iliaa Tue Feb 5 16:02:24 2008 UTC
Modified files:
/php-src/ext/standard array.c
Log:
MFB: Fixed bug #44046 (crash inside array_slice() function with an invalid
by-ref offset).
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/array.c?r1=1.440&r2=1.441&diff_format=u
Index: php-src/ext/standard/array.c
diff -u php-src/ext/standard/array.c:1.440 php-src/ext/standard/array.c:1.441
--- php-src/ext/standard/array.c:1.440 Tue Jan 29 10:45:19 2008
+++ php-src/ext/standard/array.c Tue Feb 5 16:02:23 2008
@@ -21,7 +21,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: array.c,v 1.440 2008/01/29 10:45:19 dmitry Exp $ */
+/* $Id: array.c,v 1.441 2008/02/05 16:02:23 iliaa Exp $ */
#include "php.h"
#include "php_ini.h"
@@ -2296,17 +2296,16 @@
zval *input, /* Input array */
**entry; /* An array entry */
long offset, /* Offset to get elements from */
- length = 0;
+ length = NULL;
zend_bool preserve_keys = 0; /* Whether to preserve keys while copying
to the new array or not */
int num_in, /* Number of elements in the
input array */
pos; /* Current position in the
array */
- zval *z_length; /* How many elements to get */
zstr string_key;
uint string_key_len;
ulong num_key;
HashPosition hpos;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "al|z/b", &input,
&offset, &z_length, &preserve_keys) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "al|lb", &input,
&offset, &length, &preserve_keys) == FAILURE) {
return;
}
@@ -2314,10 +2313,7 @@
num_in = zend_hash_num_elements(Z_ARRVAL_P(input));
/* We want all entries from offset to the end if length is not passed
or length is null */
- if (ZEND_NUM_ARGS() >= 3 && Z_TYPE_P(z_length) != IS_NULL) {
- convert_to_long(z_length);
- length = Z_LVAL_P(z_length);
- } else {
+ if (length == NULL) {
length = num_in;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
