From: Dmitry Stogov <dmitry@php.net>
Date: Wed, 8 Jun 2005 19:54:46 +0000 (+0000)
Subject: Fixed memory allocation bugs in array_reduce() with initial value (#22463 & #24980)
X-Git-Tag: php-5.0.5RC1~177
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5eb5dfa5362bebe74321a90b62c3a0bc0e825cdd;p=php

Fixed memory allocation bugs in array_reduce() with initial value (#22463 & #24980)
---

diff --git a/ext/standard/array.c b/ext/standard/array.c
index d2ed1c7eff..953b667507 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -3863,8 +3863,11 @@ PHP_FUNCTION(array_reduce)
 	efree(callback_name);
 
 	if (ZEND_NUM_ARGS() > 2) {
-		convert_to_long_ex(initial);
-		result = *initial;
+		ALLOC_ZVAL(result);
+		*result = **initial;
+		zval_copy_ctor(result);
+		convert_to_long(result);
+		INIT_PZVAL(result);
 	} else {
 		MAKE_STD_ZVAL(result);
 		ZVAL_NULL(result);
@@ -3880,6 +3883,7 @@ PHP_FUNCTION(array_reduce)
 		if (result) {
 			*return_value = *result;
 			zval_copy_ctor(return_value);
+			zval_ptr_dtor(&result);
 		}
 		return;
 	}