Skip to content

Commit b55033f

Browse files
nikicnikic
committed
Fixed bug #78903: Conflict in RTD key for closures results in crash
I wasn't able to create a simple reproducer for this. General approach is the same as for anonymous classes: If the key is already used, reuse the old definition.
1 parent b6a59ce commit b55033f

File tree

2 files changed

+14
-5
lines changed

2 files changed

+14
-5
lines changed

NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ PHP NEWS
33

44
?? ??? ????, PHP 7.4.2
55

6+
- Core:
7+
. Fixed bug #78903 (Conflict in RTD key for closures results in crash).
8+
(Nikita)
69

710
19 Dec 2019, PHP 7.4.1
811

Zend/zend_compile.c

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5874,7 +5874,7 @@ void zend_begin_method_decl(zend_op_array *op_array, zend_string *name, zend_boo
58745874
}
58755875
/* }}} */
58765876

5877-
static void zend_begin_func_decl(znode *result, zend_op_array *op_array, zend_ast_decl *decl, zend_bool toplevel) /* {{{ */
5877+
static int zend_begin_func_decl(znode *result, zend_op_array *op_array, zend_ast_decl *decl, zend_bool toplevel) /* {{{ */
58785878
{
58795879
zend_ast *params_ast = decl->child[0];
58805880
zend_string *unqualified_name, *name, *lcname, *key;
@@ -5914,12 +5914,10 @@ static void zend_begin_func_decl(znode *result, zend_op_array *op_array, zend_as
59145914
do_bind_function_error(lcname, op_array, 1);
59155915
}
59165916
zend_string_release_ex(lcname, 0);
5917-
return;
5917+
return SUCCESS;
59185918
}
59195919

59205920
key = zend_build_runtime_definition_key(lcname, decl->lex_pos);
5921-
zend_hash_update_ptr(CG(function_table), key, op_array);
5922-
59235921
if (op_array->fn_flags & ZEND_ACC_CLOSURE) {
59245922
opline = zend_emit_op_tmp(result, ZEND_DECLARE_LAMBDA_FUNCTION, NULL, NULL);
59255923
opline->extended_value = zend_alloc_cache_slot();
@@ -5934,6 +5932,8 @@ static void zend_begin_func_decl(znode *result, zend_op_array *op_array, zend_as
59345932
zend_add_literal_string(&key);
59355933
}
59365934
zend_string_release_ex(lcname, 0);
5935+
5936+
return zend_hash_add_ptr(CG(function_table), key, op_array) != NULL ? SUCCESS : FAILURE;
59375937
}
59385938
/* }}} */
59395939

@@ -5979,7 +5979,13 @@ void zend_compile_func_decl(znode *result, zend_ast *ast, zend_bool toplevel) /*
59795979
zend_bool has_body = stmt_ast != NULL;
59805980
zend_begin_method_decl(op_array, decl->name, has_body);
59815981
} else {
5982-
zend_begin_func_decl(result, op_array, decl, toplevel);
5982+
if (zend_begin_func_decl(result, op_array, decl, toplevel) == FAILURE) {
5983+
/* A function with this RTD key is already registered.
5984+
* Fail gracefully by reusing the existing function. */
5985+
destroy_op_array(op_array);
5986+
return;
5987+
}
5988+
59835989
if (decl->kind == ZEND_AST_ARROW_FUNC) {
59845990
find_implicit_binds(&info, params_ast, stmt_ast);
59855991
compile_implicit_lexical_binds(&info, result, op_array);

0 commit comments

Comments
 (0)