Opened 8 years ago

Closed 8 years ago

#45 closed defect (fixed)

xc_coverager_get_op_array_size_no_tail crash when size reaches 0

Reported by: judas_iscariote Owned by: moo
Priority: major Milestone: 1.0.3
Component: coverager Version: 1.2-dev
Keywords: coverager Cc:
Application: PHP Version:
Other Exts: SAPI:
Probability: Blocked By:
Blocking:

Description

Im getting a crash there...

a quick looks says :

seems when op_array->size is 2 ..

static int xc_coverager_get_op_array_size_no_tail(zend_op_array *op_array) /* {{{ */
{
        zend_uint size;

        size = op_array->size;

#ifdef ZEND_ENGINE_2
        if (op_array->opcodes[size - 1].opcode == ZEND_HANDLE_EXCEPTION) {
                size --;
                 //size is 1 now
#endif
                if (op_array->opcodes[size - 1].opcode == ZEND_RETURN) {
                        size --;
                        //size is 0 now
                        /* it's not real php statement */
                        // crash here I guess is 'cause - 1 underflow zend_uint right ?
                        if (op_array->opcodes[size - 1].opcode == ZEND_EXT_STMT) {
                                size --;
                        }
                }
#ifdef ZEND_ENGINE_2
        }
#endif
        return size;
}

Change History (1)

comment:1 Changed 8 years ago by moo

  • Resolution set to fixed
  • Status changed from new to closed

in [228]

Note: See TracTickets for help on using tickets.