Fixed segfault while OOM in pack_to_hash

author Xinchen Hui <laruence@php.net>

Thu, 13 Aug 2015 14:42:18 +0000 (22:42 +0800)

committer Xinchen Hui <laruence@php.net>

Thu, 13 Aug 2015 14:42:18 +0000 (22:42 +0800)
author Xinchen Hui <laruence@php.net>
Thu, 13 Aug 2015 14:42:18 +0000 (22:42 +0800)
committer Xinchen Hui <laruence@php.net>
Thu, 13 Aug 2015 14:42:18 +0000 (22:42 +0800)
diff --git a/Zend/zend_hash.c b/Zend/zend_hash.c

index 89a5995683f813d069f8eccf56110ab7559232fb..7eaa64b1b47e6f281f61c70c87e5a261742a56e8 100644 (file)
--- a/Zend/zend_hash.c
+++ b/Zend/zend_hash.c
@@ -191,14 +191,15 @@ ZEND_API void ZEND_FASTCALL zend_hash_real_init(HashTable *ht, zend_bool packed)
  
  ZEND_API void ZEND_FASTCALL zend_hash_packed_to_hash(HashTable *ht)
  {
-       void *old_data = HT_GET_DATA_ADDR(ht);
+       void *new_data, *old_data = HT_GET_DATA_ADDR(ht);
         Bucket *old_buckets = ht->arData;
  
         HT_ASSERT(GC_REFCOUNT(ht) == 1);
         HANDLE_BLOCK_INTERRUPTIONS();
         ht->u.flags &= ~HASH_FLAG_PACKED;
+       new_data = pemalloc(HT_SIZE(ht), (ht)->u.flags & HASH_FLAG_PERSISTENT);
         ht->nTableMask = -ht->nTableSize;
-       HT_SET_DATA_ADDR(ht, pemalloc(HT_SIZE(ht), (ht)->u.flags & HASH_FLAG_PERSISTENT));
+       HT_SET_DATA_ADDR(ht, new_data);
         memcpy(ht->arData, old_buckets, sizeof(Bucket) * ht->nNumUsed);
         pefree(old_data, (ht)->u.flags & HASH_FLAG_PERSISTENT);
         zend_hash_rehash(ht);
author	Xinchen Hui <laruence@php.net>
	Thu, 13 Aug 2015 14:42:18 +0000 (22:42 +0800)
committer	Xinchen Hui <laruence@php.net>
	Thu, 13 Aug 2015 14:42:18 +0000 (22:42 +0800)