archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)

Browse source
This commit is contained in:
Dmitry Stogov 2016-07-07 00:59:44 +03:00
parent ab304579ff
commit fbca255cd0
13 changed files with 356 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -5,6 +5,8 @@ PHP NEWS
- Core:
. Fixed bug #72543 (Different references behavior comparing to PHP 5)
(Laruence, Dmitry, Nikita)
. Fixed bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
(Dmitry, Nikita)
- pcntl
. Implemented asynchronous signal handling without TICKS. (Dmitry)

16
Zend/tests/bug71539.phpt Normal file
View file

@ -0,0 +1,16 @@
--TEST--
Bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
--FILE--
<?php
$array = [];
$array[0] =& $array[''];
$array[0] = 42;
var_dump($array);
?>
--EXPECT--
array(2) {
[""]=>
&int(42)
[0]=>
&int(42)
}

30
Zend/tests/bug71539_1.phpt Normal file
View file

@ -0,0 +1,30 @@
--TEST--
Bug #71539.1 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
--FILE--
<?php
$x = (object)['a'=>1,'b'=>2,'c'=>3,'d'=>4,'e'=>5,'f'=>6,'g'=>7];
$x->h =& $x->i;
$x->h = 42;
var_dump($x);
?>
--EXPECT--
object(stdClass)#1 (9) {
["a"]=>
int(1)
["b"]=>
int(2)
["c"]=>
int(3)
["d"]=>
int(4)
["e"]=>
int(5)
["f"]=>
int(6)
["g"]=>
int(7)
["i"]=>
&int(42)
["h"]=>
&int(42)
}

30
Zend/tests/bug71539_2.phpt Normal file
View file

@ -0,0 +1,30 @@
--TEST--
Bug #71539.2 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
--FILE--
<?php
$a = [0,1,2,3,4,5,6];
$a[200] =& $a[100];
$a[100] =42;
var_dump($a);
?>
--EXPECT--
array(9) {
[0]=>
int(0)
[1]=>
int(1)
[2]=>
int(2)
[3]=>
int(3)
[4]=>
int(4)
[5]=>
int(5)
[6]=>
int(6)
[100]=>
&int(42)
[200]=>
&int(42)
}

19
Zend/tests/bug71539_3.phpt Normal file
View file

@ -0,0 +1,19 @@
--TEST--
Bug #71539.3 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
--FILE--
<?php
$array = [];
$array[0][0] =& $array[''];
$array[0][0] = 42;
var_dump($array);
?>
--EXPECT--
array(2) {
[""]=>
&int(42)
[0]=>
array(1) {
[0]=>
&int(42)
}
}

19
Zend/tests/bug71539_4.phpt Normal file
View file

@ -0,0 +1,19 @@
--TEST--
Bug #71539.4 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
--FILE--
<?php
$array = [0=>[]];
$array[0][0] =& $array[0][''];
$array[0][0] = 42;
var_dump($array);
?>
--EXPECT--
array(1) {
[0]=>
array(2) {
[""]=>
&int(42)
[0]=>
&int(42)
}
}

19
Zend/tests/bug71539_5.phpt Normal file
View file

@ -0,0 +1,19 @@
--TEST--
Bug #71539.5 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
--FILE--
<?php
$array = [];
$array['']->prop =& $array[0];
$array[0] = 42;
var_dump($array);
?>
--EXPECT--
array(2) {
[0]=>
&int(42)
[""]=>
object(stdClass)#1 (1) {
["prop"]=>
&int(42)
}
}

15
Zend/tests/bug71539_6.phpt Normal file
View file

@ -0,0 +1,15 @@
--TEST--
Bug #71539.5 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
--FILE--
<?php
$name = 'a';
for ($i = 0; $i < 100000; $i++) {
if ($name != 'i') {
$$name =& $GLOBALS;
}
$name++;
}
?>
OK
--EXPECT--
OK

15
Zend/zend_compile.c
View file

@ -3029,7 +3029,20 @@ void zend_compile_assign_ref(znode *result, zend_ast *ast) /* {{{ */
offset = zend_delayed_compile_begin();
zend_delayed_compile_var(&target_node, target_ast, BP_VAR_W);
zend_delayed_compile_var(&source_node, source_ast, BP_VAR_W);
zend_compile_var(&source_node, source_ast, BP_VAR_W);
if ((target_ast->kind != ZEND_AST_VAR
|| target_ast->child[0]->kind != ZEND_AST_ZVAL)
&& source_node.op_type != IS_CV) {
/* Both LHS and RHS expressions may modify the same data structure,
* and the modification during RHS evaluation may dangle the pointer
* to the result of the LHS evaluation.
* Use MAKE_REF instruction to replace direct pointer with REFERENCE.
* See: Bug #71539
*/
zend_emit_op(&source_node, ZEND_MAKE_REF, &source_node, NULL);
}
zend_delayed_compile_end(offset);
if (source_node.op_type != IS_VAR && zend_is_call(source_ast)) {

