bug62904.phpt

Xinchen Hui Thu, 23 Aug 2012 08:24:54 -0700

Commit:    13bcf685cb0a92e502ebe39f4b22c64304a9f333
Author:    Xinchen Hui <larue...@php.net>         Thu, 23 Aug 2012 23:27:16 
+0800
Parents:   eca4fc69918c856966298435bd1133e55a3c8e58
Branches:  PHP-5.3


Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=13bcf685cb0a92e502ebe39f4b22c64304a9f333

Log:
Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)

Bugs:
https://bugs.php.net/62904

Changed paths:
  M  NEWS
  M  ext/spl/spl_fixedarray.c
  A  ext/spl/tests/bug62904.phpt


Diff:
diff --git a/NEWS b/NEWS
index 8492aa6..9af7977 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,8 @@ PHP                                                           
             NEWS
   . Fixed bug (segfault due to retval is not initialized). (Laruence)
 
 - SPL:
+  . Fixed bug #62904 (Crash when cloning an object which inherits 
SplFixedArray)
+    (Laruence)
   . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance
     gives Segmentation fault). (Laruence, Gustavo)
 
diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c
index ee8f51e..0aac6d3 100644
--- a/ext/spl/spl_fixedarray.c
+++ b/ext/spl/spl_fixedarray.c
@@ -223,10 +223,14 @@ static zend_object_value 
spl_fixedarray_object_new_ex(zend_class_entry *class_ty
        if (orig && clone_orig) {
                spl_fixedarray_object *other = 
(spl_fixedarray_object*)zend_object_store_get_object(orig TSRMLS_CC);
                intern->ce_get_iterator = other->ce_get_iterator;
-
-               intern->array = emalloc(sizeof(spl_fixedarray));
-               spl_fixedarray_init(intern->array, other->array->size 
TSRMLS_CC);
-               spl_fixedarray_copy(intern->array, other->array TSRMLS_CC);
+               if (!other->array) {
+                       /* leave a empty object, will be dtor later by CLONE 
handler */
+                       zend_throw_exception(spl_ce_RuntimeException, "The 
instance wasn't initialized properly", 0 TSRMLS_CC);
+               } else {
+                       intern->array = emalloc(sizeof(spl_fixedarray));
+                       spl_fixedarray_init(intern->array, other->array->size 
TSRMLS_CC);
+                       spl_fixedarray_copy(intern->array, other->array 
TSRMLS_CC);
+               }
        }
 
        while (parent) {
diff --git a/ext/spl/tests/bug62904.phpt b/ext/spl/tests/bug62904.phpt
new file mode 100644
index 0000000..7e392da
--- /dev/null
+++ b/ext/spl/tests/bug62904.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #62904 (Crash when cloning an object which inherits SplFixedArray)
+--FILE--
+<?php
+
+class foo extends SplFixedArray {       
+    public function __construct($size) {
+    }
+}
+
+$x = new foo(2);
+
+try {
+    $z = clone $x;
+} catch (Exception $e) {
+    var_dump($e->getMessage());
+}
+--EXPECTF--
+string(40) "The instance wasn't initialized properly"


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] com php-src: Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray): NEWS ext/spl/spl_fixedarray.c ext/spl/tests/bug62904.phpt

Reply via email to