Fix incorrect literal freeing if pass_two generates fatal error

author: Nikita Popov <nikita.ppv@gmail.com> 2018-09-04 08:08:39 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2018-09-04 08:08:39 +0200
commit: d36230fcaba46cc5b3ad54ced9337eee404c6b1b (patch)
tree: 5337c50adf7999f1e1ae86567b1d77d877d523f7 /Zend/zend_opcode.c
parent: 63072e9c0ebbb676cd39d0f867d873737c676add (diff)
download: php-git-d36230fcaba46cc5b3ad54ced9337eee404c6b1b.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c
index 6bed3c7b59..1e82dc7bf5 100644
--- a/Zend/zend_opcode.c
+++ b/Zend/zend_opcode.c
@@ -546,6 +546,10 @@ ZEND_API int pass_two(zend_op_array *op_array)
 	CG(context).literals_size = op_array->last_literal;
 #endif
 
+	/* Needs to be set directly after the opcode/literal reallocation, to ensure destruction
+	 * happens correctly if any of the following fixups generate a fatal error. */
+	op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
+
 	opline = op_array->opcodes;
 	end = opline + op_array->last;
 	while (opline < end) {
@@ -674,7 +678,6 @@ ZEND_API int pass_two(zend_op_array *op_array)
 		}
 	}
 
-	op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
 	return 0;
 }
author	Nikita Popov <nikita.ppv@gmail.com>	2018-09-04 08:08:39 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2018-09-04 08:08:39 +0200
commit	d36230fcaba46cc5b3ad54ced9337eee404c6b1b (patch)
tree	5337c50adf7999f1e1ae86567b1d77d877d523f7 /Zend/zend_opcode.c
parent	63072e9c0ebbb676cd39d0f867d873737c676add (diff)
download	php-git-d36230fcaba46cc5b3ad54ced9337eee404c6b1b.tar.gz