outtersg
diff --git a/‎Zend/zend_execute.c‎
Lines changed: 20 additions & 15 deletions b/‎Zend/zend_execute.c‎
Lines changed: 20 additions & 15 deletions
diff --git a/‎Zend/zend_execute_API.c‎
Lines changed: 1 addition & 1 deletion b/‎Zend/zend_execute_API.c‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Zend/zend_types.h‎
Lines changed: 5 additions & 0 deletions b/‎Zend/zend_types.h‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Zend/zend_vm_def.h‎
Lines changed: 18 additions & 18 deletions b/‎Zend/zend_vm_def.h‎
Lines changed: 18 additions & 18 deletions
@@ -1106,7 +1106,7 @@ static zend_always_inline void zend_assign_to_object(zval *retval, zval *object,
 
 if (object_op_type != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) {
 do {
-if (object_op_type == IS_VAR && UNEXPECTED(object == &EG(error_zval))) {
+if (object_op_type == IS_VAR && UNEXPECTED(Z_TYPE_P(object) == IS_ERROR)) {
 if (retval) {
  ZVAL_NULL(retval);
 }
@@ -1649,7 +1649,7 @@ static zend_always_inline zval *zend_fetch_dimension_address_inner(HashTable *ht
 default:
 zend_error(E_WARNING, "Illegal offset type");
 retval = (type == BP_VAR_W || type == BP_VAR_RW) ?
-&EG(error_zval) : &EG(uninitialized_zval);
+NULL : &EG(uninitialized_zval);
 }
 }
 return retval;
@@ -1832,10 +1832,15 @@ static zend_always_inline void zend_fetch_dimension_address(zval *result, zval *
 retval = zend_hash_next_index_insert(Z_ARRVAL_P(container), &EG(uninitialized_zval));
 if (UNEXPECTED(retval == NULL)) {
 zend_error(E_WARNING, "Cannot add element to the array as the next element is already occupied");
-retval = &EG(error_zval);
+ZVAL_ERROR(result);
+return;
 }
 } else {
 retval = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), dim, dim_type, type);
+if (UNEXPECTED(!retval)) {
+ZVAL_ERROR(result);
+return;
+}
 }
 ZVAL_INDIRECT(result, retval);
 return;
@@ -1860,11 +1865,11 @@ static zend_always_inline void zend_fetch_dimension_address(zval *result, zval *
 zend_check_string_offset(dim, type);
 zend_wrong_string_offset();
 }
-ZVAL_INDIRECT(result, &EG(error_zval));
+ZVAL_ERROR(result);
 } else if (EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) {
 if (!Z_OBJ_HT_P(container)->read_dimension) {
 zend_throw_error(NULL, "Cannot use object as array");
-retval = &EG(error_zval);
+ZVAL_ERROR(result);
 } else {
 retval = Z_OBJ_HT_P(container)->read_dimension(container, dim, type, result);
 
@@ -1897,25 +1902,25 @@ static zend_always_inline void zend_fetch_dimension_address(zval *result, zval *
 ZVAL_INDIRECT(result, retval);
 }
 } else {
-ZVAL_INDIRECT(result, &EG(error_zval));
+ZVAL_ERROR(result);
 }
 }
 } else if (EXPECTED(Z_TYPE_P(container) <= IS_FALSE)) {
-if (UNEXPECTED(container == &EG(error_zval))) {
-ZVAL_INDIRECT(result, &EG(error_zval));
-} else if (type != BP_VAR_UNSET) {
+if (type != BP_VAR_UNSET) {
 goto convert_to_array;
 } else {
 /* for read-mode only */
 ZVAL_NULL(result);
 }
+} else if (EXPECTED(Z_TYPE_P(container) == IS_ERROR)) {
+ZVAL_ERROR(result);
 } else {
 if (type == BP_VAR_UNSET) {
 zend_error(E_WARNING, "Cannot unset offset in a non-array variable");
 ZVAL_NULL(result);
 } else {
 zend_error(E_WARNING, "Cannot use a scalar value as an array");
-ZVAL_INDIRECT(result, &EG(error_zval));
+ZVAL_ERROR(result);
 }
 }
 }
@@ -2044,8 +2049,8 @@ static zend_always_inline void zend_fetch_property_address(zval *result, zval *c
 {
  if (container_op_type != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) {
 do {
-if (container_op_type == IS_VAR && UNEXPECTED(container == &EG(error_zval))) {
-ZVAL_INDIRECT(result, &EG(error_zval));
+if (container_op_type == IS_VAR && UNEXPECTED(Z_TYPE_P(container) == IS_ERROR)) {
+ZVAL_ERROR(result);
 return;
 }
 
