archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.2' into PHP-8.3

Browse source 
* PHP-8.2:
  Fix propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline
This commit is contained in:
Ilija Tovilo 2024-10-22 14:48:58 +02:00
commit 5eddcb313e
No known key found for this signature in database
GPG key ID: 5050C66BFCD1015A
4 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -13,6 +13,8 @@ PHP NEWS
. Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled . Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled
with Xcode 16 clang on macOS 15). (nielsdos) with Xcode 16 clang on macOS 15). (nielsdos)
. Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud) . Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud)
. Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for
call trampoline). (ilutov)
- Curl: - Curl:
. Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if . Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if

16
Zend/tests/gh16515.phpt Normal file
View file

@ -0,0 +1,16 @@
--TEST--
GH-16515: Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline
--FILE--
<?php
namespace Foo;
class Foo {
public function &__call($method, $args) {}
}
call_user_func((new Foo)->bar(...));
?>
--EXPECTF--
Notice: Only variable references should be returned by reference in %s on line %d

2
Zend/zend_closures.c
View file

@ -860,7 +860,7 @@ void zend_closure_from_frame(zval *return_value, zend_execute_data *call) { /* {
memset(&trampoline, 0, sizeof(zend_internal_function)); memset(&trampoline, 0, sizeof(zend_internal_function));
trampoline.type = ZEND_INTERNAL_FUNCTION; trampoline.type = ZEND_INTERNAL_FUNCTION;
trampoline.fn_flags = mptr->common.fn_flags & (ZEND_ACC_STATIC | ZEND_ACC_VARIADIC); trampoline.fn_flags = mptr->common.fn_flags & (ZEND_ACC_STATIC | ZEND_ACC_VARIADIC | ZEND_ACC_RETURN_REFERENCE);
trampoline.handler = zend_closure_call_magic; trampoline.handler = zend_closure_call_magic;
trampoline.function_name = mptr->common.function_name; trampoline.function_name = mptr->common.function_name;
trampoline.scope = mptr->common.scope; trampoline.scope = mptr->common.scope;

5
Zend/zend_object_handlers.c
View file

@ -1345,7 +1345,10 @@ ZEND_API zend_function *zend_get_call_trampoline_func(const zend_class_entry *ce
func->arg_flags[0] = 0; func->arg_flags[0] = 0;
func->arg_flags[1] = 0; func->arg_flags[1] = 0;
func->arg_flags[2] = 0; func->arg_flags[2] = 0;
func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE | ZEND_ACC_PUBLIC | ZEND_ACC_VARIADIC; func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE
| ZEND_ACC_PUBLIC
| ZEND_ACC_VARIADIC
| (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE);
if (is_static) { if (is_static) {
func->fn_flags |= ZEND_ACC_STATIC; func->fn_flags |= ZEND_ACC_STATIC;
} }