iliaa Wed Dec 5 20:04:14 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/standard/tests/array bug43495.phpt
Modified files: /php-src/ext/standard array.c /php-src NEWS Log: MFB: Fixed bug #43495 (array_merge_recursive() crashes with recursive arrays) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/array.c?r1=1.308.2.21.2.44&r2=1.308.2.21.2.45&diff_format=u Index: php-src/ext/standard/array.c diff -u php-src/ext/standard/array.c:1.308.2.21.2.44 php-src/ext/standard/array.c:1.308.2.21.2.45 --- php-src/ext/standard/array.c:1.308.2.21.2.44 Mon Dec 3 14:11:08 2007 +++ php-src/ext/standard/array.c Wed Dec 5 20:04:13 2007 @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: array.c,v 1.308.2.21.2.44 2007/12/03 14:11:08 iliaa Exp $ */ +/* $Id: array.c,v 1.308.2.21.2.45 2007/12/05 20:04:13 iliaa Exp $ */ #include "php.h" #include "php_ini.h" @@ -2314,9 +2314,10 @@ while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) { switch (zend_hash_get_current_key_ex(src, &string_key, &string_key_len, &num_key, 0, &pos)) { case HASH_KEY_IS_STRING: - if (recursive && - zend_hash_find(dest, string_key, string_key_len, (void **)&dest_entry) == SUCCESS) { - if (*src_entry == *dest_entry && ((*dest_entry)->refcount % 2)) { + if (recursive && zend_hash_find(dest, string_key, string_key_len, (void **)&dest_entry) == SUCCESS) { + HashTable *thash = HASH_OF(*dest_entry); + + if ((thash && thash->nApplyCount > 1) || (*src_entry == *dest_entry && ((*dest_entry)->refcount % 2))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion detected"); return 0; } @@ -2325,9 +2326,18 @@ convert_to_array_ex(dest_entry); convert_to_array_ex(src_entry); - if (!php_array_merge(Z_ARRVAL_PP(dest_entry), - Z_ARRVAL_PP(src_entry), recursive TSRMLS_CC)) + if (thash) { + thash->nApplyCount++; + } + if (!php_array_merge(Z_ARRVAL_PP(dest_entry), Z_ARRVAL_PP(src_entry), recursive TSRMLS_CC)) { + if (thash) { + thash->nApplyCount--; + } return 0; + } + if (thash) { + thash->nApplyCount--; + } } else { (*src_entry)->refcount++; http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1028&r2=1.2027.2.547.2.1029&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1028 php-src/NEWS:1.2027.2.547.2.1029 --- php-src/NEWS:1.2027.2.547.2.1028 Tue Dec 4 13:05:03 2007 +++ php-src/NEWS Wed Dec 5 20:04:13 2007 @@ -3,6 +3,8 @@ ?? ??? 2008, PHP 5.2.6 - Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson) +- Fixed bug #43495 (array_merge_recursive() crashes with recursive arrays). + (Ilia) - Fixed bug #43493 (pdo_pgsql does not send username on connect when password is not available). (Ilia) - Fixed bug #43482 (array_pad() does not warn on very small pad numbers). http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/array/bug43495.phpt?view=markup&rev=1.1 Index: php-src/ext/standard/tests/array/bug43495.phpt +++ php-src/ext/standard/tests/array/bug43495.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php