@@ -2064,7 +2069,7 @@ static zend_always_inline void zend_fetch_property_address(zval *result, zval *c
 object_init(container);
 } else {
 zend_error(E_WARNING, "Attempt to modify property of non-object");
-ZVAL_INDIRECT(result, &EG(error_zval));
+ZVAL_ERROR(result);
 return;
 }
 } while (0);
@@ -2107,7 +2112,7 @@ static zend_always_inline void zend_fetch_property_address(zval *result, zval *c
 }
 } else {
 zend_throw_error(NULL, "Cannot access undefined property for object with overloaded property access");
-ZVAL_INDIRECT(result, &EG(error_zval));
+ZVAL_ERROR(result);
 }
 } else {
 ZVAL_INDIRECT(result, ptr);
@@ -2121,7 +2126,7 @@ static zend_always_inline void zend_fetch_property_address(zval *result, zval *c
 }
 } else {
 zend_error(E_WARNING, "This object doesn't support property references");
-ZVAL_INDIRECT(result, &EG(error_zval));
+ZVAL_ERROR(result);
 }
 }
 
 
@@ -130,7 +130,7 @@ void init_executor(void) /* {{{ */
 zend_init_fpu();
 
 ZVAL_NULL(&EG(uninitialized_zval));
-ZVAL_NULL(&EG(error_zval));
+ZVAL_ERROR(&EG(error_zval));
 /* destroys stack frame, therefore makes core dumps worthless */
 #if 0&&ZEND_DEBUG
 original_sigsegv_handler = signal(SIGSEGV, zend_handle_sigsegv);
 
@@ -324,6 +324,7 @@ struct _zend_ast_ref {
 /* internal types */
 #define IS_INDIRECT	15
 #define IS_PTR17
+#define IS_ERROR19
 
 static zend_always_inline zend_uchar zval_get_type(const zval* pz) {
 return pz->u1.v.type;
@@ -781,6 +782,10 @@ static zend_always_inline zend_uchar zval_get_type(const zval* pz) {
 Z_TYPE_INFO_P(z) = IS_PTR;	\
 } while (0)
 
+#define ZVAL_ERROR(z) do {	\
+Z_TYPE_INFO_P(z) = IS_ERROR;	\
+} while (0)
+
 #define Z_REFCOUNT_P(pz)	zval_refcount_p(pz)
 #define Z_SET_REFCOUNT_P(pz, rc)	zval_set_refcount_p(pz, rc)
 #define Z_ADDREF_P(pz)	zval_addref_p(pz)
 
@@ -789,14 +789,14 @@ ZEND_VM_HELPER(zend_binary_assign_op_dim_helper, VAR|UNUSED|CV, CONST|TMPVAR|UNU
 
 zend_fetch_dimension_address_RW(&rv, container, dim, OP2_TYPE);
 value = get_zval_ptr_r((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1);
-ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT);
-var_ptr = Z_INDIRECT(rv);
 
-if (UNEXPECTED(var_ptr == &EG(error_zval))) {
+if (UNEXPECTED(Z_TYPE(rv) == IS_ERROR)) {
 if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
 ZVAL_NULL(EX_VAR(opline->result.var));
 }
 } else {
+ZEND_ASSERT(Z_TYPE(rv) == IS_INDIRECT);
+var_ptr = Z_INDIRECT(rv);
 ZVAL_DEREF(var_ptr);
 SEPARATE_ZVAL_NOREF(var_ptr);
 
@@ -825,7 +825,7 @@ ZEND_VM_HELPER(zend_binary_assign_op_helper, VAR|CV, CONST|TMPVAR|CV, binary_op_
 value = GET_OP2_ZVAL_PTR(BP_VAR_R);
 var_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_RW);
 
-if (OP1_TYPE == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) {
+if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(var_ptr) == IS_ERROR)) {
 if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
 ZVAL_NULL(EX_VAR(opline->result.var));
 }
@@ -1247,7 +1247,7 @@ ZEND_VM_HANDLER(34, ZEND_PRE_INC, VAR|CV, ANY)
 ZEND_VM_NEXT_OPCODE();
 }
 
-if (OP1_TYPE == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) {
+if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(var_ptr) == IS_ERROR)) {
 if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
 ZVAL_NULL(EX_VAR(opline->result.var));
 }
@@ -1287,7 +1287,7 @@ ZEND_VM_HANDLER(35, ZEND_PRE_DEC, VAR|CV, ANY)
 ZEND_VM_NEXT_OPCODE();
 }
 
