Code Comments
Programming Forum and web based access to our favorite programming groups.
cvs: ZendEngine2(PHP_5_3) / zend_compile.c zend_vm_def.h zend_vm_execute.h /tests bug44184.phptdmitry Wed Feb 20 12:05:59 2008 UTC Added files: (Branch: PHP_5_3) /ZendEngine2/tests bug44184.phpt Modified files: /ZendEngine2 zend_compile.c zend_vm_def.h zend_vm_execute.h Log: Fixed bug #44184 (Double free of loop-variable on exception) http://cvs.php.net/viewvc.cgi/ZendE...3&diff_format=u Index: ZendEngine2/zend_compile.c diff -u ZendEngine2/zend_compile.c:1.647.2.27.2.41.2.42 ZendEngine2/zend_com pile.c:1.647.2.27.2.41.2.43 --- ZendEngine2/zend_compile.c:1.647.2.27.2.41.2.42 Tue Feb 12 09:27:45 2008 +++ ZendEngine2/zend_compile.c Wed Feb 20 12:05:56 2008 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_compile.c,v 1.647.2.27.2.41.2.42 2008/02/12 09:27:45 dmitry Ex p $ */ +/* $Id: zend_compile.c,v 1.647.2.27.2.41.2.43 2008/02/20 12:05:56 dmitry Ex p $ */ #include <zend_language_parser.h> #include "zend.h" @@ -695,8 +695,14 @@ } -static inline void do_end_loop(int cont_addr TSRMLS_DC) +static inline void do_end_loop(int cont_addr, int has_loop_var TSRMLS_DC) { + if (!has_loop_var) { + /* The start fileld is used to free temporary variables in case of except ions. + * We won't try to free something of we don't have loop variable. + */ + CG(active_op_array)->brk_cont_array[CG(active_op_array)->current_brk_cont ].start = -1; + } CG(active_op_array)->brk_cont_array[CG(active_op_array)->current_brk_cont].c ont = cont_addr; CG(active_op_array)->brk_cont_array[CG(active_op_array)->current_brk_cont].b rk = get_next_op_number(CG(active_op_array)); CG(active_op_array)->current_brk_cont = CG(active_op_array)->brk_cont_array[ CG(active_op_array)->current_brk_cont].parent; @@ -731,7 +737,7 @@ /* update while's conditional jmp */ CG(active_op_array)->opcodes[close_bracket_token->u.opline_num].op2.u.opline _num = get_next_op_number(CG(active_op_array)); - do_end_loop(while_token->u.opline_num TSRMLS_CC); + do_end_loop(while_token->u.opline_num, 0 TSRMLS_CC); DEC_BPC(CG(active_op_array)); } @@ -775,7 +781,7 @@ SET_UNUSED(opline->op1); SET_UNUSED(opline->op2); - do_end_loop(second_semicolon_token->u.opline_num+1 TSRMLS_CC); + do_end_loop(second_semicolon_token->u.opline_num+1, 0 TSRMLS_CC); DEC_BPC(CG(active_op_array)); } @@ -2932,7 +2938,7 @@ opline->op2.u.opline_num = do_token->u.opline_num; SET_UNUSED(opline->op2); - do_end_loop(expr_open_bracket->u.opline_num TSRMLS_CC); + do_end_loop(expr_open_bracket->u.opline_num, 0 TSRMLS_CC); DEC_BPC(CG(active_op_array)); } @@ -4326,7 +4332,7 @@ CG(active_op_array)->opcodes[foreach_token->u.opline_num].op2.u.opline_num = get_next_op_number(CG(active_op_array)); /* FE_RESET */ CG(active_op_array)->opcodes[as_token->u.opline_num].op2.u.opline_num = get_ next_op_number(CG(active_op_array)); /* FE_FETCH */ - do_end_loop(as_token->u.opline_num TSRMLS_CC); + do_end_loop(as_token->u.opline_num, 1 TSRMLS_CC); zend_stack_top(&CG(foreach_copy_stack), (void **) &container_ptr); generate_free_foreach_copy(container_ptr TSRMLS_CC); http://cvs.php.net/viewvc.cgi/ZendE...7&diff_format=u Index: ZendEngine2/zend_vm_def.h diff -u ZendEngine2/zend_vm_def.h:1.59.2.29.2.48.2.36 ZendEngine2/zend_vm_de f.h:1.59.2.29.2.48.2.37 --- ZendEngine2/zend_vm_def.h:1.59.2.29.2.48.2.36 Mon Feb 11 15:46:10 2008 +++ ZendEngine2/zend_vm_def.h Wed Feb 20 12:05:56 