18
Zend/zend_vm_def.h
View file

@ -8102,6 +8102,24 @@ ZEND_VM_HANDLER(49, ZEND_CHECK_VAR, CV, UNUSED)
ZEND_VM_NEXT_OPCODE();
}
ZEND_VM_HANDLER(51, ZEND_MAKE_REF, VAR, UNUSED)
{
USE_OPLINE
zval *op1 = EX_VAR(opline->op1.var);
if (EXPECTED(Z_TYPE_P(op1) == IS_INDIRECT)) {
op1 = Z_INDIRECT_P(op1);
if (EXPECTED(!Z_ISREF_P(op1))) {
ZVAL_MAKE_REF(op1);
}
GC_REFCOUNT(Z_REF_P(op1))++;
ZVAL_REF(EX_VAR(opline->result.var), Z_REF_P(op1));
} else {
ZVAL_COPY_VALUE(EX_VAR(opline->result.var), op1);
}
ZEND_VM_NEXT_OPCODE();
}
ZEND_VM_TYPE_SPEC_HANDLER(ZEND_ADD, (res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG && op2_info == MAY_BE_LONG), ZEND_ADD_LONG_NO_OVERFLOW, CONST|TMPVARCV, CONST|TMPVARCV, SPEC(NO_CONST_CONST,COMMUTATIVE))
{
USE_OPLINE