-if (OP1_TYPE == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) {
+if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(var_ptr) == IS_ERROR)) {
 if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
 ZVAL_NULL(EX_VAR(opline->result.var));
 }
@@ -1325,7 +1325,7 @@ ZEND_VM_HANDLER(36, ZEND_POST_INC, VAR|CV, ANY)
 ZEND_VM_NEXT_OPCODE();
 }
 
-if (OP1_TYPE == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) {
+if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(var_ptr) == IS_ERROR)) {
 ZVAL_NULL(EX_VAR(opline->result.var));
 ZEND_VM_NEXT_OPCODE();
 }
@@ -1358,7 +1358,7 @@ ZEND_VM_HANDLER(37, ZEND_POST_DEC, VAR|CV, ANY)
 ZEND_VM_NEXT_OPCODE();
 }
 
-if (OP1_TYPE == IS_VAR && UNEXPECTED(var_ptr == &EG(error_zval))) {
+if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(var_ptr) == IS_ERROR)) {
 ZVAL_NULL(EX_VAR(opline->result.var));
 ZEND_VM_NEXT_OPCODE();
 }
@@ -2139,7 +2139,7 @@ ZEND_VM_C_LABEL(try_assign_dim_array):
 variable_ptr = zend_hash_next_index_insert(Z_ARRVAL_P(object_ptr), &EG(uninitialized_zval));
 if (UNEXPECTED(variable_ptr == NULL)) {
 zend_error(E_WARNING, "Cannot add element to the array as the next element is already occupied");
-variable_ptr = &EG(error_zval);
+variable_ptr = NULL;
 }
 } else {
 dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
@@ -2148,7 +2148,7 @@ ZEND_VM_C_LABEL(try_assign_dim_array):
 FREE_OP2();
 }
 value = get_zval_ptr_r((opline+1)->op1_type, (opline+1)->op1, execute_data, &free_op_data1);
-if (UNEXPECTED(variable_ptr == &EG(error_zval))) {
+if (UNEXPECTED(variable_ptr == NULL)) {
 FREE_OP(free_op_data1);
 if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
 ZVAL_NULL(EX_VAR(opline->result.var));
@@ -2197,10 +2197,9 @@ ZEND_VM_C_LABEL(assign_dim_convert_to_array):
 ZEND_VM_C_GOTO(try_assign_dim_array);
 }
 } else if (EXPECTED(Z_TYPE_P(object_ptr) <= IS_FALSE)) {
-if (OP1_TYPE == IS_VAR && UNEXPECTED(object_ptr == &EG(error_zval))) {
-ZEND_VM_C_GOTO(assign_dim_clean);
-}
 ZEND_VM_C_GOTO(assign_dim_convert_to_array);
+} else if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(object_ptr) == IS_ERROR)) {
+ZEND_VM_C_GOTO(assign_dim_clean);
 } else {
 zend_error(E_WARNING, "Cannot use a scalar value as an array");
 ZEND_VM_C_LABEL(assign_dim_clean):
@@ -2229,7 +2228,7 @@ ZEND_VM_HANDLER(38, ZEND_ASSIGN, VAR|CV, CONST|TMP|VAR|CV)
 value = GET_OP2_ZVAL_PTR(BP_VAR_R);
 variable_ptr = GET_OP1_ZVAL_PTR_PTR_UNDEF(BP_VAR_W);
 
-if (OP1_TYPE == IS_VAR && UNEXPECTED(variable_ptr == &EG(error_zval))) {
+if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(variable_ptr) == IS_ERROR)) {
 FREE_OP2();
 if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
 ZVAL_NULL(EX_VAR(opline->result.var));
@@ -2258,7 +2257,8 @@ ZEND_VM_HANDLER(39, ZEND_ASSIGN_REF, VAR|CV, VAR|CV, SRC)
 
 if (OP1_TYPE == IS_VAR &&
  UNEXPECTED(Z_TYPE_P(EX_VAR(opline->op1.var)) != IS_INDIRECT) &&
- UNEXPECTED(!Z_ISREF_P(EX_VAR(opline->op1.var)))) {
+ UNEXPECTED(Z_TYPE_P(EX_VAR(opline->op1.var)) != IS_REFERENCE) &&
+ UNEXPECTED(Z_TYPE_P(EX_VAR(opline->op1.var)) != IS_ERROR)) {
 zend_throw_error(NULL, "Cannot assign by reference to overloaded object");
 FREE_OP2_VAR_PTR();
 HANDLE_EXCEPTION();
@@ -2279,8 +2279,8 @@ ZEND_VM_HANDLER(39, ZEND_ASSIGN_REF, VAR|CV, VAR|CV, SRC)
 }
 
