diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-07-24 10:16:38 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-07-24 12:23:34 +0200 |
commit | d65d3f5298dcc8d94bcac96e8bf2441dceb393ac (patch) | |
tree | a5e07c4bdf5a7ca0dc213b1b3a7ef6e0136d8528 /Zend/zend_builtin_functions.c | |
parent | 27ad19c3e8d4fe61ce9c8cec9e50062acf2255c1 (diff) | |
download | php-git-d65d3f5298dcc8d94bcac96e8bf2441dceb393ac.tar.gz |
Fix bug #79108
Don't expose references in debug_backtrace() or exception traces.
This is regardless of whether the argument is by-reference or not.
As a side-effect of this change, exception traces may now acquire
the interior value of a reference, which may be unexpected for
some internal functions. This is what necessitated the change in
the spl_array sort implementation.
Diffstat (limited to 'Zend/zend_builtin_functions.c')
-rw-r--r-- | Zend/zend_builtin_functions.c | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index c75f2f465b..1de771660a 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1591,16 +1591,12 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) / * and we have to access them through symbol_table * See: https://bugs.php.net/bug.php?id=73156 */ - zend_string *arg_name; - zval *arg; - while (i < first_extra_arg) { - arg_name = call->func->op_array.vars[i]; - arg = zend_hash_find_ex_ind(call->symbol_table, arg_name, 1); + zend_string *arg_name = call->func->op_array.vars[i]; + zval *arg = zend_hash_find_ex_ind(call->symbol_table, arg_name, 1); if (arg) { - if (Z_OPT_REFCOUNTED_P(arg)) { - Z_ADDREF_P(arg); - } + ZVAL_DEREF(arg); + Z_TRY_ADDREF_P(arg); ZEND_HASH_FILL_SET(arg); } else { ZEND_HASH_FILL_SET_NULL(); @@ -1611,10 +1607,10 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) / } else { while (i < first_extra_arg) { if (EXPECTED(Z_TYPE_INFO_P(p) != IS_UNDEF)) { - if (Z_OPT_REFCOUNTED_P(p)) { - Z_ADDREF_P(p); - } - ZEND_HASH_FILL_SET(p); + zval *arg = p; + ZVAL_DEREF(arg); + Z_TRY_ADDREF_P(arg); + ZEND_HASH_FILL_SET(arg); } else { ZEND_HASH_FILL_SET_NULL(); } @@ -1628,10 +1624,10 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) / while (i < num_args) { if (EXPECTED(Z_TYPE_INFO_P(p) != IS_UNDEF)) { - if (Z_OPT_REFCOUNTED_P(p)) { - Z_ADDREF_P(p); - } - ZEND_HASH_FILL_SET(p); + zval *arg = p; + ZVAL_DEREF(arg); + Z_TRY_ADDREF_P(arg); + ZEND_HASH_FILL_SET(arg); } else { ZEND_HASH_FILL_SET_NULL(); } |