dmitry Wed, 14 Sep 2011 13:18:19 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=316744
Log: Fixed bug #55578 (Segfault on implode/concat) Bug: https://bugs.php.net/55578 (Assigned) Segfault on implode/concat Changed paths: A php/php-src/branches/PHP_5_4/Zend/tests/bug55578.phpt U php/php-src/branches/PHP_5_4/Zend/zend.c A php/php-src/trunk/Zend/tests/bug55578.phpt U php/php-src/trunk/Zend/zend.c Added: php/php-src/branches/PHP_5_4/Zend/tests/bug55578.phpt =================================================================== --- php/php-src/branches/PHP_5_4/Zend/tests/bug55578.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/Zend/tests/bug55578.phpt 2011-09-14 13:18:19 UTC (rev 316744) @@ -0,0 +1,20 @@ +--TEST-- +Bug #55578 (Segfault on implode/concat) +--FILE-- +<?php +$options = array(); + +class Foo { + public function __toString() { + return 'Foo'; + } +} + +function test($options, $queryPart) { + return ''. (0 ? 1 : $queryPart); +} + +var_dump(test($options, new Foo())); +?> +--EXPECT-- +string(3) "Foo" Modified: php/php-src/branches/PHP_5_4/Zend/zend.c =================================================================== --- php/php-src/branches/PHP_5_4/Zend/zend.c 2011-09-14 13:02:46 UTC (rev 316743) +++ php/php-src/branches/PHP_5_4/Zend/zend.c 2011-09-14 13:18:19 UTC (rev 316744) @@ -257,8 +257,17 @@ { TSRMLS_FETCH(); - if (Z_OBJ_HANDLER_P(expr, cast_object) && Z_OBJ_HANDLER_P(expr, cast_object)(expr, expr_copy, IS_STRING TSRMLS_CC) == SUCCESS) { - break; + if (Z_OBJ_HANDLER_P(expr, cast_object)) { + zval *val; + + ALLOC_ZVAL(val); + INIT_PZVAL_COPY(val, expr); + zval_copy_ctor(val); + if (Z_OBJ_HANDLER_P(expr, cast_object)(val, expr_copy, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(&val); + break; + } + zval_ptr_dtor(&val); } /* Standard PHP objects */ if (Z_OBJ_HT_P(expr) == &std_object_handlers || !Z_OBJ_HANDLER_P(expr, cast_object)) { Added: php/php-src/trunk/Zend/tests/bug55578.phpt =================================================================== --- php/php-src/trunk/Zend/tests/bug55578.phpt (rev 0) +++ php/php-src/trunk/Zend/tests/bug55578.phpt 2011-09-14 13:18:19 UTC (rev 316744) @@ -0,0 +1,20 @@ +--TEST-- +Bug #55578 (Segfault on implode/concat) +--FILE-- +<?php +$options = array(); + +class Foo { + public function __toString() { + return 'Foo'; + } +} + +function test($options, $queryPart) { + return ''. (0 ? 1 : $queryPart); +} + +var_dump(test($options, new Foo())); +?> +--EXPECT-- +string(3) "Foo" Modified: php/php-src/trunk/Zend/zend.c =================================================================== --- php/php-src/trunk/Zend/zend.c 2011-09-14 13:02:46 UTC (rev 316743) +++ php/php-src/trunk/Zend/zend.c 2011-09-14 13:18:19 UTC (rev 316744) @@ -257,8 +257,17 @@ { TSRMLS_FETCH(); - if (Z_OBJ_HANDLER_P(expr, cast_object) && Z_OBJ_HANDLER_P(expr, cast_object)(expr, expr_copy, IS_STRING TSRMLS_CC) == SUCCESS) { - break; + if (Z_OBJ_HANDLER_P(expr, cast_object)) { + zval *val; + + ALLOC_ZVAL(val); + INIT_PZVAL_COPY(val, expr); + zval_copy_ctor(val); + if (Z_OBJ_HANDLER_P(expr, cast_object)(val, expr_copy, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(&val); + break; + } + zval_ptr_dtor(&val); } /* Standard PHP objects */ if (Z_OBJ_HT_P(expr) == &std_object_handlers || !Z_OBJ_HANDLER_P(expr, cast_object)) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
