_language_scanner.c" +#line 5631 "Zend/zend_language_scanner.c" yy561: YYDEBUG(561, *YYCURSOR); yych = *++YYCURSOR; @@ -5655,7 +5665,7 @@ yy566: { return T_ABSTRACT; } -#line 5659 "Zend/zend_language_scanner.c" +#line 5669 "Zend/zend_language_scanner.c" yy568: YYDEBUG(568, *YYCURSOR); yych = *++YYCURSOR; @@ -5683,7 +5693,7 @@ yy571: { return T_WHILE; } -#line 5687 "Zend/zend_language_scanner.c" +#line 5697 "Zend/zend_language_scanner.c" yy573: YYDEBUG(573, *YYCURSOR); ++YYCURSOR; @@ -5696,7 +5706,7 @@ yy573: { return T_IF; } -#line 5700 "Zend/zend_language_scanner.c" +#line 5710 "Zend/zend_language_scanner.c" yy575: YYDEBUG(575, *YYCURSOR); yych = *++YYCURSOR; @@ -5752,7 +5762,7 @@ yy580: { return T_ISSET; } -#line 5756 "Zend/zend_language_scanner.c" +#line 5766 "Zend/zend_language_scanner.c" yy582: YYDEBUG(582, *YYCURSOR); yych = *++YYCURSOR; @@ -5810,7 +5820,7 @@ yy589: { return T_INCLUDE; } -#line 5814 "Zend/zend_language_scanner.c" +#line 5824 "Zend/zend_language_scanner.c" yy590: YYDEBUG(590, *YYCURSOR); yych = *++YYCURSOR; @@ -5843,7 +5853,7 @@ yy594: { return T_INCLUDE_ONCE; } -#line 5847 "Zend/zend_language_scanner.c" +#line 5857 "Zend/zend_language_scanner.c" yy596: YYDEBUG(596, *YYCURSOR); yych = *++YYCURSOR; @@ -5881,7 +5891,7 @@ yy601: { return T_INTERFACE; } -#line 5885 "Zend/zend_language_scanner.c" +#line 5895 "Zend/zend_language_scanner.c" yy603: YYDEBUG(603, *YYCURSOR); yych = *++YYCURSOR; @@ -5935,7 +5945,7 @@ yy609: { return T_INSTEADOF; } -#line 5939 "Zend/zend_language_scanner.c" +#line 5949 "Zend/zend_language_scanner.c" yy611: YYDEBUG(611, *YYCURSOR); yych = *++YYCURSOR; @@ -5968,7 +5978,7 @@ yy615: { return T_INSTANCEOF; } -#line 5972 "Zend/zend_language_scanner.c" +#line 5982 "Zend/zend_language_scanner.c" yy617: YYDEBUG(617, *YYCURSOR); yych = *++YYCURSOR; @@ -6016,7 +6026,7 @@ yy624: { return T_IMPLEMENTS; } -#line 6020 "Zend/zend_language_scanner.c" +#line 6030 "Zend/zend_language_scanner.c" yy626: YYDEBUG(626, *YYCURSOR); yych = *++YYCURSOR; @@ -6048,7 +6058,7 @@ yy627: { return T_TRY; } -#line 6052 "Zend/zend_language_scanner.c" +#line 6062 "Zend/zend_language_scanner.c" yy630: YYDEBUG(630, *YYCURSOR); yych = *++YYCURSOR; @@ -6071,7 +6081,7 @@ yy632: { return T_TRAIT; } -#line 6075 "Zend/zend_language_scanner.c" +#line 6085 "Zend/zend_language_scanner.c" yy634: YYDEBUG(634, *YYCURSOR); yych = *++YYCURSOR; @@ -6094,7 +6104,7 @@ yy636: { return T_THROW; } -#line 6098 "Zend/zend_language_scanner.c" +#line 6108 "Zend/zend_language_scanner.c" yy638: YYDEBUG(638, *YYCURSOR); yych = *++YYCURSOR; @@ -6122,7 +6132,7 @@ yy641: { return T_YIELD; } -#line 6126 "Zend/zend_language_scanner.c" +#line 6136 "Zend/zend_language_scanner.c" yy643: YYDEBUG(643, *YYCURSOR); yych = *++YYCURSOR; @@ -6187,7 +6197,7 @@ yy650: { return T_REQUIRE; } -#line 6191 "Zend/zend_language_scanner.c" +#line 6201 "Zend/zend_language_scanner.c" yy651: YYDEBUG(651, *YYCURSOR); yych = *++YYCURSOR; @@ -6220,7 +6230,7 @@ yy655: { return T_REQUIRE_ONCE; } -#line 6224 "Zend/zend_language_scanner.c" +#line 6234 "Zend/zend_language_scanner.c" yy657: YYDEBUG(657, *YYCURSOR); yych = *++YYCURSOR; @@ -6243,7 +6253,7 @@ yy659: { return T_RETURN; } -#line 6247 "Zend/zend_language_scanner.c" +#line 6257 "Zend/zend_language_scanner.c" yy661: YYDEBUG(661, *YYCURSOR); yych = *++YYCURSOR; @@ -6337,7 +6347,7 @@ yy670: { return T_CONTINUE; } -#line 6341 "Zend/zend_language_scanner.c" +#line 6351 "Zend/zend_language_scanner.c" yy672: YYDEBUG(672, *YYCURSOR); ++YYCURSOR; @@ -6350,7 +6360,7 @@ yy672: { return T_CONST; } -#line 6354 "Zend/zend_language_scanner.c" +#line 6364 "Zend/zend_language_scanner.c" yy674: YYDEBUG(674, *YYCURSOR); yych = *++YYCURSOR; @@ -6379,7 +6389,7 @@ yy677: { return T_CLONE; } -#line 6383 "Zend/zend_language_scanner.c" +#line 6393 "Zend/zend_language_scanner.c" yy679: YYDEBUG(679, *YYCURSOR); yych = *++YYCURSOR; @@ -6397,7 +6407,7 @@ yy680: { return T_CLASS; } -#line 6401 "Zend/zend_language_scanner.c" +#line 6411 "Zend/zend_language_scanner.c" yy682: YYDEBUG(682, *YYCURSOR); yych = *++YYCURSOR; @@ -6447,7 +6457,7 @@ yy689: { return T_CALLABLE; } -#line 6451 "Zend/zend_language_scanner.c" +#line 6461 "Zend/zend_language_scanner.c" yy691: YYDEBUG(691, *YYCURSOR); ++YYCURSOR; @@ -6460,7 +6470,7 @@ yy691: { return T_CASE; } -#line 6464 "Zend/zend_language_scanner.c" +#line 6474 "Zend/zend_language_scanner.c" yy693: YYDEBUG(693, *YYCURSOR); yych = *++YYCURSOR; @@ -6478,7 +6488,7 @@ yy694: { return T_CATCH; } -#line 6482 "Zend/zend_language_scanner.c" +#line 6492 "Zend/zend_language_scanner.c" yy696: YYDEBUG(696, *YYCURSOR); yych = *++YYCURSOR; @@ -6533,7 +6543,7 @@ yy704: { return T_FUNCTION; } -#line 6537 "Zend/zend_language_scanner.c" +#line 6547 "Zend/zend_language_scanner.c" yy706: YYDEBUG(706, *YYCURSOR); ++YYCURSOR; @@ -6561,7 +6571,7 @@ yy707: { return T_FOR; } -#line 6565 "Zend/zend_language_scanner.c" +#line 6575 "Zend/zend_language_scanner.c" yy708: YYDEBUG(708, *YYCURSOR); yych = *++YYCURSOR; @@ -6589,7 +6599,7 @@ yy711: { return T_FOREACH; } -#line 6593 "Zend/zend_language_scanner.c" +#line 6603 "Zend/zend_language_scanner.c" yy713: YYDEBUG(713, *YYCURSOR); yych = *++YYCURSOR; @@ -6627,7 +6637,7 @@ yy716: { return T_FINAL; } -#line 6631 "Zend/zend_language_scanner.c" +#line 6641 "Zend/zend_language_scanner.c" yy717: YYDEBUG(717, *YYCURSOR); yych = *++YYCURSOR; @@ -6645,7 +6655,7 @@ yy718: { return T_FINALLY; } -#line 6649 "Zend/zend_language_scanner.c" +#line 6659 "Zend/zend_language_scanner.c" yy720: YYDEBUG(720, *YYCURSOR); yych = *++YYCURSOR; @@ -6680,7 +6690,7 @@ yy722: { return T_DO; } -#line 6684 "Zend/zend_language_scanner.c" +#line 6694 "Zend/zend_language_scanner.c" yy724: YYDEBUG(724, *YYCURSOR); ++YYCURSOR; @@ -6693,7 +6703,7 @@ yy724: { return T_EXIT; } -#line 6697 "Zend/zend_language_scanner.c" +#line 6707 "Zend/zend_language_scanner.c" yy726: YYDEBUG(726, *YYCURSOR); yych = *++YYCURSOR; @@ -6732,7 +6742,7 @@ yy731: { return T_DEFAULT; } -#line 6736 "Zend/zend_language_scanner.c" +#line 6746 "Zend/zend_language_scanner.c" yy733: YYDEBUG(733, *YYCURSOR); yych = *++YYCURSOR; @@ -6760,7 +6770,7 @@ yy736: { return T_DECLARE; } -#line 6764 "Zend/zend_language_scanner.c" +#line 6774 "Zend/zend_language_scanner.c" yy738: YYDEBUG(738, *YYCURSOR); yych = *++YYCURSOR; @@ -6844,7 +6854,7 @@ yy749: { return T_EXTENDS; } -#line 6848 "Zend/zend_language_scanner.c" +#line 6858 "Zend/zend_language_scanner.c" yy751: YYDEBUG(751, *YYCURSOR); ++YYCURSOR; @@ -6857,7 +6867,7 @@ yy751: { return T_EXIT; } -#line 6861 "Zend/zend_language_scanner.c" +#line 6871 "Zend/zend_language_scanner.c" yy753: YYDEBUG(753, *YYCURSOR); yych = *++YYCURSOR; @@ -6875,7 +6885,7 @@ yy754: { return T_EVAL; } -#line 6879 "Zend/zend_language_scanner.c" +#line 6889 "Zend/zend_language_scanner.c" yy756: YYDEBUG(756, *YYCURSOR); yych = *++YYCURSOR; @@ -6949,7 +6959,7 @@ yy765: { return T_ENDWHILE; } -#line 6953 "Zend/zend_language_scanner.c" +#line 6963 "Zend/zend_language_scanner.c" yy767: YYDEBUG(767, *YYCURSOR); yych = *++YYCURSOR; @@ -6982,7 +6992,7 @@ yy771: { return T_ENDSWITCH; } -#line 6986 "Zend/zend_language_scanner.c" +#line 6996 "Zend/zend_language_scanner.c" yy773: YYDEBUG(773, *YYCURSOR); ++YYCURSOR; @@ -6995,7 +7005,7 @@ yy773: { return T_ENDIF; } -#line 6999 "Zend/zend_language_scanner.c" +#line 7009 "Zend/zend_language_scanner.c" yy775: YYDEBUG(775, *YYCURSOR); yych = *++YYCURSOR; @@ -7028,7 +7038,7 @@ yy777: { return T_ENDFOR; } -#line 7032 "Zend/zend_language_scanner.c" +#line 7042 "Zend/zend_language_scanner.c" yy778: YYDEBUG(778, *YYCURSOR); yych = *++YYCURSOR; @@ -7056,7 +7066,7 @@ yy781: { return T_ENDFOREACH; } -#line 7060 "Zend/zend_language_scanner.c" +#line 7070 "Zend/zend_language_scanner.c" yy783: YYDEBUG(783, *YYCURSOR); yych = *++YYCURSOR; @@ -7094,7 +7104,7 @@ yy788: { return T_ENDDECLARE; } -#line 7098 "Zend/zend_language_scanner.c" +#line 7108 "Zend/zend_language_scanner.c" yy790: YYDEBUG(790, *YYCURSOR); yych = *++YYCURSOR; @@ -7117,7 +7127,7 @@ yy792: { return T_EMPTY; } -#line 7121 "Zend/zend_language_scanner.c" +#line 7131 "Zend/zend_language_scanner.c" yy794: YYDEBUG(794, *YYCURSOR); yych = *++YYCURSOR; @@ -7150,7 +7160,7 @@ yy796: { return T_ELSE; } -#line 7154 "Zend/zend_language_scanner.c" +#line 7164 "Zend/zend_language_scanner.c" yy797: YYDEBUG(797, *YYCURSOR); yych = *++YYCURSOR; @@ -7168,7 +7178,7 @@ yy798: { return T_ELSEIF; } -#line 7172 "Zend/zend_language_scanner.c" +#line 7182 "Zend/zend_language_scanner.c" yy800: YYDEBUG(800, *YYCURSOR); yych = *++YYCURSOR; @@ -7186,7 +7196,7 @@ yy801: { return T_ECHO; } -#line 7190 "Zend/zend_language_scanner.c" +#line 7200 "Zend/zend_language_scanner.c" } /* *********************************** */ yyc_ST_LOOKING_FOR_PROPERTY: @@ -7266,7 +7276,7 @@ yy806: HANDLE_NEWLINES(yytext, yyleng); return T_WHITESPACE; } -#line 7270 "Zend/zend_language_scanner.c" +#line 7280 "Zend/zend_language_scanner.c" yy807: YYDEBUG(807, *YYCURSOR); ++YYCURSOR; @@ -7280,7 +7290,7 @@ yy808: yy_pop_state(TSRMLS_C); goto restart; } -#line 7284 "Zend/zend_language_scanner.c" +#line 7294 "Zend/zend_language_scanner.c" yy809: YYDEBUG(809, *YYCURSOR); ++YYCURSOR; @@ -7295,7 +7305,7 @@ yy810: zend_copy_value(zendlval, yytext, yyleng); return T_STRING; } -#line 7299 "Zend/zend_language_scanner.c" +#line 7309 "Zend/zend_language_scanner.c" yy811: YYDEBUG(811, *YYCURSOR); yych = *++YYCURSOR; @@ -7320,7 +7330,7 @@ yy814: { return T_OBJECT_OPERATOR; } -#line 7324 "Zend/zend_language_scanner.c" +#line 7334 "Zend/zend_language_scanner.c" yy816: YYDEBUG(816, *YYCURSOR); ++YYCURSOR; @@ -7412,7 +7422,7 @@ yy821: yy_push_state(ST_IN_SCRIPTING TSRMLS_CC); goto restart; } -#line 7416 "Zend/zend_language_scanner.c" +#line 7426 "Zend/zend_language_scanner.c" yy822: YYDEBUG(822, *YYCURSOR); yych = *++YYCURSOR; @@ -7445,7 +7455,7 @@ yy826: yy_push_state(ST_IN_SCRIPTING TSRMLS_CC); return T_STRING_VARNAME; } -#line 7449 "Zend/zend_language_scanner.c" +#line 7459 "Zend/zend_language_scanner.c" } /* *********************************** */ yyc_ST_NOWDOC: @@ -7456,7 +7466,7 @@ yyc_ST_NOWDOC: ++YYCURSOR; YYDEBUG(831, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2300 "Zend/zend_language_scanner.l" +#line 2310 "Zend/zend_language_scanner.l" { int newline = 0; @@ -7512,7 +7522,7 @@ nowdoc_scan_done: HANDLE_NEWLINES(yytext, yyleng - newline); return T_ENCAPSED_AND_WHITESPACE; } -#line 7516 "Zend/zend_language_scanner.c" +#line 7526 "Zend/zend_language_scanner.c" /* *********************************** */ yyc_ST_VAR_OFFSET: { @@ -7628,7 +7638,7 @@ yy835: } return T_NUM_STRING; } -#line 7632 "Zend/zend_language_scanner.c" +#line 7642 "Zend/zend_language_scanner.c" yy836: YYDEBUG(836, *YYCURSOR); yych = *++YYCURSOR; @@ -7648,23 +7658,23 @@ yy837: yy838: YYDEBUG(838, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1833 "Zend/zend_language_scanner.l" +#line 1843 "Zend/zend_language_scanner.l" { /* Only '[' can be valid, but returning other tokens will allow a more explicit parse error */ return yytext[0]; } -#line 7657 "Zend/zend_language_scanner.c" +#line 7667 "Zend/zend_language_scanner.c" yy839: YYDEBUG(839, *YYCURSOR); ++YYCURSOR; YYDEBUG(840, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1828 "Zend/zend_language_scanner.l" +#line 1838 "Zend/zend_language_scanner.l" { yy_pop_state(TSRMLS_C); return ']'; } -#line 7668 "Zend/zend_language_scanner.c" +#line 7678 "Zend/zend_language_scanner.c" yy841: YYDEBUG(841, *YYCURSOR); yych = *++YYCURSOR; @@ -7674,14 +7684,14 @@ yy842: ++YYCURSOR; YYDEBUG(843, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1838 "Zend/zend_language_scanner.l" +#line 1848 "Zend/zend_language_scanner.l" { /* Invalid rule to return a more explicit parse error with proper line number */ yyless(0); yy_pop_state(TSRMLS_C); return T_ENCAPSED_AND_WHITESPACE; } -#line 7685 "Zend/zend_language_scanner.c" +#line 7695 "Zend/zend_language_scanner.c" yy844: YYDEBUG(844, *YYCURSOR); ++YYCURSOR; @@ -7690,18 +7700,18 @@ yy844: yy845: YYDEBUG(845, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1845 "Zend/zend_language_scanner.l" +#line 1855 "Zend/zend_language_scanner.l" { zend_copy_value(zendlval, yytext, yyleng); return T_STRING; } -#line 7699 "Zend/zend_language_scanner.c" +#line 7709 "Zend/zend_language_scanner.c" yy846: YYDEBUG(846, *YYCURSOR); ++YYCURSOR; YYDEBUG(847, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 2357 "Zend/zend_language_scanner.l" +#line 2367 "Zend/zend_language_scanner.l" { if (YYCURSOR > YYLIMIT) { return 0; @@ -7710,7 +7720,7 @@ yy846: zend_error(E_COMPILE_WARNING,"Unexpected character in input: '%c' (ASCII=%d) state=%d", yytext[0], yytext[0], YYSTATE); goto restart; } -#line 7714 "Zend/zend_language_scanner.c" +#line 7724 "Zend/zend_language_scanner.c" yy848: YYDEBUG(848, *YYCURSOR); ++YYCURSOR; @@ -7746,12 +7756,12 @@ yy850: yy852: YYDEBUG(852, *YYCURSOR); yyleng = YYCURSOR - SCNG(yy_text); -#line 1823 "Zend/zend_language_scanner.l" +#line 1833 "Zend/zend_language_scanner.l" { zend_copy_value(zendlval, (yytext+1), (yyleng-1)); return T_VARIABLE; } -#line 7755 "Zend/zend_language_scanner.c" +#line 7765 "Zend/zend_language_scanner.c" yy853: YYDEBUG(853, *YYCURSOR); ++YYCURSOR; @@ -7796,7 +7806,7 @@ yy860: ZVAL_STRINGL(zendlval, yytext, yyleng); return T_NUM_STRING; } -#line 7800 "Zend/zend_language_scanner.c" +#line 7810 "Zend/zend_language_scanner.c" yy861: YYDEBUG(861, *YYCURSOR); ++YYCURSOR; @@ -7819,6 +7829,6 @@ yy863: goto yy860; } } -#line 2366 "Zend/zend_language_scanner.l" +#line 2376 "Zend/zend_language_scanner.l" } diff --git a/Zend/zend_language_scanner.l b/Zend/zend_language_scanner.l index a4275a8695b..c564648dabd 100644 --- a/Zend/zend_language_scanner.l +++ b/Zend/zend_language_scanner.l @@ -1614,13 +1614,23 @@ NEWLINE ("\r"|"\n"|"\r\n") "__METHOD__" { const char *class_name = CG(active_class_entry) ? CG(active_class_entry)->name->val : NULL; const char *func_name = CG(active_op_array)? CG(active_op_array)->function_name->val : NULL; +//??? +// Z_STRLEN_P(zendlval) = zend_spprintf((char**)&Z_STRVAL_P(zendlval), 0, "%s%s%s", +// class_name ? class_name : "", +// class_name && func_name ? "::" : "", +// func_name ? func_name : "" +// ); +// zendlval->type = IS_STRING; + char *method_name; + int method_len; - Z_STRLEN_P(zendlval) = zend_spprintf((char**)&Z_STRVAL_P(zendlval), 0, "%s%s%s", - class_name ? class_name : "", - class_name && func_name ? "::" : "", - func_name ? func_name : "" - ); - zendlval->type = IS_STRING; + method_len = zend_spprintf(&method_name, 0, "%s%s%s", + class_name ? class_name : "", + class_name && func_name ? "::" : "", + func_name ? func_name : "" + ); + ZVAL_STRINGL(zendlval, method_name, method_len); + efree(method_name); return T_METHOD_C; } From 92450f9d6c6247a5e8891c1bbed4b21b407df870 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 21 Feb 2014 21:39:02 +0800 Subject: [PATCH 5/7] Fixed test tests/classes/__call_007.php --- Zend/zend_API.c | 2 +- Zend/zend_vm_def.h | 47 ++-- Zend/zend_vm_execute.h | 540 +++++++++++++++++++++++------------------ 3 files changed, 327 insertions(+), 262 deletions(-) diff --git a/Zend/zend_API.c b/Zend/zend_API.c index f1ba8717121..58f5eccdbee 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -3149,7 +3149,7 @@ ZEND_API zend_bool zend_is_callable_ex(zval *callable, zval *object_ptr, uint ch } } else { - if (!!EG(objects_store).object_buckets || + if (!EG(objects_store).object_buckets || !IS_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(obj)])) { return 0; } diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 8c0971195c1..75acee396db 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1025,7 +1025,9 @@ ZEND_VM_HELPER_EX(zend_fetch_var_address_helper, CONST|TMP|VAR|CV, UNUSED|CONST| zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -1060,30 +1062,33 @@ ZEND_VM_HELPER_EX(zend_fetch_var_address_helper, CONST|TMP|VAR|CV, UNUSED|CONST| if (OP1_TYPE != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); - } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; + } } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index be5c464ff85..9aaa17c4845 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -3544,7 +3544,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_CONST(int type zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -3579,30 +3581,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_CONST(int type if (IS_CONST != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -5296,7 +5301,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_VAR(int type, zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -5331,30 +5338,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_VAR(int type, if (IS_CONST != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -5979,7 +5989,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_UNUSED(int typ zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -6014,30 +6026,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CONST_UNUSED(int typ if (IS_CONST != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -8574,7 +8589,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_CONST(int type, zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -8609,30 +8626,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_CONST(int type, if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -10207,7 +10227,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_VAR(int type, ZE zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -10242,30 +10264,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_VAR(int type, ZE if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -10898,7 +10923,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_UNUSED(int type, zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -10933,30 +10960,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_TMP_UNUSED(int type, if (IS_TMP_VAR != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -14130,7 +14160,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_CONST(int type, zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -14165,30 +14197,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_CONST(int type, if (IS_VAR != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -18473,7 +18508,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_VAR(int type, ZE zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -18508,30 +18545,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_VAR(int type, ZE if (IS_VAR != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -20340,7 +20380,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_UNUSED(int type, zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -20375,30 +20417,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_VAR_UNUSED(int type, if (IS_VAR != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -30637,7 +30682,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_CONST(int type, Z zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -30672,30 +30719,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_CONST(int type, Z if (IS_CV != