mirror of
https://github.com/php/php-src.git
synced 2025-08-16 05:58:45 +02:00
Release call trampolines in zpp fcc
When using zpp 'f' or Z_PARAM_FUNC, if the fcc points to a call trampoline release it immediately and force zend_call_function to refetch it. This may require additional callability checks if __call is used, but avoids the need to carefully free fcc values in all internal functions -- in some cases this is not simple, as a type error might be triggered by a later argument in the same zpp call. This fixes oss-fuzz #25390. Closes GH-6073.
This commit is contained in:
Nikita Popov
parent
c0d6b05b68
commit
2e218180ef
6 changed files with 30 additions and 18 deletions
|
|
@ -1198,7 +1198,6 @@ ZEND_FUNCTION(set_error_handler)
|
|||
|
||||
ZVAL_COPY(&EG(user_error_handler), &(fci.function_name));
|
||||
EG(user_error_handler_error_reporting) = (int)error_type;
|
||||
zend_release_fcall_info_cache(&fcc);
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
|
|
@ -1254,7 +1253,6 @@ ZEND_FUNCTION(set_exception_handler)
|
|||
}
|
||||
|
||||
ZVAL_COPY(&EG(user_exception_handler), &(fci.function_name));
|
||||
zend_release_fcall_info_cache(&fcc);
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue