summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikita Popov <nikita.ppv@gmail.com>2020-09-03 17:12:50 +0200
committerNikita Popov <nikita.ppv@gmail.com>2020-09-03 17:12:58 +0200
commit2dabc4c30513b6511db893231c03625a40f274a7 (patch)
tree13e36e2911fd3ae91074debcbd2d631f25cb6ca8
parent2f4a2a9316e9ca47aa7be9e18979b0bf68b8ef02 (diff)
parent46a49be6c866103ebcb95e03b2b96460bec16b7b (diff)
downloadphp-git-2dabc4c30513b6511db893231c03625a40f274a7.tar.gz
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3: Fixed bug #80049
Diffstat
-rw-r--r--NEWS2
-rw-r--r--Zend/tests/bug80049.phpt14
-rw-r--r--Zend/zend_vm_def.h1
-rw-r--r--Zend/zend_vm_execute.h1
4 files changed, 18 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 157d77c262..3a28fd3eef 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ PHP NEWS
. Fixed bug #80037 (Typed property must not be accessed before initialization
when __get() declared). (Nikita)
. Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
+ . Fixed bug #80049 (Memleak when coercing integers to string via variadic
+ argument). (Nikita)
- Calendar:
. Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
diff --git a/Zend/tests/bug80049.phpt b/Zend/tests/bug80049.phpt
new file mode 100644
index 0000000000..852b71feaa
--- /dev/null
+++ b/Zend/tests/bug80049.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #80049: Memleak when coercing integers to string via variadic argument
+--FILE--
+<?php
+function coerceToString(string ...$strings) {
+ var_dump($strings);
+}
+coerceToString(...[123]);
+?>
+--EXPECT--
+array(1) {
+ [0]=>
+ string(3) "123"
+}
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index b8243f5c57..40b20f0d9c 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -5310,6 +5310,7 @@ ZEND_VM_HANDLER(164, ZEND_RECV_VARIADIC, NUM, UNUSED|CACHE_SLOT)
ZEND_HASH_FILL_PACKED(Z_ARRVAL_P(params)) {
param = EX_VAR_NUM(EX(func)->op_array.last_var + EX(func)->op_array.T);
if (UNEXPECTED((EX(func)->op_array.fn_flags & ZEND_ACC_HAS_TYPE_HINTS) != 0)) {
+ ZEND_ADD_CALL_FLAG(execute_data, ZEND_CALL_FREE_EXTRA_ARGS);
do {
zend_verify_variadic_arg_type(EX(func), arg_num, param, NULL, CACHE_ADDR(opline->op2.num));
if (Z_OPT_REFCOUNTED_P(param)) Z_ADDREF_P(param);
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 24fb845114..d4a1c7b441 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -3192,6 +3192,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RECV_VARIADIC_SPEC_UNUSED_HAND
ZEND_HASH_FILL_PACKED(Z_ARRVAL_P(params)) {
param = EX_VAR_NUM(EX(func)->op_array.last_var + EX(func)->op_array.T);
if (UNEXPECTED((EX(func)->op_array.fn_flags & ZEND_ACC_HAS_TYPE_HINTS) != 0)) {
+ ZEND_ADD_CALL_FLAG(execute_data, ZEND_CALL_FREE_EXTRA_ARGS);
do {
zend_verify_variadic_arg_type(EX(func), arg_num, param, NULL, CACHE_ADDR(opline->op2.num));
if (Z_OPT_REFCOUNTED_P(param)) Z_ADDREF_P(param);
View Lorry Controller Status