projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cb3cfc9)
Correctly destroy reference in ArrayObject sort
authorNikita Popov <nikita.ppv@gmail.com>
Mon, 15 Apr 2019 11:16:16 +0000 (13:16 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Mon, 15 Apr 2019 11:21:45 +0000 (13:21 +0200)
The reference may be captured in an exception backtrace, in which
case the refcount may be more than one.

ext/spl/spl_array.c patch | blob | history

diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c
index 2806f93281f4cf2b8f8d239d7b82a13f6a5fb929..284bb71c81de794ca52d04bc2aa79b525ad3b635 100644 (file)
--- a/ext/spl/spl_array.c
+++ b/ext/spl/spl_array.c
@@ -1470,7 +1470,8 @@ exit:
                } else {
                        GC_DELREF(aht);
                }
-               efree(Z_REF(params[0]));
+               ZVAL_NULL(Z_REFVAL(params[0]));
+               zval_ptr_dtor(&params[0]);
                zend_string_free(Z_STR(function_name));
        }
 } /* }}} */
Unnamed repository; edit this file 'description' to name the repository.