299
Zend/zend_vm_execute.h
View file

@ -21821,6 +21821,24 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_VAR_UNUSED_HANDLER(
ZEND_VM_RETURN();
}
static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_MAKE_REF_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
{
USE_OPLINE
zval *op1 = EX_VAR(opline->op1.var);
if (EXPECTED(Z_TYPE_P(op1) == IS_INDIRECT)) {
op1 = Z_INDIRECT_P(op1);
if (EXPECTED(!Z_ISREF_P(op1))) {
ZVAL_MAKE_REF(op1);
}
GC_REFCOUNT(Z_REF_P(op1))++;
ZVAL_REF(EX_VAR(opline->result.var), Z_REF_P(op1));
} else {
ZVAL_COPY_VALUE(EX_VAR(opline->result.var), op1);
}
ZEND_VM_NEXT_OPCODE();
}
static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IS_IDENTICAL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
{
USE_OPLINE
@ -58465,6 +58483,31 @@ void zend_init_opcodes_handlers(void)
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_MAKE_REF_SPEC_VAR_UNUSED_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_NULL_HANDLER,
ZEND_BOOL_SPEC_CONST_HANDLER,
ZEND_BOOL_SPEC_TMPVAR_HANDLER,
ZEND_BOOL_SPEC_TMPVAR_HANDLER,
@ -61597,36 +61640,35 @@ void zend_init_opcodes_handlers(void)
1433 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1458 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1483 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
4571,
1493 | SPEC_RULE_OP1,
1498 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1493 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1518 | SPEC_RULE_OP1,
1523 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1548 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1573 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1598,
1599 | SPEC_RULE_OP1,
1604 | SPEC_RULE_OP2,
1609 | SPEC_RULE_RETVAL,
1611 | SPEC_RULE_OP2,
1616 | SPEC_RULE_OP1,
1621,
1622 | SPEC_RULE_OP2,
1627 | SPEC_RULE_OP1,
1632 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
1642 | SPEC_RULE_OP1,
1647 | SPEC_RULE_OP1,
1652 | SPEC_RULE_OP2,
1657 | SPEC_RULE_OP1,
1662 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1598 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1623,
1624 | SPEC_RULE_OP1,
1629 | SPEC_RULE_OP2,
1634 | SPEC_RULE_RETVAL,
1636 | SPEC_RULE_OP2,
1641 | SPEC_RULE_OP1,
1646,
1647 | SPEC_RULE_OP2,
1652 | SPEC_RULE_OP1,
1657 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
1667 | SPEC_RULE_OP1,
1672 | SPEC_RULE_OP1,
1677 | SPEC_RULE_OP2,
1682 | SPEC_RULE_OP1,
1687 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1712 | SPEC_RULE_OP1,
1717 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1712 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1737 | SPEC_RULE_OP1,
1742 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1767 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1792 | SPEC_RULE_OP1,
1797 | SPEC_RULE_OP1,
1802 | SPEC_RULE_OP1,
1807 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1792 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1817 | SPEC_RULE_OP1,
1822 | SPEC_RULE_OP1,
1827 | SPEC_RULE_OP1,
1832 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1857 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
1882 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
@ -61646,80 +61688,80 @@ void zend_init_opcodes_handlers(void)
2232 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2257 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2282 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
4571,
2307,
2308,
2309,
2310,
2311,
2312 | SPEC_RULE_OP1,
2317 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2342 | SPEC_RULE_OP1,
2347 | SPEC_RULE_OP2,
2352 | SPEC_RULE_OP1,
2357 | SPEC_RULE_OP1,
2362 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2307 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
4596,
2332,
2333,
2334,
2335,
2336,
2337 | SPEC_RULE_OP1,
2342 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2367 | SPEC_RULE_OP1,
2372 | SPEC_RULE_OP2,
2377 | SPEC_RULE_OP1,
2382 | SPEC_RULE_OP1,
2387 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2412 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2437 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2462 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
2472 | SPEC_RULE_OP1,
2477 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2502,
2503 | SPEC_RULE_OP1,
2508 | SPEC_RULE_OP1,
2513 | SPEC_RULE_OP1,
2518 | SPEC_RULE_OP1,
2523 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2548 | SPEC_RULE_OP1,
2553 | SPEC_RULE_OP1,
2558 | SPEC_RULE_OP1,
2563 | SPEC_RULE_OP2,
2568 | SPEC_RULE_RETVAL,
2570 | SPEC_RULE_RETVAL,
2572 | SPEC_RULE_RETVAL,
2574 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2462 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2487 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
2497 | SPEC_RULE_OP1,
2502 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2527,
2528 | SPEC_RULE_OP1,
2533 | SPEC_RULE_OP1,
2538 | SPEC_RULE_OP1,
2543 | SPEC_RULE_OP1,
2548 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2573 | SPEC_RULE_OP1,
2578 | SPEC_RULE_OP1,
2583 | SPEC_RULE_OP1,
2588 | SPEC_RULE_OP2,
2593 | SPEC_RULE_RETVAL,
2595 | SPEC_RULE_RETVAL,
2597 | SPEC_RULE_RETVAL,
2599 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2624 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2649 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2674 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
2799,
2800 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2825,
2826 | SPEC_RULE_OP2,
2831,
2832 | SPEC_RULE_OP1,
2837 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2862 | SPEC_RULE_OP2,
2867 | SPEC_RULE_OP2,
2872,
2873 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
2998 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3023,
3024,
3025,
3026 | SPEC_RULE_OP1,
3031 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3056,
3057,
3058 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3083,
3084,
3085,
3086 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3111 | SPEC_RULE_OP1,
3116,
3117,
3118,
3119,
3120 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3145 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_DIM_OBJ,
3220 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3245 | SPEC_RULE_OP1,
3250 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3275,
3276 | SPEC_RULE_OP2,
3281 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2674 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2699 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
2824,
2825 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2850,
2851 | SPEC_RULE_OP2,
2856,
2857 | SPEC_RULE_OP1,
2862 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
2887 | SPEC_RULE_OP2,
2892 | SPEC_RULE_OP2,
2897,
2898 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
3023 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3048,
3049,
3050,
3051 | SPEC_RULE_OP1,
3056 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3081,
3082,
3083 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3108,
3109,
3110,
3111 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3136 | SPEC_RULE_OP1,
3141,
3142,
3143,
3144,
3145 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3170 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_DIM_OBJ,
3245 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3270 | SPEC_RULE_OP1,
3275 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3300,
3301 | SPEC_RULE_OP2,
