id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,appname,phpversion,exts,sapi,probability,blockedby,blocking
45,xc_coverager_get_op_array_size_no_tail crash when size reaches 0,judas_iscariote,moo,"Im getting a crash there...

a quick looks says :

seems when  op_array->size is 2 ..


{{{
static int xc_coverager_get_op_array_size_no_tail(zend_op_array *op_array) /* {{{ */
{
        zend_uint size;

        size = op_array->size;

#ifdef ZEND_ENGINE_2
        if (op_array->opcodes[size - 1].opcode == ZEND_HANDLE_EXCEPTION) {
                size --;
                 //size is 1 now
#endif
                if (op_array->opcodes[size - 1].opcode == ZEND_RETURN) {
                        size --;
                        //size is 0 now
                        /* it's not real php statement */
                        // crash here I guess is 'cause - 1 underflow zend_uint right ?
                        if (op_array->opcodes[size - 1].opcode == ZEND_EXT_STMT) {
                                size --;
                        }
                }
#ifdef ZEND_ENGINE_2
        }
#endif
        return size;
}
}}}

",defect,closed,major,1.0.3,coverager,1.2-dev,fixed,coverager,,,,,,,,