On Fri, Mar 25, 2016 at 6:44 AM, Nikita Popov <nikita....@gmail.com> wrote: > I don't think the current implementation is entirely correct. In particular, > it doesn't look memory-safe to me. You're doing an RW fetch on the LHS > first, then evaluate the RHS expression and then ASSIGN to the result of the > RW fetch. This means you're running user code between the RW fetch and the > assignment to it. The code of the RHS expression may cause a reallocation of > the buffer into which the INDIRECT points, making it a dangling pointer. > > Something like > > $a = [false]; > $a[0] ?:= ($a[''] = 42); > > will probably result in valgrinds. > Ah, good call. Back to the drawing board. :)
-Sara -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php