- Added imap_savebody() that allows message body to be written to a file. (Mike)
- Fixed imagecolorallocate() and imagecolorallocatelapha() to return FALSE
on error. (Pierre)
+- Fixed bug #36303 (foreach on error_zval produces segfault). (Dmitry)
- Fixed bug #36295 (typo in SplFileObject::flock() parameter name). (Tony)
- Fixed bug #36287 (Segfault with SplFileInfo conversion). (Marcus)
- Fixed bug #36283 (SOAPClient Compression Broken). (Dmitry)
--- /dev/null
+--TEST--
+Bug #36303 (foreach on error_zval produces segfault)
+--FILE--
+<?php
+$x="test";
+foreach($x->a->b as &$v) {
+}
+echo "ok\n";
+?>
+--EXPECTF--
+Warning: Invalid argument supplied for foreach() in %sbug36303.php on line 3
+ok
}
array_ptr = *array_ptr_ptr;
} else {
- SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+ SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ }
array_ptr = *array_ptr_ptr;
array_ptr->refcount++;
}
}
array_ptr = *array_ptr_ptr;
} else {
- SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+ SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ }
array_ptr = *array_ptr_ptr;
array_ptr->refcount++;
}
}
array_ptr = *array_ptr_ptr;
} else {
- SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+ SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ }
array_ptr = *array_ptr_ptr;
array_ptr->refcount++;
}
}
array_ptr = *array_ptr_ptr;
} else {
- SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+ SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ }
array_ptr = *array_ptr_ptr;
array_ptr->refcount++;
}
}
array_ptr = *array_ptr_ptr;
} else {
- SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+ SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+ }
array_ptr = *array_ptr_ptr;
array_ptr->refcount++;
}
projects / php / commitdiff