Skip to content

Commit 44ec732

Browse files
dstogovdstogov
committed
Fixed ZEND_IN_ARRAY related issues
1 parent 13ee8fd commit 44ec732

File tree

3 files changed

+48
-47
lines changed

3 files changed

+48
-47
lines changed

Zend/zend_compile.c

Lines changed: 23 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3644,23 +3644,38 @@ static int zend_compile_func_in_array(znode *result, zend_ast_list *args) /* {{{
36443644
zend_op *opline;
36453645

36463646
if (args->children == 3) {
3647-
if (args->child[2]->kind != ZEND_AST_ZVAL) {
3647+
if (args->child[2]->kind == ZEND_AST_ZVAL) {
3648+
strict = zend_is_true(zend_ast_get_zval(args->child[2]));
3649+
} else if (args->child[2]->kind == ZEND_AST_CONST) {
3650+
zval value;
3651+
zend_ast *name_ast = args->child[2]->child[0];
3652+
zend_bool is_fully_qualified;
3653+
zend_string *resolved_name = zend_resolve_const_name(
3654+
zend_ast_get_str(name_ast), name_ast->attr, &is_fully_qualified);
3655+
3656+
if (!zend_try_ct_eval_const(&value, resolved_name, is_fully_qualified)) {
3657+
zend_string_release(resolved_name);
3658+
return FAILURE;
3659+
}
3660+
3661+
zend_string_release(resolved_name);
3662+
strict = zend_is_true(&value);
3663+
zval_ptr_dtor(&value);
3664+
} else {
36483665
return FAILURE;
36493666
}
3650-
strict = zend_is_true(zend_ast_get_zval(args->child[2]));
3667+
} else if (args->children != 2) {
3668+
return FAILURE;
36513669
}
36523670

3653-
if (args->children < 2
3654-
|| args->children > 3
3655-
|| args->child[1]->kind != ZEND_AST_ARRAY
3671+
if (args->child[1]->kind != ZEND_AST_ARRAY
36563672
|| !zend_try_ct_eval_array(&array.u.constant, args->child[1])) {
36573673
return FAILURE;
36583674
}
36593675

36603676
if (zend_hash_num_elements(Z_ARRVAL(array.u.constant)) > 0) {
36613677
zend_bool ok = 1;
36623678
zval *val, tmp;
3663-
zend_ulong idx;
36643679
HashTable *src = Z_ARRVAL(array.u.constant);
36653680
HashTable *dst = emalloc(sizeof(HashTable));
36663681

@@ -3681,7 +3696,8 @@ static int zend_compile_func_in_array(znode *result, zend_ast_list *args) /* {{{
36813696
} ZEND_HASH_FOREACH_END();
36823697
} else {
36833698
ZEND_HASH_FOREACH_VAL(src, val) {
3684-
if (Z_TYPE_P(val) != IS_STRING || ZEND_HANDLE_NUMERIC(Z_STR_P(val), idx)) {
3699+
if (Z_TYPE_P(val) != IS_STRING
3700+
|| is_numeric_string(Z_STRVAL_P(val), Z_STRLEN_P(val), NULL, NULL, 0)) {
36853701
zend_array_destroy(dst);
36863702
ok = 0;
36873703
break;

Zend/zend_vm_def.h

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8106,10 +8106,12 @@ ZEND_VM_HANDLER(189, ZEND_IN_ARRAY, CONST|TMP|VAR|CV, CONST, NUM)
81068106
{
81078107
USE_OPLINE
81088108
zend_free_op free_op1;
8109-
zval *op1 = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R);
8109+
zval *op1;
81108110
HashTable *ht = Z_ARRVAL_P(EX_CONSTANT(opline->op2));
81118111
int result;
81128112

8113+
SAVE_OPLINE();
8114+
op1 = GET_OP1_ZVAL_PTR_DEREF(BP_VAR_R);
81138115
if (EXPECTED(Z_TYPE_P(op1) == IS_STRING)) {
81148116
result = zend_hash_exists(ht, Z_STR_P(op1));
81158117
} else if (opline->extended_value) {
@@ -8125,7 +8127,6 @@ ZEND_VM_HANDLER(189, ZEND_IN_ARRAY, CONST|TMP|VAR|CV, CONST, NUM)
81258127
zval tmp;
81268128

