]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5e37dec)
Fixed memory allocation bugs in array_reduce() with initial value (#22463 & #24980)
authorDmitry Stogov <dmitry@php.net>
Wed, 8 Jun 2005 19:54:46 +0000 (19:54 +0000)
committerDmitry Stogov <dmitry@php.net>
Wed, 8 Jun 2005 19:54:46 +0000 (19:54 +0000)
ext/standard/array.c patch | blob | history

diff --git a/ext/standard/array.c b/ext/standard/array.c
index d2ed1c7effcaa391a560c1324333e60931acdf30..953b66750735286362d901374c4015af0c92b343 100644 (file)
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -3863,8 +3863,11 @@ PHP_FUNCTION(array_reduce)
        efree(callback_name);
 
        if (ZEND_NUM_ARGS() > 2) {
-               convert_to_long_ex(initial);
-               result = *initial;
+               ALLOC_ZVAL(result);
+               *result = **initial;
+               zval_copy_ctor(result);
+               convert_to_long(result);
+               INIT_PZVAL(result);
        } else {
                MAKE_STD_ZVAL(result);
                ZVAL_NULL(result);
@@ -3880,6 +3883,7 @@ PHP_FUNCTION(array_reduce)
                if (result) {
                        *return_value = *result;
                        zval_copy_ctor(return_value);
+                       zval_ptr_dtor(&result);
                }
                return;
        }
Unnamed repository; edit this file 'description' to name the repository.