?? ??? 2008, PHP 5.2.6
- Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
+- Fixed bug #43495 (array_merge_recursive() crashes with recursive arrays).
+ (Ilia)
- Fixed bug #43493 (pdo_pgsql does not send username on connect when password
is not available). (Ilia)
- Fixed bug #43482 (array_pad() does not warn on very small pad numbers).
while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) {
switch (zend_hash_get_current_key_ex(src, &string_key, &string_key_len, &num_key, 0, &pos)) {
case HASH_KEY_IS_STRING:
- if (recursive &&
- zend_hash_find(dest, string_key, string_key_len, (void **)&dest_entry) == SUCCESS) {
- if (*src_entry == *dest_entry && ((*dest_entry)->refcount % 2)) {
+ if (recursive && zend_hash_find(dest, string_key, string_key_len, (void **)&dest_entry) == SUCCESS) {
+ HashTable *thash = HASH_OF(*dest_entry);
+
+ if ((thash && thash->nApplyCount > 1) || (*src_entry == *dest_entry && ((*dest_entry)->refcount % 2))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion detected");
return 0;
}
convert_to_array_ex(dest_entry);
convert_to_array_ex(src_entry);
- if (!php_array_merge(Z_ARRVAL_PP(dest_entry),
- Z_ARRVAL_PP(src_entry), recursive TSRMLS_CC))
+ if (thash) {
+ thash->nApplyCount++;
+ }
+ if (!php_array_merge(Z_ARRVAL_PP(dest_entry), Z_ARRVAL_PP(src_entry), recursive TSRMLS_CC)) {
+ if (thash) {
+ thash->nApplyCount--;
+ }
return 0;
+ }
+ if (thash) {
+ thash->nApplyCount--;
+ }
} else {
(*src_entry)->refcount++;
--- /dev/null
+--TEST--
+Bug #43495 (array_merge_recursive() crashes with recursive arrays)
+--FILE--
+<?php
+$a=array("key1"=>array("key2"=>array()));
+$a["key1"]["key2"]["key3"]=&$a;
+
+$b=array("key1"=>array("key2"=>array()));
+$b["key1"]["key2"]["key3"]=&$b;
+
+array_merge_recursive($a,$b);
+
+echo "Done.\n";
+?>
+--EXPECTF--
+Warning: array_merge_recursive(): recursion detected in %s/bug43495.php on line %d
+Done.
projects / php / commitdiff