Commit: 321f4f18e52bfabe19fb9217dff0bf661d48e5d3 Author: Nikita Popov <ni...@php.net> Wed, 30 Jan 2013 20:23:39 +0100 Parents: ec53b60072799704a0d94cdd935bdf54bd5e5344 Branches: PHP-5.3 PHP-5.4 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=321f4f18e52bfabe19fb9217dff0bf661d48e5d3 Log: Fixed bug #64106: Segfault on SplFixedArray[][x] = y when extended Bugs: https://bugs.php.net/64106 Changed paths: M NEWS M ext/spl/spl_array.c M ext/spl/spl_fixedarray.c A ext/spl/tests/bug64106.phpt Diff: diff --git a/NEWS b/NEWS index 24a1ba8..c230d22 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,9 @@ PHP NEWS - FPM: . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) +- SPL: + . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov) + 17 Jan 2013, PHP 5.3.21 - Zend Engine: diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 7c2e148..7d6f314 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -387,7 +387,11 @@ static zval *spl_array_read_dimension_ex(int check_inherited, zval *object, zval spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(object TSRMLS_CC); if (intern->fptr_offset_get) { zval *rv; - SEPARATE_ARG_IF_REF(offset); + if (!offset) { + ALLOC_INIT_ZVAL(offset); + } else { + SEPARATE_ARG_IF_REF(offset); + } zend_call_method_with_1_params(&object, Z_OBJCE_P(object), &intern->fptr_offset_get, "offsetGet", &rv, offset); zval_ptr_dtor(&offset); if (rv) { diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c index 559cac2..1d18afd 100644 --- a/ext/spl/spl_fixedarray.c +++ b/ext/spl/spl_fixedarray.c @@ -361,7 +361,11 @@ static zval *spl_fixedarray_object_read_dimension(zval *object, zval *offset, in if (intern->fptr_offset_get) { zval *rv; - SEPARATE_ARG_IF_REF(offset); + if (!offset) { + ALLOC_INIT_ZVAL(offset); + } else { + SEPARATE_ARG_IF_REF(offset); + } zend_call_method_with_1_params(&object, intern->std.ce, &intern->fptr_offset_get, "offsetGet", &rv, offset); zval_ptr_dtor(&offset); if (rv) { diff --git a/ext/spl/tests/bug64106.phpt b/ext/spl/tests/bug64106.phpt new file mode 100644 index 0000000..855caef --- /dev/null +++ b/ext/spl/tests/bug64106.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #64106: Segfault on SplFixedArray[][x] = y when extended +--FILE-- +<?php + +class MyFixedArray extends SplFixedArray { + public function offsetGet($offset) {} +} + +$array = new MyFixedArray(10); +$array[][1] = 10; + +?> +--EXPECTF-- +Notice: Indirect modification of overloaded element of MyFixedArray has no effect in %s on line %d -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
