summaryrefslogtreecommitdiff
path: root/Zend/zend_execute.c
diff options
context:
space:
mode:
authorNikita Popov <nikic@php.net>2014-01-18 12:30:44 +0100
committerNikita Popov <nikic@php.net>2014-01-18 14:41:33 +0100
commit31a2ac470cba47a396a9b6c815700fbec51c6032 (patch)
treefa08a2813b76216e94ddce83d9dbac75d2fb0f14 /Zend/zend_execute.c
parent8ff4d61f0864fbca7b2905f14de76fd400d9b3df (diff)
downloadphp-git-31a2ac470cba47a396a9b6c815700fbec51c6032.tar.gz
Fix argument unpacking across stack pages
If multiple unpacks were used (or mixed with normal arguments) parts of the arguments could land on different stack pages. If this occurs the arguments will now be copied to a new stack page. The code used to do this is copied verbatim from the PHP 5.4 branch and only modified to reduce the amount of inlined code.
Diffstat (limited to 'Zend/zend_execute.c')
-rw-r--r--Zend/zend_execute.c36
1 files changed, 36 insertions, 0 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index 174b165c7e..31caceecbe 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -1691,6 +1691,42 @@ static zend_always_inline zend_bool zend_is_by_ref_func_arg_fetch(zend_op *oplin
}
/* }}} */
+static void **zend_vm_stack_push_args_with_copy(int count TSRMLS_DC) /* {{{ */
+{
+ zend_vm_stack p = EG(argument_stack);
+
+ zend_vm_stack_extend(count + 1 TSRMLS_CC);
+
+ EG(argument_stack)->top += count;
+ *(EG(argument_stack)->top) = (void*)(zend_uintptr_t)count;
+ while (count-- > 0) {
+ void *data = *(--p->top);
+
+ if (UNEXPECTED(p->top == ZEND_VM_STACK_ELEMETS(p))) {
+ zend_vm_stack r = p;
+
+ EG(argument_stack)->prev = p->prev;
+ p = p->prev;
+ efree(r);
+ }
+ *(ZEND_VM_STACK_ELEMETS(EG(argument_stack)) + count) = data;
+ }
+ return EG(argument_stack)->top++;
+}
+/* }}} */
+
+static zend_always_inline void** zend_vm_stack_push_args(int count TSRMLS_DC) /* {{{ */
+{
+ if (UNEXPECTED(EG(argument_stack)->top - ZEND_VM_STACK_ELEMETS(EG(argument_stack)) < count)
+ || UNEXPECTED(EG(argument_stack)->top == EG(argument_stack)->end)) {
+ return zend_vm_stack_push_args_with_copy(count TSRMLS_CC);
+ }
+ *(EG(argument_stack)->top) = (void*)(zend_uintptr_t)count;
+ return EG(argument_stack)->top++;
+}
+/* }}} */
+
+
#define ZEND_VM_NEXT_OPCODE() \
CHECK_SYMBOL_TABLES() \
ZEND_VM_INC_OPCODE(); \
View Lorry Controller Status