]> granicus.if.org Git - php/commitdiff
Fixed memory allocation bugs in array_reduce() with initial value (#22463 & #24980)
authorDmitry Stogov <dmitry@php.net>
Wed, 8 Jun 2005 19:55:01 +0000 (19:55 +0000)
committerDmitry Stogov <dmitry@php.net>
Wed, 8 Jun 2005 19:55:01 +0000 (19:55 +0000)
ext/standard/array.c

index 87230305132efa604608046ebf13c242258c54fb..bc0e893a1f201e7ed5e8d0df17dac89539176914 100644 (file)
@@ -3238,8 +3238,11 @@ PHP_FUNCTION(array_reduce)
        efree(callback_name);
 
        if (ZEND_NUM_ARGS() > 2) {
-               convert_to_long_ex(initial);
-               result = *initial;
+               ALLOC_ZVAL(result);
+               *result = **initial;
+               zval_copy_ctor(result);
+               convert_to_long(result);
+               INIT_PZVAL(result);
        } else {
                MAKE_STD_ZVAL(result);
                ZVAL_NULL(result);
@@ -3255,6 +3258,7 @@ PHP_FUNCTION(array_reduce)
                if (result) {
                        *return_value = *result;
                        zval_copy_ctor(return_value);
+                       zval_ptr_dtor(&result);
                }
                return;
        }