dmitry Thu Sep 1 08:01:29 2005 EDT
Added files: (Branch: PHP_4_4)
/php-src/ext/standard/tests/array bug34227.phpt
Modified files:
/php-src NEWS
/php-src/ext/standard array.c
Log:
Fixed bug #34277 (array_filter() crashes with references and objects)
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.31&r2=1.1247.2.920.2.32&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.31 php-src/NEWS:1.1247.2.920.2.32
--- php-src/NEWS:1.1247.2.920.2.31 Tue Aug 30 18:05:13 2005
+++ php-src/NEWS Thu Sep 1 08:01:25 2005
@@ -3,6 +3,8 @@
?? ??? 2005, Version 4.4.1
- Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
(Derick)
+- Fixed bug #34277 (array_filter() crashes with references and objects).
+ (Dmitry)
- Fixed bug #34191 (ob_gzhandler does not enforce trailing \0). (Ilia)
- Fixed bug #34156 (memory usage remains elevated after memory limit is
reached). (Ilia)
http://cvs.php.net/diff.php/php-src/ext/standard/array.c?r1=1.199.2.44.2.6&r2=1.199.2.44.2.7&ty=u
Index: php-src/ext/standard/array.c
diff -u php-src/ext/standard/array.c:1.199.2.44.2.6
php-src/ext/standard/array.c:1.199.2.44.2.7
--- php-src/ext/standard/array.c:1.199.2.44.2.6 Wed Aug 10 04:24:12 2005
+++ php-src/ext/standard/array.c Thu Sep 1 08:01:27 2005
@@ -22,7 +22,7 @@
*/
-/* $Id: array.c,v 1.199.2.44.2.6 2005/08/10 08:24:12 dmitry Exp $ */
+/* $Id: array.c,v 1.199.2.44.2.7 2005/09/01 12:01:27 dmitry Exp $ */
#include "php.h"
#include "php_ini.h"
@@ -3317,6 +3317,7 @@
PHP_FUNCTION(array_filter)
{
zval **input, **callback = NULL;
+ zval *array;
zval **operand;
zval **args[1];
zval *retval = NULL;
@@ -3335,6 +3336,7 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, "The first argument
should be an array");
return;
}
+ array = *input;
if (ZEND_NUM_ARGS() > 1) {
if (!zend_is_callable(*callback, 0, &callback_name)) {
@@ -3346,12 +3348,12 @@
}
array_init(return_value);
- if (zend_hash_num_elements(Z_ARRVAL_PP(input)) == 0)
+ if (zend_hash_num_elements(Z_ARRVAL_P(array)) == 0)
return;
- for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(input), &pos);
- zend_hash_get_current_data_ex(Z_ARRVAL_PP(input), (void
**)&operand, &pos) == SUCCESS;
- zend_hash_move_forward_ex(Z_ARRVAL_PP(input), &pos)) {
+ for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(array), &pos);
+ zend_hash_get_current_data_ex(Z_ARRVAL_P(array), (void
**)&operand, &pos) == SUCCESS;
+ zend_hash_move_forward_ex(Z_ARRVAL_P(array), &pos)) {
if (callback) {
args[0] = operand;
@@ -3369,7 +3371,7 @@
continue;
zval_add_ref(operand);
- switch (zend_hash_get_current_key_ex(Z_ARRVAL_PP(input),
&string_key, &string_key_len, &num_key, 0, &pos)) {
+ switch (zend_hash_get_current_key_ex(Z_ARRVAL_P(array),
&string_key, &string_key_len, &num_key, 0, &pos)) {
case HASH_KEY_IS_STRING:
zend_hash_update(Z_ARRVAL_P(return_value),
string_key,
string_key_len, operand, sizeof(zval *), NULL);
http://cvs.php.net/co.php/php-src/ext/standard/tests/array/bug34227.phpt?r=1.1&p=1
Index: php-src/ext/standard/tests/array/bug34227.phpt
+++ php-src/ext/standard/tests/array/bug34227.phpt
--TEST--
Bug #34277 (array_filter() crashes with references and objects)
--FILE--
<?php
class C
{
function m1()
{
$this->m2();
}
function m2()
{
$this->m3();
}
function m3()
{
$this->m4();
}
function m4()
{
$this->m5();
}
function m5()
{
$this->m6();
}
function m6()
{
$this->m7();
}
function m7()
{
$this->m8();
}
function m8()
{
$this->m9();
}
function m9()
{
$this->m10();
}
function m10()
{
$this->m11(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
}
function m11($a1, $a2, $a3, $a4, $a5, $a6, $a7, $a8, $a9, $a10)
{
$arr = explode('a', 'b');
}
}
function f($str)
{
$obj =& new C;
$obj->m1();
return TRUE;
}
function p5($a1, $a2, $a3, $a4, $a5, $a6, $a7, $a8, $a9, $a10, $a11, $a12)
{
$ret = array_filter(array(0), 'f');
}
function p4()
{
p5(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12);
}
function p3()
{
p4();
}
function p2()
{
p3();
}
function p1()
{
p2();
}
p1();
echo "ok\n";
?>
--EXPECT--
ok
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
