- Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)

diff --git a/NEWS b/NEWS
index 62048792702c1dab8ed315aee30abf9f7497bed2..e3e7f7d543c847119fcca6ab89ddbb9ca24d053a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -42,6 +42,8 @@ PHP                                                                        NEWS
 - SPL extension:
   . Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
     with \0). (Gustavo)
+  . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
+    (Felipe)
 
 17 Mar 2011, PHP 5.3.6
 - Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)

diff --git a/ext/spl/spl_iterators.c b/ext/spl/spl_iterators.c
index 7fa34272d967f2f6e470f7d2e31851979ad70968..9383d71992b3b3520cd4460e84c3a70799d83639 100755 (executable)
--- a/ext/spl/spl_iterators.c
+++ b/ext/spl/spl_iterators.c
@@ -360,6 +360,10 @@ next_step:
 static void spl_recursive_it_rewind_ex(spl_recursive_it_object *object, zval *zthis TSRMLS_DC)
 {
        zend_object_iterator      *sub_iter;
+       
+       if (!object->iterators) {
+               php_error_docref(NULL TSRMLS_CC, E_ERROR, "The %s instance wasn't initialized properly", Z_OBJCE_P(zthis)->name);
+       }
 
        while (object->level) {
                sub_iter = object->iterators[object->level].iterator;

diff --git a/ext/spl/tests/bug54281.phpt b/ext/spl/tests/bug54281.phpt
new file mode 100644 (file)
index 0000000..d42d9e5
--- /dev/null
+++ b/ext/spl/tests/bug54281.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #54281 (Crash in spl_recursive_it_rewind_ex)
+--FILE--
+<?php
+
+class RecursiveArrayIteratorIterator extends RecursiveIteratorIterator {
+       function __construct($it, $max_depth) { }
+}
+$it = new RecursiveArrayIteratorIterator(new RecursiveArrayIterator(array()), 2);
+
+foreach($it as $k=>$v) { }
+
+?>
+--EXPECTF--
+Fatal error: RecursiveIteratorIterator::rewind(): The RecursiveArrayIteratorIterator instance wasn't initialized properly in %s on line %d