81278129
result = 0;
8128-
SAVE_OPLINE();
81298130
ZEND_HASH_FOREACH_STR_KEY(ht, key) {
81308131
ZVAL_STR(&tmp, key);
81318132
compare_function(&tmp, op1, &tmp);
@@ -8134,15 +8135,11 @@ ZEND_VM_HANDLER(189, ZEND_IN_ARRAY, CONST|TMP|VAR|CV, CONST, NUM)
81348135
break;
81358136
}
81368137
} ZEND_HASH_FOREACH_END();
8137-
FREE_OP1();
8138-
ZEND_VM_SMART_BRANCH(result, 1);
8139-
ZVAL_BOOL(EX_VAR(opline->result.var), result);
8140-
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
81418138
}
81428139
FREE_OP1();
8143-
ZEND_VM_SMART_BRANCH(result, 0);
8140+
ZEND_VM_SMART_BRANCH(result, 1);
81448141
ZVAL_BOOL(EX_VAR(opline->result.var), result);
8145-
ZEND_VM_NEXT_OPCODE();
8142+
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
81468143
}
81478144

81488145
ZEND_VM_HOT_TYPE_SPEC_HANDLER(ZEND_ADD, (res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG && op2_info == MAY_BE_LONG), ZEND_ADD_LONG_NO_OVERFLOW, CONST|TMPVARCV, CONST|TMPVARCV, SPEC(NO_CONST_CONST,COMMUTATIVE))

Zend/zend_vm_execute.h

Lines changed: 20 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -6423,10 +6423,12 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_CONST_CONST_HAND
64236423
{
64246424
USE_OPLINE
64256425

6426-
zval *op1 = EX_CONSTANT(opline->op1);
6426+
zval *op1;
64276427
HashTable *ht = Z_ARRVAL_P(EX_CONSTANT(opline->op2));
64286428
int result;
64296429

6430+
SAVE_OPLINE();
6431+
op1 = EX_CONSTANT(opline->op1);
64306432
if (EXPECTED(Z_TYPE_P(op1) == IS_STRING)) {
64316433
result = zend_hash_exists(ht, Z_STR_P(op1));
64326434
} else if (opline->extended_value) {
@@ -6442,7 +6444,6 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_CONST_CONST_HAND
64426444
zval tmp;
64436445

64446446
result = 0;
6445-
SAVE_OPLINE();
64466447
ZEND_HASH_FOREACH_STR_KEY(ht, key) {
64476448
ZVAL_STR(&tmp, key);
64486449
compare_function(&tmp, op1, &tmp);
@@ -6451,15 +6452,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_CONST_CONST_HAND
64516452
break;
64526453
}
64536454
} ZEND_HASH_FOREACH_END();
6454-
6455-
ZEND_VM_SMART_BRANCH(result, 1);
6456-
ZVAL_BOOL(EX_VAR(opline->result.var), result);
6457-
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
64586455
}
64596456

6460-
ZEND_VM_SMART_BRANCH(result, 0);
6457+
ZEND_VM_SMART_BRANCH(result, 1);
64616458
ZVAL_BOOL(EX_VAR(opline->result.var), result);
6462-
ZEND_VM_NEXT_OPCODE();
6459+
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
64636460
}
64646461

64656462
static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_DIM_R_INDEX_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
@@ -13815,10 +13812,12 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_TMP_CONST_HANDLE
1381513812
{
1381613813
USE_OPLINE
1381713814
zend_free_op free_op1;
13818-
zval *op1 = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1);
13815+
zval *op1;
1381913816
HashTable *ht = Z_ARRVAL_P(EX_CONSTANT(opline->op2));
1382013817
int result;
1382113818

13819+
SAVE_OPLINE();
13820+
op1 = _get_zval_ptr_tmp(opline->op1.var, execute_data, &free_op1);
1382213821
if (EXPECTED(Z_TYPE_P(op1) == IS_STRING)) {
1382313822
result = zend_hash_exists(ht, Z_STR_P(op1));
1382413823
} else if (opline->extended_value) {
@@ -13834,7 +13833,6 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_TMP_CONST_HANDLE
1383413833
zval tmp;
1383513834

1383613835
result = 0;
13837-
SAVE_OPLINE();
1383813836
ZEND_HASH_FOREACH_STR_KEY(ht, key) {
1383913837
ZVAL_STR(&tmp, key);
1384013838
compare_function(&tmp, op1, &tmp);
@@ -13843,15 +13841,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_TMP_CONST_HANDLE
1384313841
break;
1384413842
}
1384513843
} ZEND_HASH_FOREACH_END();
13846-
zval_ptr_dtor_nogc(free_op1);
13847-
ZEND_VM_SMART_BRANCH(result, 1);
13848-
ZVAL_BOOL(EX_VAR(opline->result.var), result);
13849-
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
1385013844
}
1385113845
zval_ptr_dtor_nogc(free_op1);
13852-
ZEND_VM_SMART_BRANCH(result, 0);
13846+
ZEND_VM_SMART_BRANCH(result, 1);
1385313847
ZVAL_BOOL(EX_VAR(opline->result.var), result);
13854-
ZEND_VM_NEXT_OPCODE();
13848+
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
1385513849
}
1385613850

