bug64106.phpt

Nikita Popov Wed, 30 Jan 2013 11:45:57 -0800

Commit:    f540e086e26280036f868c8bb5df458364f71f02
Author:    Nikita Popov <ni...@php.net>         Wed, 30 Jan 2013 20:23:39 +0100
Parents:   86b364380720005f4e460eb99317f4ddfef25c52
Branches:  PHP-5.5


Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=f540e086e26280036f868c8bb5df458364f71f02

Log:
Fixed bug #64106: Segfault on SplFixedArray[][x] = y when extended

Bugs:
https://bugs.php.net/64106

Changed paths:
  M  ext/spl/spl_array.c
  M  ext/spl/spl_fixedarray.c
  A  ext/spl/tests/bug64106.phpt


Diff:
diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c
index 479c148..40efc43 100644
--- a/ext/spl/spl_array.c
+++ b/ext/spl/spl_array.c
@@ -381,7 +381,11 @@ static zval *spl_array_read_dimension_ex(int 
check_inherited, zval *object, zval
                spl_array_object *intern = 
(spl_array_object*)zend_object_store_get_object(object TSRMLS_CC);
                if (intern->fptr_offset_get) {
                        zval *rv;
-                       SEPARATE_ARG_IF_REF(offset);
+                       if (!offset) {
+                               ALLOC_INIT_ZVAL(offset);
+                       } else {
+                               SEPARATE_ARG_IF_REF(offset);
+                       }
                        zend_call_method_with_1_params(&object, 
Z_OBJCE_P(object), &intern->fptr_offset_get, "offsetGet", &rv, offset); 
                        zval_ptr_dtor(&offset);
                        if (rv) {
diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c
index 1d51e0f..c9aec75 100644
--- a/ext/spl/spl_fixedarray.c
+++ b/ext/spl/spl_fixedarray.c
@@ -378,7 +378,11 @@ static zval *spl_fixedarray_object_read_dimension(zval 
*object, zval *offset, in
 
        if (intern->fptr_offset_get) {
                zval *rv;
-               SEPARATE_ARG_IF_REF(offset);
+               if (!offset) {
+                       ALLOC_INIT_ZVAL(offset);
+               } else {
+                       SEPARATE_ARG_IF_REF(offset);
+               }
                zend_call_method_with_1_params(&object, intern->std.ce, 
&intern->fptr_offset_get, "offsetGet", &rv, offset);
                zval_ptr_dtor(&offset);
                if (rv) {
diff --git a/ext/spl/tests/bug64106.phpt b/ext/spl/tests/bug64106.phpt
new file mode 100644
index 0000000..855caef
--- /dev/null
+++ b/ext/spl/tests/bug64106.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #64106: Segfault on SplFixedArray[][x] = y when extended
+--FILE--
+<?php
+
+class MyFixedArray extends SplFixedArray {
+    public function offsetGet($offset) {}
+}
+
+$array = new MyFixedArray(10);
+$array[][1] = 10;
+
+?>
+--EXPECTF--
+Notice: Indirect modification of overloaded element of MyFixedArray has no 
effect in %s on line %d


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] com php-src: Fixed bug #64106: Segfault on SplFixedArray[][x] = y when extended: ext/spl/spl_array.c ext/spl/spl_fixedarray.c ext/spl/tests/bug64106.phpt

Reply via email to