 variable_ptr = GET_OP1_ZVAL_PTR_PTR_UNDEF(BP_VAR_W);
-if ((OP1_TYPE == IS_VAR && UNEXPECTED(variable_ptr == &EG(error_zval))) ||
- (OP2_TYPE == IS_VAR && UNEXPECTED(value_ptr == &EG(error_zval)))) {
+if ((OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(variable_ptr) == IS_ERROR)) ||
+ (OP2_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(value_ptr) == IS_ERROR))) {
 variable_ptr = &EG(uninitialized_zval);
 } else {
 zend_assign_to_variable_reference(variable_ptr, value_ptr);
@@ -4268,7 +4268,7 @@ ZEND_VM_HANDLER(67, ZEND_SEND_REF, VAR|CV, NUM)
 varptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
 
 arg = ZEND_CALL_VAR(EX(call), opline->result.var);
-if (OP1_TYPE == IS_VAR && UNEXPECTED(varptr == &EG(error_zval))) {
+if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_TYPE_P(varptr) == IS_ERROR)) {
 ZVAL_NEW_REF(arg, &EG(uninitialized_zval));
 ZEND_VM_NEXT_OPCODE();
 }
Original file line number	Diff line number	Diff line change
`@@ -1106,7 +1106,7 @@ static zend_always_inline void zend_assign_to_object(zval retval, zval object,`
`1106`	`1106`
`1107`	`1107`	`if (object_op_type != IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) {`
`1108`	`1108`	`do {`
`1109`		`-if (object_op_type == IS_VAR && UNEXPECTED(object == &EG(error_zval))) {`
	`1109`	`+if (object_op_type == IS_VAR && UNEXPECTED(Z_TYPE_P(object) == IS_ERROR)) {`
`1110`	`1110`	`if (retval) {`
`1111`	`1111`	`ZVAL_NULL(retval);`
`1112`	`1112`	`}`
`@@ -1649,7 +1649,7 @@ static zend_always_inline zval zend_fetch_dimension_address_inner(HashTable ht`
`1649`	`1649`	`default:`
`1650`	`1650`	`zend_error(E_WARNING, "Illegal offset type");`
`1651`	`1651`	`retval = (type == BP_VAR_W \|\| type == BP_VAR_RW) ?`
`1652`		`-&EG(error_zval) : &EG(uninitialized_zval);`
	`1652`	`+NULL : &EG(uninitialized_zval);`
`1653`	`1653`	`}`
`1654`	`1654`	`}`
`1655`	`1655`	`return retval;`
`@@ -1832,10 +1832,15 @@ static zend_always_inline void zend_fetch_dimension_address(zval result, zval `
`1832`	`1832`	`retval = zend_hash_next_index_insert(Z_ARRVAL_P(container), &EG(uninitialized_zval));`
`1833`	`1833`	`if (UNEXPECTED(retval == NULL)) {`
`1834`	`1834`	`zend_error(E_WARNING, "Cannot add element to the array as the next element is already occupied");`
`1835`		`-retval = &EG(error_zval);`
	`1835`	`+ZVAL_ERROR(result);`
	`1836`	`+return;`
`1836`	`1837`	`}`
`1837`	`1838`	`} else {`
`1838`	`1839`	`retval = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), dim, dim_type, type);`
	`1840`	`+if (UNEXPECTED(!retval)) {`
	`1841`	`+ZVAL_ERROR(result);`
	`1842`	`+return;`
	`1843`	`+}`
`1839`	`1844`	`}`
`1840`	`1845`	`ZVAL_INDIRECT(result, retval);`
`1841`	`1846`	`return;`
`@@ -1860,11 +1865,11 @@ static zend_always_inline void zend_fetch_dimension_address(zval result, zval `
`1860`	`1865`	`zend_check_string_offset(dim, type);`
`1861`	`1866`	`zend_wrong_string_offset();`
`1862`	`1867`	`}`
`1863`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
	`1868`	`+ZVAL_ERROR(result);`
`1864`	`1869`	`} else if (EXPECTED(Z_TYPE_P(container) == IS_OBJECT)) {`
`1865`	`1870`	`if (!Z_OBJ_HT_P(container)->read_dimension) {`
`1866`	`1871`	`zend_throw_error(NULL, "Cannot use object as array");`
`1867`		`-retval = &EG(error_zval);`
	`1872`	`+ZVAL_ERROR(result);`
