avoid invalid reads when reached memory_limit during initialization

author Antony Dovgal <tony2001@php.net>

Thu, 12 Jun 2008 12:40:07 +0000 (12:40 +0000)

committer Antony Dovgal <tony2001@php.net>

Thu, 12 Jun 2008 12:40:07 +0000 (12:40 +0000)
author Antony Dovgal <tony2001@php.net>
Thu, 12 Jun 2008 12:40:07 +0000 (12:40 +0000)
committer Antony Dovgal <tony2001@php.net>
Thu, 12 Jun 2008 12:40:07 +0000 (12:40 +0000)
diff --git a/ext/spl/spl_fastarray.c b/ext/spl/spl_fastarray.c

index e4a74064a4f15375b0a24f952b9ce0ca41069cb4..4f98f1015565e967ef577bf21a2b88f71bb7eeb3 100644 (file)
--- a/ext/spl/spl_fastarray.c
+++ b/ext/spl/spl_fastarray.c
@@ -75,6 +75,7 @@ typedef struct _spl_fastarray_it { /* {{{ */
  static void spl_fastarray_init(spl_fastarray *array, long size TSRMLS_DC) /* {{{ */
  {
         if (size > 0) {
+               array->size = 0; /* reset size in case ecalloc() fails */
                 array->elements = ecalloc(size, sizeof(zval *));
                 array->size = size;
         } else {
@@ -198,7 +199,7 @@ static void spl_fastarray_object_free_storage(void *object TSRMLS_DC) /* {{{ */
                         }
                 }
  
-               if (intern->array->elements) {
+               if (intern->array->size > 0 && intern->array->elements) {
                         efree(intern->array->elements);
                 }
                 efree(intern->array);
author	Antony Dovgal <tony2001@php.net>
	Thu, 12 Jun 2008 12:40:07 +0000 (12:40 +0000)
committer	Antony Dovgal <tony2001@php.net>
	Thu, 12 Jun 2008 12:40:07 +0000 (12:40 +0000)