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -34635,7 +34685,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_VAR(int type, ZEN zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -34670,30 +34722,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_VAR(int type, ZEN if (IS_CV != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); @@ -36376,7 +36431,9 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_UNUSED(int type, zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); /* break missing intentionally */ case BP_VAR_IS: - ZVAL_NULL(retval); + //??? + //ZVAL_NULL(retval); + ZVAL_NULL(EX_VAR(opline->result.var)); break; case BP_VAR_RW: zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname)); @@ -36411,30 +36468,33 @@ static int ZEND_FASTCALL zend_fetch_var_address_helper_SPEC_CV_UNUSED(int type, if (IS_CV != IS_CONST && varname == &tmp_varname) { zval_dtor(&tmp_varname); } + if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } - if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); - switch (type) { - case BP_VAR_R: - case BP_VAR_IS: - ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); - break; - case BP_VAR_UNSET: { -//??? zend_free_op free_res; -//??? -//??? PZVAL_UNLOCK(*retval, &free_res); -//??? if (retval != &EG(uninitialized_zval_ptr)) { -//??? SEPARATE_ZVAL_IF_NOT_REF(retval); -//??? } -//??? PZVAL_LOCK(*retval); -//??? FREE_OP_VAR_PTR(free_res); + if (EXPECTED(retval)) { + if (IS_REFCOUNTED(Z_TYPE_P(retval))) Z_ADDREF_P(retval); + switch (type) { + case BP_VAR_R: + case BP_VAR_IS: + ZVAL_COPY_VALUE(EX_VAR(opline->result.var), retval); + break; + case BP_VAR_UNSET: { + //??? zend_free_op free_res; + //??? + //??? PZVAL_UNLOCK(*retval, &free_res); + //??? if (retval != &EG(uninitialized_zval_ptr)) { + //??? SEPARATE_ZVAL_IF_NOT_REF(retval); + //??? } + //??? PZVAL_LOCK(*retval); + //??? FREE_OP_VAR_PTR(free_res); + } + /* break missing intentionally */ + default: + ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); + break; } - /* break missing intentionally */ - default: - ZVAL_INDIRECT(EX_VAR(opline->result.var), retval); - break; } CHECK_EXCEPTION(); ZEND_VM_NEXT_OPCODE(); From b96318105b8a908ec3cb294b8133e36d1b8cba7a Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 21 Feb 2014 22:34:30 +0800 Subject: [PATCH 6/7] Use zend_string for arg_info to fixed segfault in Zend/tests/argument_restriction_003.phpt --- Zend/zend_compile.c | 56 +++++++++++++++------------------------------ Zend/zend_compile.h | 8 +++---- Zend/zend_execute.c | 3 +-- Zend/zend_opcode.c | 2 +- 4 files changed, 25 insertions(+), 44 deletions(-) diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index fb361e53e08..d3e98b6c958 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -1906,7 +1906,6 @@ void zend_do_receive_param(zend_uchar op, znode *varname, const znode *initializ cur_arg_info->allow_null = 1; cur_arg_info->is_variadic = is_variadic; cur_arg_info->class_name = NULL; - cur_arg_info->class_name_len = 0; if (class_type->op_type != IS_UNUSED) { cur_arg_info->allow_null = 0; @@ -1936,8 +1935,7 @@ void zend_do_receive_param(zend_uchar op, znode *varname, const znode *initializ zend_resolve_class_name(class_type TSRMLS_CC); } Z_STR(class_type->u.constant) = zend_new_interned_string(Z_STR(class_type->u.constant) TSRMLS_CC); - cur_arg_info->class_name = Z_STRVAL(class_type->u.constant); - cur_arg_info->class_name_len = Z_STRLEN(class_type->u.constant); + cur_arg_info->class_name = STR_COPY(Z_STR(class_type->u.constant)); if (op == ZEND_RECV_INIT) { if (Z_TYPE(initialization->u.constant) == IS_NULL || (Z_TYPE(initialization->u.constant) == IS_CONSTANT && !strcasecmp(Z_STRVAL(initialization->u.constant), "NULL")) || Z_TYPE(initialization->u.constant) == IS_CONSTANT_AST) { cur_arg_info->allow_null = 1; @@ -3283,32 +3281,20 @@ static zend_bool zend_do_perform_implementation_check(const zend_function *fe, c if (fe_arg_info->class_name) { zend_string *fe_class_name, *proto_class_name; - if (!strcasecmp(fe_arg_info->class_name, "parent") && proto->common.scope) { - fe_class_name = STR_INIT( - proto->common.scope->name->val, - proto->common.scope->name->len, 0); - } else if (!strcasecmp(fe_arg_info->class_name, "self") && fe->common.scope) { - fe_class_name = STR_INIT( - fe->common.scope->name->val, - fe->common.scope->name->len, 0); + if (!strcasecmp(fe_arg_info->class_name->val, "parent") && proto->common.scope) { + fe_class_name = proto->common.scope->name; + } else if (!strcasecmp(fe_arg_info->class_name->val, "self") && fe->common.scope) { + fe_class_name = fe->common.scope->name; } else { - fe_class_name = STR_INIT( - fe_arg_info->class_name, - fe_arg_info->class_name_len, 0); + fe_class_name = fe_arg_info->class_name; } - if (!strcasecmp(proto_arg_info->class_name, "parent") && proto->common.scope && proto->common.scope->parent) { - proto_class_name = STR_INIT( - proto->common.scope->parent->name->val, - proto->common.scope->parent->name->len, 0); - } else if (!strcasecmp(proto_arg_info->class_name, "self") && proto->common.scope) { - proto_class_name = STR_INIT( - proto->common.scope->name->val, - proto->common.scope->name->len, 0); + if (!strcasecmp(proto_arg_info->class_name->val, "parent") && proto->common.scope && proto->common.scope->parent) { + proto_class_name = proto->common.scope->parent->name; + } else if (!strcasecmp(proto_arg_info->class_name->val, "self") && proto->common.scope) { + proto_class_name = proto->common.scope->name; } else { - proto_class_name = STR_INIT( - proto_arg_info->class_name, - proto_arg_info->class_name_len, 0); + proto_class_name = proto_arg_info->class_name; } if (strcasecmp(fe_class_name->val, proto_class_name->val)!=0) { @@ -3388,21 +3374,17 @@ static char * zend_get_function_declaration(zend_function *fptr TSRMLS_DC) /* {{ required = fptr->common.required_num_args; for (i = 0; i < fptr->common.num_args;) { if (arg_info->class_name) { - const char *class_name; - zend_uint class_name_len; - if (!strcasecmp(arg_info->class_name, "self") && fptr->common.scope ) { - class_name = fptr->common.scope->name->val; - class_name_len = fptr->common.scope->name->len; - } else if (!strcasecmp(arg_info->class_name, "parent") && fptr->common.scope->parent) { - class_name = fptr->common.scope->parent->name->val; - class_name_len = fptr->common.scope->parent->name->len; + zend_string *class_name; + if (!strcasecmp(arg_info->class_name->val, "self") && fptr->common.scope ) { + class_name = fptr->common.scope->name; + } else if (!strcasecmp(arg_info->class_name->val, "parent") && fptr->common.scope->parent) { + class_name = fptr->common.scope->parent->name; } else { class_name = arg_info->class_name; - class_name_len = arg_info->class_name_len; } - REALLOC_BUF_IF_EXCEED(buf, offset, length, class_name_len); - memcpy(offset, class_name, class_name_len); - offset += class_name_len; + REALLOC_BUF_IF_EXCEED(buf, offset, length, class_name->len); + memcpy(offset, class_name->val, class_name->len); + offset += class_name->len; *(offset++) = ' '; } else if (arg_info->type_hint) { zend_uint type_name_len; diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h index 050cc479933..990a34c67c3 100644 --- a/Zend/zend_compile.h +++ b/Zend/zend_compile.h @@ -228,10 +228,10 @@ typedef struct _zend_property_info { typedef struct _zend_arg_info { const char *name; zend_uint name_len; - const char *class_name; - zend_uint class_name_len; -//??? zend_string *name; -//??? zend_string *class_name; +//??? const char *class_name; +// zend_uint class_name_len; +// zend_string *name; + zend_string *class_name; zend_uchar type_hint; zend_uchar pass_by_reference; zend_bool allow_null; diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 21efb7fdd2a..c1fe7ce49f5 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -642,9 +642,8 @@ static inline void make_real_object(zval *object_ptr TSRMLS_DC) ZEND_API char * zend_verify_arg_class_kind(const zend_arg_info *cur_arg_info, ulong fetch_type, char **class_name, zend_class_entry **pce TSRMLS_DC) { - zend_string *key = STR_INIT(cur_arg_info->class_name, cur_arg_info->class_name_len, 0); + zend_string *key = cur_arg_info->class_name; *pce = zend_fetch_class(key, (fetch_type | ZEND_FETCH_CLASS_AUTO | ZEND_FETCH_CLASS_NO_AUTOLOAD) TSRMLS_CC); - STR_FREE(key); *class_name = (*pce) ? (*pce)->name->val : (char*)cur_arg_info->class_name; if (*pce && (*pce)->ce_flags & ZEND_ACC_INTERFACE) { return "implement interface "; diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c index 4e25200e4a5..98deca62060 100644 --- a/Zend/zend_opcode.c +++ b/Zend/zend_opcode.c @@ -412,7 +412,7 @@ ZEND_API void destroy_op_array(zend_op_array *op_array TSRMLS_DC) efree((char*)op_array->arg_info[i].name); if (op_array->arg_info[i].class_name) { //??? str_efree(op_array->arg_info[i].class_name); - efree((char*)op_array->arg_info[i].class_name); + STR_RELEASE(op_array->arg_info[i].class_name); } } efree(op_array->arg_info); From 76c28f878ae37975b5520aaedf4b8f2986fe540b Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 21 Feb 2014 22:39:27 +0800 Subject: [PATCH 7/7] Fixed missed REFCOUNTED checking --- Zend/zend_execute_API.c | 42 +++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index dc194d051d9..e0dede14f55 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -831,31 +831,33 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS zval *param; if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)) { - if (!Z_ISREF(fci->params[i]) && Z_REFCOUNT(fci->params[i]) > 1) { - zval new_zval; + if (Z_REFCOUNTED(fci->params[i])) { + if (!Z_ISREF(fci->params[i]) && Z_REFCOUNT(fci->params[i]) > 1) { + zval new_zval; - if (fci->no_separation && - !ARG_MAY_BE_SENT_BY_REF(EX(function_state).function, i + 1)) { - if (i || UNEXPECTED(ZEND_VM_STACK_ELEMETS(EG(argument_stack)) == (EG(argument_stack)->top))) { - /* hack to clean up the stack */ - ZVAL_LONG(&tmp, i); - zend_vm_stack_push(&tmp TSRMLS_CC); - zend_vm_stack_clear_multiple(0 TSRMLS_CC); + if (fci->no_separation && + !ARG_MAY_BE_SENT_BY_REF(EX(function_state).function, i + 1)) { + if (i || UNEXPECTED(ZEND_VM_STACK_ELEMETS(EG(argument_stack)) == (EG(argument_stack)->top))) { + /* hack to clean up the stack */ + ZVAL_LONG(&tmp, i); + zend_vm_stack_push(&tmp TSRMLS_CC); + zend_vm_stack_clear_multiple(0 TSRMLS_CC); + } + + zend_error(E_WARNING, "Parameter %d to %s%s%s() expected to be a reference, value given", + i+1, + EX(function_state).function->common.scope ? EX(function_state).function->common.scope->name->val : "", + EX(function_state).function->common.scope ? "::" : "", + EX(function_state).function->common.function_name->val); + return FAILURE; } - zend_error(E_WARNING, "Parameter %d to %s%s%s() expected to be a reference, value given", - i+1, - EX(function_state).function->common.scope ? EX(function_state).function->common.scope->name->val : "", - EX(function_state).function->common.scope ? "::" : "", - EX(function_state).function->common.function_name->val); - return FAILURE; + ZVAL_DUP(&new_zval, &fci->params[i]); + Z_DELREF(fci->params[i]); + ZVAL_COPY_VALUE(&fci->params[i], &new_zval); } - - ZVAL_DUP(&new_zval, &fci->params[i]); - Z_DELREF(fci->params[i]); - ZVAL_COPY_VALUE(&fci->params[i], &new_zval); + Z_ADDREF(fci->params[i]); } - Z_ADDREF(fci->params[i]); //??? Z_SET_ISREF_PP(fci->params[i]); param = &fci->params[i]; } else if (Z_ISREF(fci->params[i]) &&