diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2021-01-26 15:15:18 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2021-01-26 15:15:18 +0100 |
| commit | a2dcd44272dccaab22a13d587a13c4c60972063b (patch) | |
| tree | 1c1a5aa1235a0a3428d0bd741e6d4c0cc8f4c2db | |
| parent | 2e580da28ebebb35eefd084dc5a0cdbc94872ff4 (diff) | |
| download | php-git-a2dcd44272dccaab22a13d587a13c4c60972063b.tar.gz | |
Fix VAR return type verification
We should also set retval_ref when de-indirecting. Otherwise the
retval_ref != retval_ptr comparison below may incorrect assume
that we're returning a reference.
I don't have a reliable reproducer for this issue, but it sometimes
appears in certain configurations in arrow_functions/007.phpt in
conjunction with other changes.
| -rw-r--r-- | Zend/zend_vm_def.h | 2 | ||||
| -rw-r--r-- | Zend/zend_vm_execute.h | 10 |
2 files changed, 6 insertions, 6 deletions
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 2932bfbdfa..693578675f 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -4185,7 +4185,7 @@ ZEND_VM_COLD_CONST_HANDLER(124, ZEND_VERIFY_RETURN_TYPE, CONST|TMP|VAR|UNUSED|CV retval_ref = retval_ptr = EX_VAR(opline->result.var); } else if (OP1_TYPE == IS_VAR) { if (UNEXPECTED(Z_TYPE_P(retval_ptr) == IS_INDIRECT)) { - retval_ptr = Z_INDIRECT_P(retval_ptr); + retval_ref = retval_ptr = Z_INDIRECT_P(retval_ptr); } ZVAL_DEREF(retval_ptr); } else if (OP1_TYPE == IS_CV) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 60d725b365..731c4af769 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -9723,7 +9723,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYP retval_ref = retval_ptr = EX_VAR(opline->result.var); } else if (IS_CONST == IS_VAR) { if (UNEXPECTED(Z_TYPE_P(retval_ptr) == IS_INDIRECT)) { - retval_ptr = Z_INDIRECT_P(retval_ptr); + retval_ref = retval_ptr = Z_INDIRECT_P(retval_ptr); } ZVAL_DEREF(retval_ptr); } else if (IS_CONST == IS_CV) { @@ -20077,7 +20077,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_TMP_UN retval_ref = retval_ptr = EX_VAR(opline->result.var); } else if (IS_TMP_VAR == IS_VAR) { if (UNEXPECTED(Z_TYPE_P(retval_ptr) == IS_INDIRECT)) { - retval_ptr = Z_INDIRECT_P(retval_ptr); + retval_ref = retval_ptr = Z_INDIRECT_P(retval_ptr); } ZVAL_DEREF(retval_ptr); } else if (IS_TMP_VAR == IS_CV) { @@ -27692,7 +27692,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_VAR_UN retval_ref = retval_ptr = EX_VAR(opline->result.var); } else if (IS_VAR == IS_VAR) { if (UNEXPECTED(Z_TYPE_P(retval_ptr) == IS_INDIRECT)) { - retval_ptr = Z_INDIRECT_P(retval_ptr); + retval_ref = retval_ptr = Z_INDIRECT_P(retval_ptr); } ZVAL_DEREF(retval_ptr); } else if (IS_VAR == IS_CV) { @@ -34892,7 +34892,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_UNUSED retval_ref = retval_ptr = EX_VAR(opline->result.var); } else if (IS_UNUSED == IS_VAR) { if (UNEXPECTED(Z_TYPE_P(retval_ptr) == IS_INDIRECT)) { - retval_ptr = Z_INDIRECT_P(retval_ptr); + retval_ref = retval_ptr = Z_INDIRECT_P(retval_ptr); } ZVAL_DEREF(retval_ptr); } else if (IS_UNUSED == IS_CV) { @@ -46594,7 +46594,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_CV_UNU retval_ref = retval_ptr = EX_VAR(opline->result.var); } else if (IS_CV == IS_VAR) { if (UNEXPECTED(Z_TYPE_P(retval_ptr) == IS_INDIRECT)) { - retval_ptr = Z_INDIRECT_P(retval_ptr); + retval_ref = retval_ptr = Z_INDIRECT_P(retval_ptr); } ZVAL_DEREF(retval_ptr); } else if (IS_CV == IS_CV) { |