laruence Sat, 25 Feb 2012 04:36:08 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=323489
Log: Fixed bug #61165 (Segfault - strip_tags()) Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_API.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_API.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -3,6 +3,7 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne) . Fixed bug #61072 (Memory leak when restoring an exception handler). Modified: php/php-src/branches/PHP_5_3/Zend/zend_API.c =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -254,10 +254,15 @@ static int parse_arg_object_to_string(zval **arg TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, IS_STRING TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; return SUCCESS; } + zval_ptr_dtor(&obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) == &std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { Modified: php/php-src/trunk/NEWS =================================================================== --- php/php-src/trunk/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -6,6 +6,7 @@ . World domination - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical Modified: php/php-src/trunk/Zend/zend_API.c =================================================================== --- php/php-src/trunk/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -262,12 +262,17 @@ static int parse_arg_object_to_string(zval **arg, char **p, int *pl, int type TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, type TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; *pl = Z_STRLEN_PP(arg); *p = Z_STRVAL_PP(arg); return SUCCESS; } + zval_ptr_dtor(&obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) == &std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php