- Fixed bug #30027 (Possible crash inside ftp_get()).
(cfield at affinitysolutions dot com)
- Fixed bug #29954 (array_reduce segfaults when initial value is array). (Tony)
+- Fixed bug #29883 (isset gives invalid values on strings). (Tony, Dmitry)
- Fixed bug #29801 (Set limit on the size of mmapable data). (Ilia)
- Fixed bug #29557 (strtotime error). (Derick)
- Fixed bug #29418 (double free when openssl_csr_new fails).
--- /dev/null
+--TEST--
+Bug #29883 (isset gives invalid values on strings)
+--FILE--
+<?php
+$x = "bug";
+var_dump(isset($x[-1]));
+var_dump(isset($x["1"]));
+echo $x["1"]."\n";
+?>
+--EXPECT--
+bool(false)
+bool(true)
+u
result = Z_OBJ_HT_P(*container)->has_dimension(*container, offset, (opline->extended_value == ZEND_ISEMPTY) TSRMLS_CC);
}
} else if ((*container)->type == IS_STRING) { /* string offsets */
+ zval tmp_offset;
+
+ if (Z_TYPE_P(offset) != IS_LONG) {
+ tmp_offset = *offset;
+ zval_copy_ctor(&tmp_offset);
+ convert_to_long(&tmp_offset);
+ offset = &tmp_offset;
+ }
switch (opline->extended_value) {
case ZEND_ISSET:
- if (offset->value.lval < Z_STRLEN_PP(container)) {
+ if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
result = 1;
}
break;
case ZEND_ISEMPTY:
- if (offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
+ if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
result = 1;
}
break;
projects / php / commitdiff