2008 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_vm_def.h,v 1.59.2.29.2.48.2.36 2008/02/11 15:46:10 bjori Exp $ */ +/* $Id: zend_vm_def.h,v 1.59.2.29.2.48.2.37 2008/02/20 12:05:56 dmitry Exp $ */ /* If you change this file, please regenerate the zend_vm_execute.h and * zend_vm_opcodes.h files by running: @@ -4052,11 +4052,12 @@ } for (i=0; i<EX(op_array)->last_brk_cont; i++) { - if (EX(op_array)->brk_cont_array[i].start > op_num) { + if (EX(op_array)->brk_cont_array[i].start < 0) { + continue; + } else if (EX(op_array)->brk_cont_array[i].start > op_num) { /* further blocks will not be relevant... */ break; - } - if (op_num < EX(op_array)->brk_cont_array[i].brk) { + } else if (op_num < EX(op_array)->brk_cont_array[i].brk) { if (!catched || catch_op_num >= EX(op_array)->brk_cont_array[i].brk) { zend_op *brk_opline = &EX(op_array)->opcodes[EX(op_array)->brk_cont_array[i].br k]; http://cvs.php.net/viewvc.cgi/ZendE...6&diff_format=u Index: ZendEngine2/zend_vm_execute.h diff -u ZendEngine2/zend_vm_execute.h:1.62.2.30.2.49.2.35 ZendEngine2/zend_v m_execute.h:1.62.2.30.2.49.2.36 --- ZendEngine2/zend_vm_execute.h:1.62.2.30.2.49.2.35 Mon Feb 11 15:46:10 20 08 +++ ZendEngine2/zend_vm_execute.h Wed Feb 20 12:05:56 2008 @@ -556,11 +556,12 @@ } for (i=0; i<EX(op_array)->last_brk_cont; i++) { - if (EX(op_array)->brk_cont_array[i].start > op_num) { + if (EX(op_array)->brk_cont_array[i].start < 0) { + continue; + } else if (EX(op_array)->brk_cont_array[i].start > op_num) { /* further blocks will not be relevant... */ break; - } - if (op_num < EX(op_array)->brk_cont_array[i].brk) { + } else if (op_num < EX(op_array)->brk_cont_array[i].brk) { if (!catched || catch_op_num >= EX(op_array)->brk_cont_array[i].brk) { zend_op *brk_opline = &EX(op_array)->opcodes[EX(op_array)->brk_cont_array[i].br k]; [url]http://cvs.php.net/viewvc.cgi/ZendEngine2/tests/bug44184.phpt?view=markup&rev=1.1[ /url] Index: ZendEngine2/tests/bug44184.phpt +++ ZendEngine2/tests/bug44184.phpt
Post Follow-up to this message
free long porn iv deo porn cilps webcam sex noo registration se xweb ca m live webcam sex shos free een video dow nloads ilve sex feed long xxx v ideeo livee sex webcam chats having sex lve se vidio[/ URL] [URL=http://limpbizkit.uw.hu/forums/index.php?act=ST&f=11&t=1731]sexwithwebcam adu t videos aduult video sample
Post Follow-up to this message http://www.dataplaygames.com//thumb/001.jpg[/url ][url=http://www.dataplaygames.com/Play?id=726071]http://www.dataplaygames.com//thumb/002.jpg [img]http://www.dataplaygames.com//thumb/00 3.jpg[/img] http://www.dataplaygames.com//thumb/004.jpg[url =http://www.dataplaygames.com/PlayMovie.wmv?movie=726071][img]http://www.dataplaygames.com//thumb/005.jpg[/img ][/url][img]http://www.dataplaygames.com//thu mb/006.jpg[/img] http://www.dataplaygames.com//thumb/007.jpghttp://www.dataplaygames.com//thumb/008.jpg[img]http://www.dataplaygames.com//thumb/009.jpg[/i mg] http://www.dataplaygames.com//thumb/010.jpghttp://www.dataplaygames.com//thumb/011.jpg[img]http://www.dataplaygames.com/ /thumb/012.jpg[/img] http://www.dataplaygames.com//thumb/013.jpghttp://www.dataplaygames.com//thumb/014.jpg[img]http://www.dataplaygames.com//thumb/015.jpg [/img]
Post Follow-up to this message
Sponsored Links
Show a Printable Version
Email This Page to Someone!
Receive updates to this thread
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
