iliaa Tue Feb 5 16:02:24 2008 UTC Modified files: /php-src/ext/standard array.c Log: MFB: Fixed bug #44046 (crash inside array_slice() function with an invalid by-ref offset). http://cvs.php.net/viewvc.cgi/php-src/ext/standard/array.c?r1=1.440&r2=1.441&diff_format=u Index: php-src/ext/standard/array.c diff -u php-src/ext/standard/array.c:1.440 php-src/ext/standard/array.c:1.441 --- php-src/ext/standard/array.c:1.440 Tue Jan 29 10:45:19 2008 +++ php-src/ext/standard/array.c Tue Feb 5 16:02:23 2008 @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: array.c,v 1.440 2008/01/29 10:45:19 dmitry Exp $ */ +/* $Id: array.c,v 1.441 2008/02/05 16:02:23 iliaa Exp $ */ #include "php.h" #include "php_ini.h" @@ -2296,17 +2296,16 @@ zval *input, /* Input array */ **entry; /* An array entry */ long offset, /* Offset to get elements from */ - length = 0; + length = NULL; zend_bool preserve_keys = 0; /* Whether to preserve keys while copying to the new array or not */ int num_in, /* Number of elements in the input array */ pos; /* Current position in the array */ - zval *z_length; /* How many elements to get */ zstr string_key; uint string_key_len; ulong num_key; HashPosition hpos; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "al|z/b", &input, &offset, &z_length, &preserve_keys) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "al|lb", &input, &offset, &length, &preserve_keys) == FAILURE) { return; } @@ -2314,10 +2313,7 @@ num_in = zend_hash_num_elements(Z_ARRVAL_P(input)); /* We want all entries from offset to the end if length is not passed or length is null */ - if (ZEND_NUM_ARGS() >= 3 && Z_TYPE_P(z_length) != IS_NULL) { - convert_to_long(z_length); - length = Z_LVAL_P(z_length); - } else { + if (length == NULL) { length = num_in; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php