From: Thies C. Arntzen <thies@php.net>
Date: Sat, 4 Aug 2001 16:53:57 +0000 (+0000)
Subject: fix possible crash - we should never keep the zval** as they might point
X-Git-Tag: PRE_ENGINE2_SPLIT~71
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3884b15b9544f6d9d749d14d2b0cad9eca29a201;p=php

fix possible crash - we should never keep the zval** as they might point
somewhere into the Engine. (there's still a new bug in strtok - hunting;-)
---

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index e136a4298c..f8c8cba25b 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -894,7 +894,7 @@ PHP_RINIT_FUNCTION(basic)
 PHP_RSHUTDOWN_FUNCTION(basic)
 {
 	if (BG(strtok_zval))
-		zval_ptr_dtor(BG(strtok_zval));
+		zval_ptr_dtor(&BG(strtok_zval));
 	BG(strtok_string) = NULL;
 	BG(strtok_zval) = NULL;
 #ifdef HAVE_PUTENV
diff --git a/ext/standard/basic_functions.h b/ext/standard/basic_functions.h
index 900a1b13f5..e22a604eeb 100644
--- a/ext/standard/basic_functions.h
+++ b/ext/standard/basic_functions.h
@@ -141,7 +141,7 @@ typedef signed int php_int32;
 typedef struct {
 	HashTable *user_shutdown_function_names;
 	HashTable putenv_ht;
-	zval **strtok_zval;
+	zval *strtok_zval;
 	char *strtok_string;
 	char *locale_string;
 	char *strtok_last;
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 8cfc609549..0ca7ac5f91 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -867,8 +867,8 @@ PHP_FUNCTION(strtok)
 
 		zval_add_ref(str);
 		if (BG(strtok_zval))
-			zval_ptr_dtor(BG(strtok_zval));
-		BG(strtok_zval) = str;
+			zval_ptr_dtor(&BG(strtok_zval));
+		BG(strtok_zval) = *str;
 		
 		BG(strtok_last) = BG(strtok_string) = Z_STRVAL_PP(str);
 		BG(strtok_len) = Z_STRLEN_PP(str);