Fixes

nikic · nikic · commit b30d0893b982 · 2020-07-30T19:01:10.000+02:00
diff --git a/Zend/tests/named_params/defaults.phpt b/Zend/tests/named_params/defaults.phpt
@@ -0,0 +1,35 @@
+--TEST--
+Skipping over default parameters
+--FILE--
+<?php
+
+function test1($a = 'a', $b = 'b') {
+    echo "a: $a, b: $b\n";
+}
+
+function test2($a = SOME_CONST, $b = 'b') {
+    echo "a: $a, b: $b\n";
+}
+
+function test3($a = SOME_OTHER_CONST, $b = 'b') {
+    echo "a: $a, b: $b\n";
+}
+
+test1(b: 'B');
+
+define('SOME_CONST', 'X');
+test2(b: 'B');
+
+// NB: We also want to test the stack trace.
+test3(b: 'B');
+
+?>
+--EXPECTF--
+a: a, b: B
+a: X, b: B
+
+Fatal error: Uncaught Error: Undefined constant "SOME_OTHER_CONST" in %s:%d
+Stack trace:
+#0 %s(%d): test3(NULL, 'B')
+#1 {main}
+  thrown in %s on line %d
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
@@ -4470,28 +4470,33 @@ ZEND_API int ZEND_FASTCALL zend_handle_undef_args(zend_execute_data *call) {
 				continue;
 			}
 
-			zend_op *opline = &fbc->op_array.opcodes[i];
+			zend_op_array *op_array = &fbc->op_array;
+			zend_op *opline = &op_array->opcodes[i];
 			if (EXPECTED(opline->opcode == ZEND_RECV_INIT)) {
 				zval *default_value = RT_CONSTANT(opline, opline->op2);
 				if (Z_OPT_TYPE_P(default_value) == IS_CONSTANT_AST) {
+					void *run_time_cache = RUN_TIME_CACHE(op_array);
 					zval *cache_val =
-						(zval *) ((char *) call->run_time_cache + Z_CACHE_SLOT_P(default_value));
+						(zval *) ((char *) run_time_cache + Z_CACHE_SLOT_P(default_value));
 
-					/* We keep in cache only not refcounted values */
 					if (Z_TYPE_P(cache_val) != IS_UNDEF) {
+						/* We keep in cache only not refcounted values */
 						ZVAL_COPY_VALUE(arg, cache_val);
 					} else {
-						ZVAL_COPY(arg, default_value);
+						/* Update constant inside a temporary zval, to make sure the CONSTANT_AST
+						 * value is not accessible through back traces. */
+						zval tmp;
+						ZVAL_COPY(&tmp, default_value);
 						start_fake_frame(call, opline);
-						int ret = zval_update_constant_ex(arg, fbc->op_array.scope);
+						int ret = zval_update_constant_ex(&tmp, fbc->op_array.scope);
 						end_fake_frame(call);
 						if (UNEXPECTED(ret == FAILURE)) {
-							zval_ptr_dtor_nogc(arg);
-							ZVAL_UNDEF(arg);
+							zval_ptr_dtor_nogc(&tmp);
 							return FAILURE;
 						}
-						if (!Z_REFCOUNTED_P(arg)) {
-							ZVAL_COPY_VALUE(cache_val, arg);
+						ZVAL_COPY_VALUE(arg, &tmp);
+						if (!Z_REFCOUNTED(tmp)) {
+							ZVAL_COPY_VALUE(cache_val, &tmp);
 						}
 					}
 				} else {
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -8568,8 +8568,10 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
 	}
 
 	// TODO: This could be more precise by checking MAY_BE_ARRAY_KEY_STRING for unpacks.
+	// TODO: Clean this up.
 	bool may_have_named_args = 0;
 	if ((opline-1)->opcode == ZEND_SEND_UNPACK || (opline-1)->opcode == ZEND_SEND_ARRAY ||
+			(opline-1)->opcode == ZEND_CHECK_NAMED ||
 			opline->extended_value == ZEND_FCALL_HAS_NAMED_ARGS) {
 		unknown_num_args = 1;
 		may_have_named_args = 1;
