Prevent attempts of compile-time evaluation of invalid operators (e.g. division/modulo by zero and shift by negative number)

author: Dmitry Stogov <dmitry@zend.com> 2015-06-29 12:58:07 +0300
committer: Dmitry Stogov <dmitry@zend.com> 2015-06-29 12:58:07 +0300
commit: 642c3790925d6a692747d4a1a6ee02deef0b93b5 (patch)
tree: 76ad5303f618c3a689ab09ea9c12884dd69e32ff /Zend/zend_compile.c
parent: 1bba4452e7e5fa34470e9167e6c8b28afb42fdb7 (diff)
download: php-git-642c3790925d6a692747d4a1a6ee02deef0b93b5.tar.gz
1 files changed, 6 insertions, 11 deletions
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index a42e63ec99..be70ff6643 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -5625,17 +5625,12 @@ static inline zend_bool zend_try_ct_eval_binary_op(zval *result, uint32_t opcode
 	binary_op_type fn = get_binary_op(opcode);
 
 	/* don't evaluate division by zero at compile-time */
-	if (opcode == ZEND_DIV) {
-		convert_scalar_to_number(op2);
-		if (Z_TYPE_P(op2) == IS_LONG) {
-			if (Z_LVAL_P(op2) == 0) {
-				return 0;
-			}
-		} else if (Z_TYPE_P(op2) == IS_DOUBLE) {
-			if (Z_DVAL_P(op2) == 0.0) {
-				return 0;
-			}
-		}
+	if ((opcode == ZEND_DIV || opcode == ZEND_MOD) &&
+	    zval_get_long(op2) == 0) {
+		return 0;
+	} else if ((opcode == ZEND_SL || opcode == ZEND_SR) &&
+	    zval_get_long(op2) < 0) {
+		return 0;
 	}
 
 	fn(result, op1, op2);
author	Dmitry Stogov <dmitry@zend.com>	2015-06-29 12:58:07 +0300
committer	Dmitry Stogov <dmitry@zend.com>	2015-06-29 12:58:07 +0300
commit	642c3790925d6a692747d4a1a6ee02deef0b93b5 (patch)
tree	76ad5303f618c3a689ab09ea9c12884dd69e32ff /Zend/zend_compile.c
parent	1bba4452e7e5fa34470e9167e6c8b28afb42fdb7 (diff)
download	php-git-642c3790925d6a692747d4a1a6ee02deef0b93b5.tar.gz