. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
- SPL:
+ . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
/* When in a write context,
* ZE has to be fooled into thinking this is in a reference set
* by separating (if necessary) and returning as an is_ref=1 zval (even if refcount == 1) */
- if ((type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET) && !Z_ISREF_PP(ret)) {
+ if ((type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET) && !Z_ISREF_PP(ret) && ret != &EG(uninitialized_zval_ptr)) {
if (Z_REFCOUNT_PP(ret) > 1) {
zval *newval;
--- /dev/null
+--TEST--
+Bug #66127 (Segmentation fault with ArrayObject unset)
+--INI--
+error_reporting = E_ALL & ~E_NOTICE
+--FILE--
+<?php
+function crash()
+{
+ set_error_handler(function () {});
+ $var = 1;
+ trigger_error('error');
+ $var2 = $var;
+ $var3 = $var;
+ trigger_error('error');
+}
+
+$items = new ArrayObject();
+
+unset($items[0]);
+unset($items[0][0]);
+crash();
+echo "Worked!\n";
+?>
+--EXPECT--
+Worked!
echo "Done\n";
?>
--EXPECTF--
+Notice: Indirect modification of overloaded element of ArrayIterator has no effect in %s on line %d
+
Fatal error: Cannot assign by reference to overloaded object in %s on line %d
projects / php / commitdiff