`1868`	`1873`	`} else {`
`1869`	`1874`	`retval = Z_OBJ_HT_P(container)->read_dimension(container, dim, type, result);`
`1870`	`1875`
`@@ -1897,25 +1902,25 @@ static zend_always_inline void zend_fetch_dimension_address(zval result, zval `
`1897`	`1902`	`ZVAL_INDIRECT(result, retval);`
`1898`	`1903`	`}`
`1899`	`1904`	`} else {`
`1900`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
	`1905`	`+ZVAL_ERROR(result);`
`1901`	`1906`	`}`
`1902`	`1907`	`}`
`1903`	`1908`	`} else if (EXPECTED(Z_TYPE_P(container) <= IS_FALSE)) {`
`1904`		`-if (UNEXPECTED(container == &EG(error_zval))) {`
`1905`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
`1906`		`-} else if (type != BP_VAR_UNSET) {`
	`1909`	`+if (type != BP_VAR_UNSET) {`
`1907`	`1910`	`goto convert_to_array;`
`1908`	`1911`	`} else {`
`1909`	`1912`	`/* for read-mode only */`
`1910`	`1913`	`ZVAL_NULL(result);`
`1911`	`1914`	`}`
	`1915`	`+} else if (EXPECTED(Z_TYPE_P(container) == IS_ERROR)) {`
	`1916`	`+ZVAL_ERROR(result);`
`1912`	`1917`	`} else {`
`1913`	`1918`	`if (type == BP_VAR_UNSET) {`
`1914`	`1919`	`zend_error(E_WARNING, "Cannot unset offset in a non-array variable");`
`1915`	`1920`	`ZVAL_NULL(result);`
`1916`	`1921`	`} else {`
`1917`	`1922`	`zend_error(E_WARNING, "Cannot use a scalar value as an array");`
`1918`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
	`1923`	`+ZVAL_ERROR(result);`
`1919`	`1924`	`}`
`1920`	`1925`	`}`
`1921`	`1926`	`}`
`@@ -2044,8 +2049,8 @@ static zend_always_inline void zend_fetch_property_address(zval result, zval c`
`2044`	`2049`	`{`
`2045`	`2050`	`if (container_op_type != IS_UNUSED && UNEXPECTED(Z_TYPE_P(container) != IS_OBJECT)) {`
`2046`	`2051`	`do {`
`2047`		`-if (container_op_type == IS_VAR && UNEXPECTED(container == &EG(error_zval))) {`
`2048`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
	`2052`	`+if (container_op_type == IS_VAR && UNEXPECTED(Z_TYPE_P(container) == IS_ERROR)) {`
	`2053`	`+ZVAL_ERROR(result);`
`2049`	`2054`	`return;`
`2050`	`2055`	`}`
`2051`	`2056`
`@@ -2064,7 +2069,7 @@ static zend_always_inline void zend_fetch_property_address(zval result, zval c`
`2064`	`2069`	`object_init(container);`
`2065`	`2070`	`} else {`
`2066`	`2071`	`zend_error(E_WARNING, "Attempt to modify property of non-object");`
`2067`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
	`2072`	`+ZVAL_ERROR(result);`
`2068`	`2073`	`return;`
`2069`	`2074`	`}`
`2070`	`2075`	`} while (0);`
`@@ -2107,7 +2112,7 @@ static zend_always_inline void zend_fetch_property_address(zval result, zval c`
`2107`	`2112`	`}`
`2108`	`2113`	`} else {`
`2109`	`2114`	`zend_throw_error(NULL, "Cannot access undefined property for object with overloaded property access");`
`2110`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
	`2115`	`+ZVAL_ERROR(result);`
`2111`	`2116`	`}`
`2112`	`2117`	`} else {`
`2113`	`2118`	`ZVAL_INDIRECT(result, ptr);`
`@@ -2121,7 +2126,7 @@ static zend_always_inline void zend_fetch_property_address(zval result, zval c`
`2121`	`2126`	`}`
`2122`	`2127`	`} else {`
`2123`	`2128`	`zend_error(E_WARNING, "This object doesn't support property references");`
`2124`		`-ZVAL_INDIRECT(result, &EG(error_zval));`
	`2129`	`+ZVAL_ERROR(result);`
`2125`	`2130`	`}`
`2126`	`2131`	`}`
`2127`	`2132`