laruence Fri, 02 Mar 2012 03:40:40 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=323782
Log: MFH: Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX) Bug: https://bugs.php.net/61058 (Assigned) array_fill leaks if start index is PHP_INT_MAX Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/standard/array.c A php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt U php/php-src/trunk/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS =================================================================== --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:40:30 UTC (rev 323781) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:40:40 UTC (rev 323782) @@ -30,6 +30,10 @@ . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) +- Array: + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). + (Laruence) + 01 Mar 2012, PHP 5.4.0 - Installation: Modified: php/php-src/branches/PHP_5_4/ext/standard/array.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/array.c 2012-03-02 03:40:30 UTC (rev 323781) +++ php/php-src/branches/PHP_5_4/ext/standard/array.c 2012-03-02 03:40:40 UTC (rev 323782) @@ -1563,12 +1563,17 @@ array_init_size(return_value, num); num--; + zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, &val, sizeof(zval *), NULL); zval_add_ref(&val); - zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, &val, sizeof(zval *), NULL); while (num--) { - zval_add_ref(&val); - zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL); + if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL) == SUCCESS) { + zval_add_ref(&val); + } else { + zval_dtor(return_value); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot add element to the array as the next element is already occupied"); + RETURN_FALSE; + } } } /* }}} */ Added: php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt 2012-03-02 03:40:40 UTC (rev 323782) @@ -0,0 +1,8 @@ +--TEST-- +Bug #61058 (array_fill leaks if start index is PHP_INT_MAX) +--FILE-- +<?php +array_fill(PHP_INT_MAX, 2, '*'); +?> +--EXPECTF-- +Warning: array_fill(): Cannot add element to the array as the next element is already occupied in %sbug61058.php on line %d Modified: php/php-src/trunk/NEWS =================================================================== --- php/php-src/trunk/NEWS 2012-03-02 03:40:30 UTC (rev 323781) +++ php/php-src/trunk/NEWS 2012-03-02 03:40:40 UTC (rev 323782) @@ -31,8 +31,4 @@ - pgsql . Added pg_escape_literal() and pg_escape_identifier() (Yasuo) -- Array: - . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). - (Laruence) - <<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
