[pull] master from php:master

Zend/tests/stack_limit/stack_limit_015.phpt

@@ -0,0 +1,71 @@
+--TEST--
+Stack limit 015 - Internal stack limit check in zend_compile_var()
+--CREDITS--
+abdullahasif88
+--SKIPIF--
+<?php
+if (!function_exists('zend_test_zend_call_stack_get')) die("skip zend_test_zend_call_stack_get() is not available");
+?>
+--EXTENSIONS--
+zend_test
+--INI--
+zend.max_allowed_stack_size=128K
+--FILE--
+<?php
+
+$test
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+    ->p->p->p->p->p->p->p->p->p->p
+;
+
+?>
+--EXPECTF--
+Fatal error: Maximum call stack size of %d bytes (zend.max_allowed_stack_size - zend.reserved_stack_size) reached during compilation. Try splitting expression in %s on line %d

Zend/zend_compile.c

@@ -11677,6 +11677,8 @@ static zend_op *zend_compile_var_inner(znode *result, zend_ast *ast, uint32_t ty
 
 static zend_op *zend_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
 {
+	zend_check_stack_limit();
+
 	uint32_t checkpoint = zend_short_circuiting_checkpoint();
 	zend_op *opcode = zend_compile_var_inner(result, ast, type, by_ref);
 	zend_short_circuiting_commit(checkpoint, result, ast);
@@ -11685,6 +11687,8 @@ static zend_op *zend_compile_var(znode *result, zend_ast *ast, uint32_t type, bo
 
 static zend_op *zend_delayed_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
 {
+	zend_check_stack_limit();
+
 	switch (ast->kind) {
 		case ZEND_AST_VAR:
 			return zend_compile_simple_var(result, ast, type, 1);

ext/pdo/pdo_stmt.c

@@ -209,7 +209,7 @@ PDO_API void php_pdo_stmt_set_column_count(pdo_stmt_t *stmt, int new_count)
 static void get_lazy_object(pdo_stmt_t *stmt, zval *return_value) /* {{{ */
 {
 	if (Z_ISUNDEF(stmt->lazy_object_ref)) {
-		pdo_row_t *row = ecalloc(1, sizeof(pdo_row_t));
+		pdo_row_t *row = zend_object_alloc(sizeof(pdo_row_t), pdo_row_ce);
 		row->stmt = stmt;
 		zend_object_std_init(&row->std, pdo_row_ce);
 		ZVAL_OBJ(&stmt->lazy_object_ref, &row->std);
@@ -2462,7 +2462,7 @@ void pdo_row_free_storage(zend_object *std)
 
 zend_object *pdo_row_new(zend_class_entry *ce)
 {
-	pdo_row_t *row = ecalloc(1, sizeof(pdo_row_t));
+	pdo_row_t *row = zend_object_alloc(sizeof(pdo_row_t), ce);
 	zend_object_std_init(&row->std, ce);
 
 	return &row->std;

ext/pdo/php_pdo_driver.h

@@ -605,7 +605,6 @@ struct _pdo_stmt_t {
 	/* for lazy fetches, we always return the same lazy object handle.
 	 * Let's keep it here. */
 	zval lazy_object_ref;
-	zend_ulong refcount;
 
 	/* defaults for fetches */
 	enum pdo_fetch_type default_fetch_type;