Opened 7 years ago
Closed 7 years ago
#45 closed defect (fixed)
xc_coverager_get_op_array_size_no_tail crash when size reaches 0
| Reported by: | judas_iscariote | Owned by: | moo |
|---|---|---|---|
| Priority: | major | Milestone: | 1.0.3 |
| Component: | coverager | Version: | 1.2-dev |
| Keywords: | coverager | Cc: | |
| Application: | PHP Version: | ||
| Other Exts: | SAPI: | ||
| Probability: | Blocked By: | ||
| Blocking: |
Description
Im getting a crash there...
a quick looks says :
seems when op_array->size is 2 ..
static int xc_coverager_get_op_array_size_no_tail(zend_op_array *op_array) /* {{{ */
{
zend_uint size;
size = op_array->size;
#ifdef ZEND_ENGINE_2
if (op_array->opcodes[size - 1].opcode == ZEND_HANDLE_EXCEPTION) {
size --;
//size is 1 now
#endif
if (op_array->opcodes[size - 1].opcode == ZEND_RETURN) {
size --;
//size is 0 now
/* it's not real php statement */
// crash here I guess is 'cause - 1 underflow zend_uint right ?
if (op_array->opcodes[size - 1].opcode == ZEND_EXT_STMT) {
size --;
}
}
#ifdef ZEND_ENGINE_2
}
#endif
return size;
}
Change History (1)
comment:1 Changed 7 years ago by moo
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
in [228]