Fix bug #46311: Pointer aliasing issue results in miscompile on gcc4.4

nikic · nikic · commit fc16b923135b · 2013-08-22T10:56:50.000+02:00
The code violated the strict aliasing restriction, because it
dereferenced the same pointer as zval** once and as void**
afterwards. Now both occurances dereference void** and cast to
zval* in the former case.
diff --git a/NEWS b/NEWS
@@ -7,6 +7,8 @@ PHP                                                                        NEWS
     --enable-dtrace). (Chris Jones, Kris Van Hees)
   . Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
   . Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
+  . Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4).
+    (Nikita Popov)
 
 - cURL:
   . Fixed bug #65458 (curl memory leak). (Adam)
diff --git a/Zend/zend_execute.h b/Zend/zend_execute.h
@@ -293,7 +293,7 @@ static zend_always_inline void zend_vm_stack_clear_multiple(int nested TSRMLS_DC
  	void **end = p - (int)(zend_uintptr_t)*p;
 
 	while (p != end) {
-		zval *q = *(zval **)(--p);
+		zval *q = *(--p);
 		*p = NULL;
 		i_zval_ptr_dtor(q ZEND_FILE_LINE_CC);
 	}

Original file line number	Diff line number	Diff line change
`@@ -293,7 +293,7 @@ static zend_always_inline void zend_vm_stack_clear_multiple(int nested TSRMLS_DC`
`293`	`293`	`void *end = p - (int)(zend_uintptr_t)p;`
`294`	`294`
`295`	`295`	`while (p != end) {`
`296`		`- zval q = (zval **)(--p);`
	`296`	`+ zval q = (--p);`
`297`	`297`	`*p = NULL;`
`298`	`298`	`i_zval_ptr_dtor(q ZEND_FILE_LINE_CC);`
`299`	`299`	`}`