Fixed bug #72038 (Function calls with values to a by-ref parameter don't always throw a notice)

Author: bwoebi

NEWS

@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2016 PHP 7.0.7
 
+- Core:
+  . Fixed Bug #72038 (Function calls with values to a by-ref parameter don't
+    always throw a notice). (Bob)
+
 - OCI8:
   . Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight
     columns). (Tian Yang)

Zend/tests/bug34617.phpt

@@ -8,7 +8,8 @@ class Thing {}
 function boom()
 {
     $reader = xml_parser_create();
-    xml_set_object($reader, new Thing());
+    $thing = new Thing();
+    xml_set_object($reader, $thing);
     die("ok\n");
     xml_parser_free($reader);
 }

Zend/tests/bug72038.phpt

@@ -0,0 +1,27 @@
+--TEST--
+Bug #72038 (Function calls with values to a by-ref parameter don't always throw a notice)
+--FILE--
+<?php
+
+test($foo = new stdClass);
+var_dump($foo);
+test($bar = 2);
+var_dump($bar);
+test($baz = &$bar);
+var_dump($baz);
+
+function test(&$param) {
+        $param = 1;
+}
+
+?>
+--EXPECTF--
+
+Notice: Only variables should be passed by reference in %s on line %d
+object(stdClass)#1 (0) {
+}
+
+Notice: Only variables should be passed by reference in %s on line %d
+int(2)
+int(1)
+

Zend/tests/each_002.phpt

@@ -3,10 +3,12 @@ Testing each() with array and object
 --FILE--
 <?php
 
-$foo = each(new stdClass);
+$a = new stdClass;
+$foo = each($a);
 var_dump($foo);
 
-var_dump(each(new stdClass));
+$a = new stdClass;
+var_dump(each($a));
 
 $a = array(new stdClass);
 var_dump(each($a));

Zend/zend_vm_def.h

@@ -4299,27 +4299,24 @@ ZEND_VM_HANDLER(106, ZEND_SEND_VAR_NO_REF, VAR, ANY)
 
 	varptr = GET_OP1_ZVAL_PTR(BP_VAR_R);
 
-	if ((!(opline->extended_value & ZEND_ARG_SEND_FUNCTION) ||
-	     (Z_VAR_FLAGS_P(varptr) & IS_VAR_RET_REF)) &&
-	    (Z_ISREF_P(varptr) || Z_TYPE_P(varptr) == IS_OBJECT)) {
+	if (EXPECTED(Z_ISREF_P(varptr) ||
+	    ((opline->extended_value & ZEND_ARG_COMPILE_TIME_BOUND) ?
+	     (opline->extended_value & ZEND_ARG_SEND_SILENT) :
+	     ARG_MAY_BE_SENT_BY_REF(EX(call)->func, opline->op2.num
+	    )))) {
+		arg = ZEND_CALL_VAR(EX(call), opline->result.var);
+		ZVAL_COPY_VALUE(arg, varptr);
 
-		ZVAL_MAKE_REF(varptr);
-	} else {
-		if ((opline->extended_value & ZEND_ARG_COMPILE_TIME_BOUND) ?
-			!(opline->extended_value & ZEND_ARG_SEND_SILENT) :
-			!ARG_MAY_BE_SENT_BY_REF(EX(call)->func, opline->op2.num)) {
-			SAVE_OPLINE();
-			zend_error(E_NOTICE, "Only variables should be passed by reference");
-			arg = ZEND_CALL_VAR(EX(call), opline->result.var);
-			ZVAL_COPY_VALUE(arg, varptr);
-			ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
-		}
+		ZEND_VM_NEXT_OPCODE();
 	}
 
+	SAVE_OPLINE();
+	zend_error(E_NOTICE, "Only variables should be passed by reference");
+
 	arg = ZEND_CALL_VAR(EX(call), opline->result.var);
 	ZVAL_COPY_VALUE(arg, varptr);
 
-	ZEND_VM_NEXT_OPCODE();
+	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
 }
 
 ZEND_VM_HANDLER(67, ZEND_SEND_REF, VAR|CV, ANY)

Zend/zend_vm_execute.h

@@ -15237,27 +15237,24 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_SEND_VAR_NO_REF_SPEC_VAR_HANDL
 
 	varptr = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1);
 
-	if ((!(opline->extended_value & ZEND_ARG_SEND_FUNCTION) ||
-	     (Z_VAR_FLAGS_P(varptr) & IS_VAR_RET_REF)) &&
-	    (Z_ISREF_P(varptr) || Z_TYPE_P(varptr) == IS_OBJECT)) {
+	if (EXPECTED(Z_ISREF_P(varptr) ||
+	    ((opline->extended_value & ZEND_ARG_COMPILE_TIME_BOUND) ?
+	     (opline->extended_value & ZEND_ARG_SEND_SILENT) :
+	     ARG_MAY_BE_SENT_BY_REF(EX(call)->func, opline->op2.num
+	    )))) {
+		arg = ZEND_CALL_VAR(EX(call), opline->result.var);
+		ZVAL_COPY_VALUE(arg, varptr);
 
-		ZVAL_MAKE_REF(varptr);
-	} else {
-		if ((opline->extended_value & ZEND_ARG_COMPILE_TIME_BOUND) ?
-			!(opline->extended_value & ZEND_ARG_SEND_SILENT) :
-			!ARG_MAY_BE_SENT_BY_REF(EX(call)->func, opline->op2.num)) {
-			SAVE_OPLINE();
-			zend_error(E_NOTICE, "Only variables should be passed by reference");
-			arg = ZEND_CALL_VAR(EX(call), opline->result.var);
-			ZVAL_COPY_VALUE(arg, varptr);
-			ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
-		}
+		ZEND_VM_NEXT_OPCODE();
 	}
 
+	SAVE_OPLINE();
+	zend_error(E_NOTICE, "Only variables should be passed by reference");
+
 	arg = ZEND_CALL_VAR(EX(call), opline->result.var);
 	ZVAL_COPY_VALUE(arg, varptr);
 
-	ZEND_VM_NEXT_OPCODE();
+	ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
 }
 
 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_SEND_REF_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)