Skip to content

Commit 291e2d8

Browse files
iluuu1994iluuu1994
committed
Fix free of uninitialized memory in MATCH_ERROR
As suggested by Tyson Andre: php#5371 (comment) Also fix line number of unhandled match error
1 parent d5a0370 commit 291e2d8

File tree

2 files changed

+20
-19
lines changed

2 files changed

+20
-19
lines changed

Zend/tests/match/037.phpt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,13 +53,13 @@ var_dump(match(3) {
5353

5454
?>
5555
--EXPECTF--
56-
string(%d) "UnhandledMatchError: Unhandled match value of type bool in %s037.php:5
56+
string(%d) "UnhandledMatchError: Unhandled match value of type bool in %s037.php:4
5757
Stack trace:
5858
#0 {main}"
59-
string(%d) "UnhandledMatchError: Unhandled match value of type int in %s037.php:13
59+
string(%d) "UnhandledMatchError: Unhandled match value of type int in %s037.php:12
6060
Stack trace:
6161
#0 {main}"
62-
string(%d) "UnhandledMatchError: Unhandled match value of type string in %s037.php:21
62+
string(%d) "UnhandledMatchError: Unhandled match value of type string in %s037.php:20
6363
Stack trace:
6464
#0 {main}"
6565
string(3) "foo"

Zend/zend_compile.c

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -5297,6 +5297,23 @@ void zend_compile_match(znode *result, zend_ast *ast)
52975297
uint32_t cond_count = 0;
52985298
uint32_t *jmp_end_opnums = safe_emalloc(sizeof(uint32_t), arms->children, 0);
52995299

5300+
if (!has_default_arm) {
5301+
if (!uses_jumptable) {
5302+
zend_update_jump_target_to_next(opnum_default_jmp);
5303+
}
5304+
5305+
if (jumptable) {
5306+
zend_op *opline = &CG(active_op_array)->opcodes[opnum_match];
5307+
opline->extended_value = get_next_op_number();
5308+
}
5309+
5310+
CG(zend_lineno) = ast->lineno;
5311+
zend_op *opline = zend_emit_op(NULL, ZEND_MATCH_ERROR, &expr_node, NULL);
5312+
if (opline->op1_type == IS_CONST) {
5313+
Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
5314+
}
5315+
}
5316+
53005317
for (uint32_t i = 0; i < arms->children; ++i) {
53015318
zend_ast *arm_ast = arms->child[i];
53025319
zend_ast *body_ast = arm_ast->child[1];
@@ -5358,22 +5375,6 @@ void zend_compile_match(znode *result, zend_ast *ast)
53585375
ZVAL_NULL(&result->u.constant);
53595376
}
53605377

5361-
if (!has_default_arm) {
5362-
if (!uses_jumptable) {
5363-
zend_update_jump_target_to_next(opnum_default_jmp);
5364-
}
5365-
5366-
if (jumptable) {
5367-
zend_op *opline = &CG(active_op_array)->opcodes[opnum_match];
5368-
opline->extended_value = get_next_op_number();
5369-
}
5370-
5371-
zend_op *opline = zend_emit_op(NULL, ZEND_MATCH_ERROR, &expr_node, NULL);
5372-
if (opline->op1_type == IS_CONST) {
5373-
Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
5374-
}
5375-
}
5376-
53775378
for (uint32_t i = 0; i < arms->children; ++i) {
53785379
zend_update_jump_target_to_next(jmp_end_opnums[i]);
53795380
}

0 commit comments

Comments
 (0)