Fix possible use of unitialized variable

Author: TimWolla

Zend/zend_builtin_functions.c

@@ -1559,7 +1559,8 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) /
 					 */
 					while (i < first_extra_arg) {
 						zend_string *arg_name = call->func->op_array.vars[i];
-						zval *arg = zend_hash_find_ex_ind(call->symbol_table, arg_name, 1);
+						zval arg;
+						zval *old_arg = zend_hash_find_ex_ind(call->symbol_table, arg_name, 1);
 						zend_attribute *attribute = zend_get_parameter_attribute_str(
 							call->func->op_array.attributes,
 							"sensitiveparameter",
@@ -1574,28 +1575,29 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) /
 
 						}
 
-						if (arg) {
-							ZVAL_DEREF(arg);
-							Z_TRY_ADDREF_P(arg);
+						if (old_arg) {
+							ZVAL_DEREF(old_arg);
+							Z_TRY_ADDREF_P(old_arg);
+							arg = *old_arg;
 						} else {
-							ZVAL_NULL(arg);
+							ZVAL_NULL(&arg);
 						}
 
 						if (last_was_sensitive) {
 							zval new_arg;
 							object_init_ex(&new_arg, zend_ce_sensitive_parameter_value);
-							zend_call_method_with_1_params(Z_OBJ_P(&new_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, arg);
+							zend_call_method_with_1_params(Z_OBJ_P(&new_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, &arg);
 							ZEND_HASH_FILL_SET(&new_arg);
 						} else {
-							ZEND_HASH_FILL_SET(arg);
+							ZEND_HASH_FILL_SET(&arg);
 						}
 
 						ZEND_HASH_FILL_NEXT();
 						i++;
 					}
 				} else {
 					while (i < first_extra_arg) {
-						zval *arg;
+						zval arg;
 
 						zend_attribute *attribute = zend_get_parameter_attribute_str(
 							call->func->op_array.attributes,
@@ -1611,20 +1613,20 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) /
 						}
 
 						if (EXPECTED(Z_TYPE_INFO_P(p) != IS_UNDEF)) {
-							arg = p;
-							ZVAL_DEREF(arg);
-							Z_TRY_ADDREF_P(arg);
+							ZVAL_DEREF(p);
+							Z_TRY_ADDREF_P(p);
+							arg = *p;
 						} else {
-							ZVAL_NULL(arg);
+							ZVAL_NULL(&arg);
 						}
 
 						if (last_was_sensitive) {
 							zval new_arg;
 							object_init_ex(&new_arg, zend_ce_sensitive_parameter_value);
-							zend_call_method_with_1_params(Z_OBJ_P(&new_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, arg);
+							zend_call_method_with_1_params(Z_OBJ_P(&new_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, &arg);
 							ZEND_HASH_FILL_SET(&new_arg);
 						} else {
-							ZEND_HASH_FILL_SET(arg);
+							ZEND_HASH_FILL_SET(&arg);
 						}
 
 						ZEND_HASH_FILL_NEXT();
@@ -1636,7 +1638,7 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) /
 			}
 
 			while (i < num_args) {
-				zval *arg;
+				zval arg;
 
 				zend_attribute *attribute = zend_get_parameter_attribute_str(
 					call->func->op_array.attributes,
@@ -1657,20 +1659,20 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) /
 
 
 				if (EXPECTED(Z_TYPE_INFO_P(p) != IS_UNDEF)) {
-					arg = p;
-					ZVAL_DEREF(arg);
-					Z_TRY_ADDREF_P(arg);
+					ZVAL_DEREF(p);
+					Z_TRY_ADDREF_P(p);
+					arg = *p;
 				} else {
-					ZVAL_NULL(arg);
+					ZVAL_NULL(&arg);
 				}
 
 				if (last_was_sensitive) {
 					zval new_arg;
 					object_init_ex(&new_arg, zend_ce_sensitive_parameter_value);
-					zend_call_method_with_1_params(Z_OBJ_P(&new_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, arg);
+					zend_call_method_with_1_params(Z_OBJ_P(&new_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, &arg);
 					ZEND_HASH_FILL_SET(&new_arg);
 				} else {
-					ZEND_HASH_FILL_SET(arg);
+					ZEND_HASH_FILL_SET(&arg);
 				}
 
 				ZEND_HASH_FILL_NEXT();