FAQ
Commit: 321f4f18e52bfabe19fb9217dff0bf661d48e5d3
Author: Nikita Popov <nikic@php.net> Wed, 30 Jan 2013 20:23:39 +0100
Parents: ec53b60072799704a0d94cdd935bdf54bd5e5344
Branches: PHP-5.3 PHP-5.4 master

Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=321f4f18e52bfabe19fb9217dff0bf661d48e5d3

Log:
Fixed bug #64106: Segfault on SplFixedArray[][x] = y when extended

Bugs:
https://bugs.php.net/64106

Changed paths:
M NEWS
M ext/spl/spl_array.c
M ext/spl/spl_fixedarray.c
A ext/spl/tests/bug64106.phpt


Diff:
diff --git a/NEWS b/NEWS
index 24a1ba8..c230d22 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,9 @@ PHP NEWS
- FPM:
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)

+- SPL:
+ . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)
+
17 Jan 2013, PHP 5.3.21

- Zend Engine:
diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c
index 7c2e148..7d6f314 100644
--- a/ext/spl/spl_array.c
+++ b/ext/spl/spl_array.c
@@ -387,7 +387,11 @@ static zval *spl_array_read_dimension_ex(int check_inherited, zval *object, zval
spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(object TSRMLS_CC);
if (intern->fptr_offset_get) {
zval *rv;
- SEPARATE_ARG_IF_REF(offset);
+ if (!offset) {
+ ALLOC_INIT_ZVAL(offset);
+ } else {
+ SEPARATE_ARG_IF_REF(offset);
+ }
zend_call_method_with_1_params(&object, Z_OBJCE_P(object), &intern->fptr_offset_get, "offsetGet", &rv, offset);
zval_ptr_dtor(&offset);
if (rv) {
diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c
index 559cac2..1d18afd 100644
--- a/ext/spl/spl_fixedarray.c
+++ b/ext/spl/spl_fixedarray.c
@@ -361,7 +361,11 @@ static zval *spl_fixedarray_object_read_dimension(zval *object, zval *offset, in

if (intern->fptr_offset_get) {
zval *rv;
- SEPARATE_ARG_IF_REF(offset);
+ if (!offset) {
+ ALLOC_INIT_ZVAL(offset);
+ } else {
+ SEPARATE_ARG_IF_REF(offset);
+ }
zend_call_method_with_1_params(&object, intern->std.ce, &intern->fptr_offset_get, "offsetGet", &rv, offset);
zval_ptr_dtor(&offset);
if (rv) {
diff --git a/ext/spl/tests/bug64106.phpt b/ext/spl/tests/bug64106.phpt
new file mode 100644
index 0000000..855caef
--- /dev/null
+++ b/ext/spl/tests/bug64106.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #64106: Segfault on SplFixedArray[][x] = y when extended
+--FILE--
+<?php
+
+class MyFixedArray extends SplFixedArray {
+ public function offsetGet($offset) {}
+}
+
+$array = new MyFixedArray(10);
+$array[][1] = 10;
+
+?>
+--EXPECTF--
+Notice: Indirect modification of overloaded element of MyFixedArray has no effect in %s on line %d

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-cvs @
categoriesphp
postedJan 30, '13 at 7:39p
activeJan 30, '13 at 7:39p
posts1
users1
websitephp.net

1 user in discussion

Nikita Popov: 1 post

People

Translate

site design / logo © 2019 Grokbase