PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2011, PHP 5.3.7
+
+- Zend Engine:
+ . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array).
+ (Dmitry)
+
- MySQL Improved extension:
. Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries).
(Andrey)
--- /dev/null
+--TEST--
+Bug #54265 (crash when variable gets reassigned in error handler)
+--FILE--
+<?php
+function my_errorhandler($errno,$errormsg) {
+ global $my_var;
+ $my_var = 0;
+ echo "EROOR: $errormsg\n";
+}
+set_error_handler("my_errorhandler");
+$my_var = str_repeat("A",$my_var[0]->errormsg = "xyz");
+echo "ok\n";
+?>
+--EXPECT--
+EROOR: Creating default object from empty value
+ok
+
(Z_TYPE_P(object) == IS_BOOL && Z_LVAL_P(object) == 0) ||
(Z_TYPE_P(object) == IS_STRING && Z_STRLEN_P(object) == 0)) {
SEPARATE_ZVAL_IF_NOT_REF(object_ptr);
- zval_dtor(*object_ptr);
- object_init(*object_ptr);
object = *object_ptr;
+ Z_ADDREF_P(object);
zend_error(E_STRICT, "Creating default object from empty value");
+ if (Z_REFCOUNT_P(object) == 1) {
+ /* object was removed by error handler, nothing to assign to */
+ zval_ptr_dtor(&object);
+ if (retval) {
+ *retval = &EG(uninitialized_zval);
+ PZVAL_LOCK(*retval);
+ }
+ FREE_OP(free_value);
+ return;
+ }
+ Z_DELREF_P(object);
+ zval_dtor(object);
+ object_init(object);
} else {
zend_error(E_WARNING, "Attempt to assign property of non-object");
if (!RETURN_VALUE_UNUSED(result)) {
projects / php / commitdiff