3306 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3331 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3356 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
@ -61731,9 +61773,10 @@ void zend_init_opcodes_handlers(void)
3506 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3531 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
3556 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
4571,
3581 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
4571
4596,
3606 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
4596
};
zend_opcode_handlers = labels;
zend_handlers_count = sizeof(labels) / sizeof(void*);
@ -61840,7 +61883,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3606 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3631 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61848,7 +61891,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3631 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3656 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61856,7 +61899,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3656 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3681 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61867,17 +61910,17 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3681 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3706 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
} else if ((op1_info == MAY_BE_LONG && op2_info == MAY_BE_LONG)) {
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3706 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3731 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
} else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) {
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3731 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3756 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
}
break;
case ZEND_MUL:
@ -61885,7 +61928,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3756 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3781 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61893,7 +61936,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3781 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3806 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61901,7 +61944,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3806 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 3831 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61912,7 +61955,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3831 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 3856 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61920,7 +61963,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3906 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 3931 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61931,7 +61974,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 3981 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 4006 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61939,7 +61982,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 4056 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 4081 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
if (op->op1_type > op->op2_type) {
zend_swap_operands(op);
}
@ -61950,12 +61993,12 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 4131 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 4156 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
} else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) {
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 4206 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 4231 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
}
break;
case ZEND_IS_SMALLER_OR_EQUAL:
@ -61963,70 +62006,70 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 4281 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 4306 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
} else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) {
if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
break;
}
spec = 4356 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
spec = 4381 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
}
break;
case ZEND_QM_ASSIGN:
if ((op1_info == MAY_BE_DOUBLE)) {
spec = 4521 | SPEC_RULE_OP1;
spec = 4546 | SPEC_RULE_OP1;
} else if ((!(op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF)-(MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_LONG|MAY_BE_DOUBLE))))) {
spec = 4526 | SPEC_RULE_OP1;
spec = 4551 | SPEC_RULE_OP1;
}
break;
case ZEND_PRE_INC:
if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
spec = 4431 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
spec = 4456 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
} else if ((op1_info == MAY_BE_LONG)) {
spec = 4441 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
spec = 4466 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
spec = 4451 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
spec = 4476 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
}
break;
case ZEND_PRE_DEC:
if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
spec = 4461 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
spec = 4486 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
} else if ((op1_info == MAY_BE_LONG)) {
spec = 4471 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
spec = 4496 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
spec = 4481 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
spec = 4506 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
}
break;
case ZEND_POST_INC:
if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
spec = 4491 | SPEC_RULE_OP1;
spec = 4516 | SPEC_RULE_OP1;
} else if ((op1_info == MAY_BE_LONG)) {
spec = 4496 | SPEC_RULE_OP1;
spec = 4521 | SPEC_RULE_OP1;
} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
spec = 4501 | SPEC_RULE_OP1;
spec = 4526 | SPEC_RULE_OP1;
}
break;
case ZEND_POST_DEC:
if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
spec = 4506 | SPEC_RULE_OP1;
spec = 4531 | SPEC_RULE_OP1;
} else if ((op1_info == MAY_BE_LONG)) {
spec = 4511 | SPEC_RULE_OP1;
spec = 4536 | SPEC_RULE_OP1;
} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
spec = 4516 | SPEC_RULE_OP1;
spec = 4541 | SPEC_RULE_OP1;
}
break;
case ZEND_SEND_VAR_EX:
if ((op1_info & (MAY_BE_UNDEF|MAY_BE_REF)) == 0) {
spec = 4561 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG;
spec = 4586 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG;
}
break;
case ZEND_FETCH_DIM_R:
if ((!(op2_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)))) {
spec = 4531 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
spec = 4556 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
}
break;
case ZEND_SEND_VAR:
if ((op1_info & (MAY_BE_UNDEF|MAY_BE_REF)) == 0) {
spec = 4556 | SPEC_RULE_OP1;
spec = 4581 | SPEC_RULE_OP1;
}
break;
default:

4
Zend/zend_vm_opcodes.c
View file

@ -73,7 +73,7 @@ static const char *zend_vm_opcodes_names[187] = {
"ZEND_CASE",
"ZEND_CHECK_VAR",
"ZEND_SEND_VAR_NO_REF_EX",
NULL,
"ZEND_MAKE_REF",
"ZEND_BOOL",
"ZEND_FAST_CONCAT",
"ZEND_ROPE_INIT",
@ -263,7 +263,7 @@ static uint32_t zend_vm_opcodes_flags[187] = {
0x00000707,
0x00000101,
0x00001001,
0x00000000,
0x00000101,
0x00000007,
0x00000707,
0x01000701,

1
Zend/zend_vm_opcodes.h
View file

@ -118,6 +118,7 @@ END_EXTERN_C()
#define ZEND_CASE 48
#define ZEND_CHECK_VAR 49
#define ZEND_SEND_VAR_NO_REF_EX 50
#define ZEND_MAKE_REF 51
#define ZEND_BOOL 52
#define ZEND_FAST_CONCAT 53
#define ZEND_ROPE_INIT 54