derick Thu, 10 Mar 2011 15:34:39 +0000
Revision: http://svn.xdebug.org/cgi-bin/viewvc.cgi?view=rev&revision=3407&root=xdebug
Log:
- Fixed bug #670: Xdebug crashes with broken "break x" code.
Changed paths:
A xdebug/branches/xdebug_2_1/tests/bug00670.phpt
U xdebug/branches/xdebug_2_1/xdebug_code_coverage.c
A xdebug/trunk/tests/bug00670.phpt
U xdebug/trunk/xdebug_code_coverage.c
Added: xdebug/branches/xdebug_2_1/tests/bug00670.phpt
===================================================================
--- xdebug/branches/xdebug_2_1/tests/bug00670.phpt (rev 0)
+++ xdebug/branches/xdebug_2_1/tests/bug00670.phpt 2011-03-10 15:34:39 UTC (rev 3407)
@@ -0,0 +1,9 @@
+--TEST--
+Test for bug #670: Xdebug crashes with broken "break x" code.
+--FILE--
+<?php
+xdebug_start_code_coverage( XDEBUG_CC_DEAD_CODE | XDEBUG_CC_UNUSED );
+include '670-ConsistentHashing.php';
+echo "OK\n";
+--EXPECT--
+OK
Modified: xdebug/branches/xdebug_2_1/xdebug_code_coverage.c
===================================================================
--- xdebug/branches/xdebug_2_1/xdebug_code_coverage.c 2011-02-28 22:49:54 UTC (rev 3406)
+++ xdebug/branches/xdebug_2_1/xdebug_code_coverage.c 2011-03-10 15:34:39 UTC (rev 3407)
@@ -330,6 +330,10 @@
nest_levels = nest_levels_zval->value.lval;
do {
+ if (array_offset == -1) {
+ // broken break/continue in code
+ return NULL;
+ }
jmp_to = &op_array->brk_cont_array[array_offset];
array_offset = jmp_to->parent;
} while (--nest_levels > 0);
@@ -364,8 +368,13 @@
&& opcode.op1.u.jmp_addr != (zend_op*) 0xFFFFFFFF
) {
el = xdebug_find_brk_cont(&opcode.op2.u.constant, opcode.op1.u.opline_num, opa);
- *jmp1 = opcode.opcode == ZEND_BRK ? el->brk : el->cont;
- return 1;
+ if (el) {
+ *jmp1 = opcode.opcode == ZEND_BRK ? el->brk : el->cont;
+ return 1;
+ } else {
+ // broken break/continue in code
+ return 0;
+ }
}
} else if (opcode.opcode == ZEND_FE_RESET || opcode.opcode == ZEND_FE_FETCH) {
*jmp1 = position + 1;
Added: xdebug/trunk/tests/bug00670.phpt
===================================================================
--- xdebug/trunk/tests/bug00670.phpt (rev 0)
+++ xdebug/trunk/tests/bug00670.phpt 2011-03-10 15:34:39 UTC (rev 3407)
@@ -0,0 +1,9 @@
+--TEST--
+Test for bug #670: Xdebug crashes with broken "break x" code.
+--FILE--
+<?php
+xdebug_start_code_coverage( XDEBUG_CC_DEAD_CODE | XDEBUG_CC_UNUSED );
+include '670-ConsistentHashing.php';
+echo "OK\n";
+--EXPECT--
+OK
Modified: xdebug/trunk/xdebug_code_coverage.c
===================================================================
--- xdebug/trunk/xdebug_code_coverage.c 2011-02-28 22:49:54 UTC (rev 3406)
+++ xdebug/trunk/xdebug_code_coverage.c 2011-03-10 15:34:39 UTC (rev 3407)
@@ -338,6 +338,10 @@
nest_levels = nest_levels_zval->value.lval;
do {
+ if (array_offset == -1) {
+ // broken break/continue in code
+ return NULL;
+ }
jmp_to = &op_array->brk_cont_array[array_offset];
array_offset = jmp_to->parent;
} while (--nest_levels > 0);
@@ -376,8 +380,13 @@
#else
el = xdebug_find_brk_cont(&opcode.op2.u.constant, opcode.op1.u.opline_num, opa);
#endif
- *jmp1 = opcode.opcode == ZEND_BRK ? el->brk : el->cont;
- return 1;
+ if (el) {
+ *jmp1 = opcode.opcode == ZEND_BRK ? el->brk : el->cont;
+ return 1;
+ } else {
+ // broken break/continue in code
+ return 0;
+ }
}
} else if (opcode.opcode == ZEND_FE_RESET || opcode.opcode == ZEND_FE_FETCH) {
*jmp1 = position + 1;
Received on Thu Mar 10 2011 - 15:34:39 GMT
This archive was generated by hypermail 2.2.0 : Sun Jun 24 2018 - 04:00:03 BST