]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 456d5e9)
- MFH: Fixed bug #47572 (zval_update_constant_ex: Segmentation fault)
authorFelipe Pena <felipe@php.net>
Thu, 5 Mar 2009 16:25:43 +0000 (16:25 +0000)
committerFelipe Pena <felipe@php.net>
Thu, 5 Mar 2009 16:25:43 +0000 (16:25 +0000)
Zend/tests/bug47572.phpt [new file with mode: 0644] patch | blob
Zend/zend_execute_API.c patch | blob | history

diff --git a/Zend/tests/bug47572.phpt b/Zend/tests/bug47572.phpt
new file mode 100644 (file)
index 0000000..695cc3a
--- /dev/null
+++ b/Zend/tests/bug47572.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #47572 (zval_update_constant_ex: Segmentation fault)
+--FILE--
+<?php
+
+class Foo {
+  public static $bar = array(
+    FOO => "bar"
+    );
+
+}
+
+$foo = new Foo();
+
+?>
+--EXPECTF--
+Notice: Use of undefined constant FOO - assumed 'FOO' in %s on line %d
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 36240eefce5481ea8eb11211053b174255c4e475..f0f823719bc94080e846677a2449361d7a4a4346 100644 (file)
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -575,7 +575,7 @@ ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *sco
        } else if (Z_TYPE_P(p) == IS_CONSTANT_ARRAY) {
                zval **element, *new_val;
                char *str_index;
-               uint str_index_len;
+               uint str_index_len = 0;
                ulong num_index;
                int ret;
 
@@ -613,9 +613,11 @@ ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *sco
                                        str_index = colon;
                                } else {
                                        if (str_index[str_index_len - 2] & IS_CONSTANT_UNQUALIFIED) {
-                                               actual = (char *)zend_memrchr(str_index, '\\', str_index_len - 3) + 1;
+                                               if ((actual = (char *)zend_memrchr(str_index, '\\', str_index_len - 3))) {
+                                                       actual++;
                                                str_index_len -= (actual - str_index);
-                                               str_index = actual;
+                                                       str_index = save;
+                                               }
                                        }
                                        if (str_index[0] == '\\') {
                                                ++str_index;
Unnamed repository; edit this file 'description' to name the repository.