diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-08-31 10:37:19 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-08-31 10:37:55 +0200 |
commit | 061c708a933085697b1182021d0231461752f9e7 (patch) | |
tree | 4cc800644603aea1670834aaec4ec25d6aa98e68 /Zend/zend_execute_API.c | |
parent | e81becce08aa2a4a73fd421c1ad01aeeeeedf277 (diff) | |
download | php-git-061c708a933085697b1182021d0231461752f9e7.tar.gz |
Correctly report failure in zend_handle_undef_args()
And do the check before increfing the closure object, otherwise
we'd have to release it as well.
Fixes oss-fuzz #25313.
Diffstat (limited to 'Zend/zend_execute_API.c')
-rw-r--r-- | Zend/zend_execute_API.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 373f3e0669..6286b77f18 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -839,17 +839,6 @@ cleanup_args: } ZEND_HASH_FOREACH_END(); } - if (UNEXPECTED(func->op_array.fn_flags & ZEND_ACC_CLOSURE)) { - uint32_t call_info; - - GC_ADDREF(ZEND_CLOSURE_OBJECT(func)); - call_info = ZEND_CALL_CLOSURE; - if (func->common.fn_flags & ZEND_ACC_FAKE_CLOSURE) { - call_info |= ZEND_CALL_FAKE_CLOSURE; - } - ZEND_ADD_CALL_FLAG(call, call_info); - } - if (UNEXPECTED(ZEND_CALL_INFO(call) & ZEND_CALL_MAY_HAVE_UNDEF)) { if (zend_handle_undef_args(call) == FAILURE) { zend_vm_stack_free_args(call); @@ -861,6 +850,17 @@ cleanup_args: } } + if (UNEXPECTED(func->op_array.fn_flags & ZEND_ACC_CLOSURE)) { + uint32_t call_info; + + GC_ADDREF(ZEND_CLOSURE_OBJECT(func)); + call_info = ZEND_CALL_CLOSURE; + if (func->common.fn_flags & ZEND_ACC_FAKE_CLOSURE) { + call_info |= ZEND_CALL_FAKE_CLOSURE; + } + ZEND_ADD_CALL_FLAG(call, call_info); + } + orig_fake_scope = EG(fake_scope); EG(fake_scope) = NULL; if (func->type == ZEND_USER_FUNCTION) { |