[PHP-CVS] cvs: php-src /ext/spl spl_fastarray.c

Fri, 06 Jun 2008 18:46:44 -0700 

colder          Sat Jun  7 01:46:27 2008 UTC

  Modified files:              
    /php-src/ext/spl    spl_fastarray.c 
  Log:
  Fix segfault caused by get_current_data on an uninitialized element
  
http://cvs.php.net/viewvc.cgi/php-src/ext/spl/spl_fastarray.c?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/spl/spl_fastarray.c
diff -u php-src/ext/spl/spl_fastarray.c:1.1 php-src/ext/spl/spl_fastarray.c:1.2
--- php-src/ext/spl/spl_fastarray.c:1.1 Fri Jun  6 23:53:10 2008
+++ php-src/ext/spl/spl_fastarray.c     Sat Jun  7 01:46:27 2008
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: spl_fastarray.c,v 1.1 2008/06/06 23:53:10 colder Exp $ */
+/* $Id: spl_fastarray.c,v 1.2 2008/06/07 01:46:27 colder Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -279,24 +279,22 @@
 static inline zval 
**spl_fastarray_object_read_dimension_helper(spl_fastarray_object *intern, zval 
*offset TSRMLS_DC) /* {{{ */
 {
        long index;
-       zval **retval;
 
        index = spl_offset_convert_to_long(offset TSRMLS_CC);
        
        if (index < 0 || index >= intern->array->size) {
                zend_throw_exception(spl_ce_RuntimeException, "Index invalid or 
out of range", 0 TSRMLS_CC);
-               return NULL;
+               return &EG(uninitialized_zval_ptr);
+       } else if(!intern->array->elements[index]) {
+               return &EG(uninitialized_zval_ptr);
        } else {
-               retval = &intern->array->elements[index];
+               return &intern->array->elements[index];
        }
-
-       return retval;
 }
 /* }}} */
 
 static zval *spl_fastarray_object_read_dimension(zval *object, zval *offset, 
int type TSRMLS_DC) /* {{{ */
 {
-       zval                 **value_pp;
        spl_fastarray_object *intern;
 
        intern = (spl_fastarray_object *)zend_object_store_get_object(object 
TSRMLS_CC);
@@ -315,12 +313,7 @@
                return EG(uninitialized_zval_ptr);
        }
 
-       value_pp = spl_fastarray_object_read_dimension_helper(intern, offset 
TSRMLS_CC);
-       if (value_pp) {
-               return *value_pp;
-       } else {
-               return EG(uninitialized_zval_ptr);
-       }
+       return *spl_fastarray_object_read_dimension_helper(intern, offset 
TSRMLS_CC);
 }
 /* }}} */
 
@@ -574,9 +567,7 @@
        intern    = (spl_fastarray_object 
*)zend_object_store_get_object(getThis() TSRMLS_CC);
        value_pp  = spl_fastarray_object_read_dimension_helper(intern, zindex 
TSRMLS_CC);
 
-       if (value_pp) {
-               RETURN_ZVAL(*value_pp, 1, 0);
-       }
+       RETURN_ZVAL(*value_pp, 1, 0);
 } /* }}} */
 
 /* {{{ proto void SplFastArray::offsetSet(mixed $index, mixed $newval) U
@@ -676,14 +667,16 @@
                        MAKE_STD_ZVAL(intern->retval);
                        ZVAL_ZVAL(intern->retval, rv, 1, 1);
                        *data = &intern->retval;
+                       return;
                }
+               *data = NULL;
                return;
        }
 
        ALLOC_INIT_ZVAL(zindex);
        ZVAL_LONG(zindex, iterator->object->current);
 
-       *data  = spl_fastarray_object_read_dimension_helper(iterator->object, 
zindex TSRMLS_CC);
+       *data = spl_fastarray_object_read_dimension_helper(intern, zindex 
TSRMLS_CC);
 
        zval_ptr_dtor(&zindex);
 }
@@ -785,9 +778,7 @@
 
        zval_ptr_dtor(&zindex);
 
-       if (value_pp) {
-               RETURN_ZVAL(*value_pp, 1, 0);
-       }
+       RETURN_ZVAL(*value_pp, 1, 0);
 }
 /* }}} */
 



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to