mwilliams
ed6ac5d10f
The code was assuming that the result of the assignment would be the value assigned, but its actually a new string containing the first character of the value assigned. The result was that the SetM had already decRef'd the rhs, and then the jitted code decRef'd it again. Since that last decRef was a decRefNZ, we would often get away with simply leaking both the original rhs and the value of the SetM. But the new testcase crashes in a DEBUG build without the fix.
11 linhas
179 B
PHP
11 linhas
179 B
PHP
<?php
|
|
function bar($a) {}
|
|
function baz() {
|
|
$cipher = 'abcdefghij';
|
|
$pos = 4;
|
|
$random_byte = chr(25);
|
|
$cipher[$pos] = $random_byte;
|
|
var_dump(ord($random_byte));
|
|
}
|
|
baz();
|