Fixed bug #75193 segfault in collator_convert_object_to_string

diff --git a/ext/intl/collator/collator_sort.c b/ext/intl/collator/collator_sort.c
index 1ad42d3660f076c2e176b37347100403202ccacc..7e7bde671f6b931c30f38120f3d191b35db32965 100644 (file)
--- a/ext/intl/collator/collator_sort.c
+++ b/ext/intl/collator/collator_sort.c
@@ -59,8 +59,12 @@ static int collator_regular_compare_function(zval *result, zval *op1, zval *op2)
        zval norm1, norm2;
        zval *num1_p = NULL, *num2_p = NULL;
        zval *norm1_p = NULL, *norm2_p = NULL;
-       zval* str1_p  = collator_convert_object_to_string( op1, &str1 );
-       zval* str2_p  = collator_convert_object_to_string( op2, &str2 );
+       zval *str1_p, *str2_p;
+
+       ZVAL_NULL(&str1);
+       str1_p  = collator_convert_object_to_string( op1, &str1 );
+       ZVAL_NULL(&str2);
+       str2_p  = collator_convert_object_to_string( op2, &str2 );
 
        /* If both args are strings AND either of args is not numeric string
         * then use ICU-compare. Otherwise PHP-compare. */

diff --git a/ext/intl/tests/bug75193.phpt b/ext/intl/tests/bug75193.phpt
new file mode 100644 (file)
index 0000000..d6c32db
--- /dev/null
+++ b/ext/intl/tests/bug75193.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #75193 segfault in collator_convert_object_to_string
+--SKIPIF--
+<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+--FILE--
+<?php
+$a = new \Collator('en_US');
+$b = [new stdclass, new stdclass];
+var_dump($a->sort($b));
+?>
+===DONE===
+--EXPECT--
+bool(true)
+===DONE===