1385713851
static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IS_IDENTICAL_SPEC_TMP_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
@@ -19947,10 +19941,12 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_VAR_CONST_HANDLE
1994719941
{
1994819942
USE_OPLINE
1994919943
zend_free_op free_op1;
19950-
zval *op1 = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1);
19944+
zval *op1;
1995119945
HashTable *ht = Z_ARRVAL_P(EX_CONSTANT(opline->op2));
1995219946
int result;
1995319947

19948+
SAVE_OPLINE();
19949+
op1 = _get_zval_ptr_var_deref(opline->op1.var, execute_data, &free_op1);
1995419950
if (EXPECTED(Z_TYPE_P(op1) == IS_STRING)) {
1995519951
result = zend_hash_exists(ht, Z_STR_P(op1));
1995619952
} else if (opline->extended_value) {
@@ -19966,7 +19962,6 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_VAR_CONST_HANDLE
1996619962
zval tmp;
1996719963

1996819964
result = 0;
19969-
SAVE_OPLINE();
1997019965
ZEND_HASH_FOREACH_STR_KEY(ht, key) {
1997119966
ZVAL_STR(&tmp, key);
1997219967
compare_function(&tmp, op1, &tmp);
@@ -19975,15 +19970,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_VAR_CONST_HANDLE
1997519970
break;
1997619971
}
1997719972
} ZEND_HASH_FOREACH_END();
19978-
zval_ptr_dtor_nogc(free_op1);
19979-
ZEND_VM_SMART_BRANCH(result, 1);
19980-
ZVAL_BOOL(EX_VAR(opline->result.var), result);
19981-
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
1998219973
}
1998319974
zval_ptr_dtor_nogc(free_op1);
19984-
ZEND_VM_SMART_BRANCH(result, 0);
19975+
ZEND_VM_SMART_BRANCH(result, 1);
1998519976
ZVAL_BOOL(EX_VAR(opline->result.var), result);
19986-
ZEND_VM_NEXT_OPCODE();
19977+
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
1998719978
}
1998819979

1998919980
static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IS_IDENTICAL_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
@@ -38331,10 +38322,12 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_CV_CONST_HANDLER
3833138322
{
3833238323
USE_OPLINE
3833338324

38334-
zval *op1 = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var);
38325+
zval *op1;
3833538326
HashTable *ht = Z_ARRVAL_P(EX_CONSTANT(opline->op2));
3833638327
int result;
3833738328

38329+
SAVE_OPLINE();
38330+
op1 = _get_zval_ptr_cv_deref_BP_VAR_R(execute_data, opline->op1.var);
3833838331
if (EXPECTED(Z_TYPE_P(op1) == IS_STRING)) {
3833938332
result = zend_hash_exists(ht, Z_STR_P(op1));
3834038333
} else if (opline->extended_value) {
@@ -38350,7 +38343,6 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_CV_CONST_HANDLER
3835038343
zval tmp;
3835138344

3835238345
result = 0;
38353-
SAVE_OPLINE();
3835438346
ZEND_HASH_FOREACH_STR_KEY(ht, key) {
3835538347
ZVAL_STR(&tmp, key);
3835638348
compare_function(&tmp, op1, &tmp);
@@ -38359,15 +38351,11 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IN_ARRAY_SPEC_CV_CONST_HANDLER
3835938351
break;
3836038352
}
3836138353
} ZEND_HASH_FOREACH_END();
38362-
38363-
ZEND_VM_SMART_BRANCH(result, 1);
38364-
ZVAL_BOOL(EX_VAR(opline->result.var), result);
38365-
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
3836638354
}
3836738355

38368-
ZEND_VM_SMART_BRANCH(result, 0);
38356+
ZEND_VM_SMART_BRANCH(result, 1);
3836938357
ZVAL_BOOL(EX_VAR(opline->result.var), result);
38370-
ZEND_VM_NEXT_OPCODE();
38358+
ZEND_VM_NEXT_OPCODE_CHECK_EXCEPTION();
3837138359
}
3837238360

3837338361
static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FETCH_DIM_R_INDEX_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)

0 commit comments

Comments
 (0)