diff options
| author | Xinchen Hui <laruence@gmail.com> | 2017-02-10 14:26:35 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2017-02-10 14:26:35 +0800 |
| commit | 1760b031eab5cac900bdbb9c72827b572fce52cf (patch) | |
| tree | 9ef63fdbfa8367f8fbda8a94b84d48f5beb41f58 | |
| parent | 4ec80663a6873cbe3caac8ecd7b2b341a2d66201 (diff) | |
| parent | 47f1e0817a7b0baf032cefb69debda1b32a21aea (diff) | |
| download | php-git-1760b031eab5cac900bdbb9c72827b572fce52cf.tar.gz | |
Merge branch 'PHP-7.1'
* PHP-7.1:
Update NEWs
Fixed bug #74019 (Segfault with list)
| -rw-r--r-- | ext/opcache/Optimizer/zend_optimizer.c | 23 | ||||
| -rw-r--r-- | ext/opcache/tests/bug74019.phpt | 25 |
2 files changed, 44 insertions, 4 deletions
diff --git a/ext/opcache/Optimizer/zend_optimizer.c b/ext/opcache/Optimizer/zend_optimizer.c index ee659fa2f2..a4c93f1513 100644 --- a/ext/opcache/Optimizer/zend_optimizer.c +++ b/ext/opcache/Optimizer/zend_optimizer.c @@ -451,12 +451,27 @@ int zend_optimizer_replace_by_const(zend_op_array *op_array, break; /* In most cases IS_TMP_VAR operand may be used only once. * The operands are usually destroyed by the opcode handler. - * ZEND_CASE is an exception, that keeps operand unchanged, - * and allows its reuse. The number of ZEND_CASE instructions + * ZEND_CASE and ZEND_FETCH_LIST are exceptions, they keeps operand + * unchanged, and allows its reuse. these instructions * usually terminated by ZEND_FREE that finally kills the value. */ - case ZEND_FREE: - case ZEND_CASE: { + case ZEND_FETCH_LIST: { + zend_op *m = opline; + do { + if (m->opcode == ZEND_FETCH_LIST && + ZEND_OP1_TYPE(m) == type && + ZEND_OP1(m).var == var) { + zend_optimizer_update_op1_const(op_array, m, val); + } + m++; + } while (m->opcode != ZEND_FREE || ZEND_OP1_TYPE(m) != type || ZEND_OP1(m).var != var); + ZEND_ASSERT(m->opcode == ZEND_FREE && ZEND_OP1_TYPE(m) == type && ZEND_OP1(m).var == var); + MAKE_NOP(m); + zend_optimizer_remove_live_range(op_array, var); + return 1; + } + case ZEND_CASE: + case ZEND_FREE: { zend_op *m, *n; int brk = op_array->last_live_range; zend_bool in_switch = 0; diff --git a/ext/opcache/tests/bug74019.phpt b/ext/opcache/tests/bug74019.phpt new file mode 100644 index 0000000000..210e223c82 --- /dev/null +++ b/ext/opcache/tests/bug74019.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #74019 (Segfault with list) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php + +class A { + public function seg() { + list($a, $b) = A::CONSTS; + var_dump($a, $b); + return; + } + const CONSTS = [1, 2]; +} + +$a = new A; +$a->seg(); +?> +--EXPECT-- +int(1) +int(2) |