From: Greg Beaver <cellog@php.net>
Date: Fri, 31 Jul 2009 23:44:52 +0000 (+0000)
Subject: fix segfault when running run-tests.php, and general potential for corruption
X-Git-Tag: php-5.4.0alpha1~191^2~2903
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=80d061b18fe29ec39f4b41f7682b247c5a50e3c7;p=php

fix segfault when running run-tests.php, and general potential for corruption

by calling php_stream_path_encode for unicode strings, php_stream_path_param_encode decrements
the refcount, but never restores it, which can cause freeing of zvals before they are done being used.
---

diff --git a/main/php_streams.h b/main/php_streams.h
index a13c323620..472885a552 100755
--- a/main/php_streams.h
+++ b/main/php_streams.h
@@ -422,6 +422,7 @@ static inline int _php_stream_path_param_encode(zval **ppzval, char **ppath, int
 		if (FAILURE == php_stream_path_encode(NULL, &path, &path_len, Z_USTRVAL_PP(ppzval), Z_USTRLEN_PP(ppzval), options, context)) {
 			return FAILURE;
 		}
+		Z_ADDREF_PP(ppzval); /* the conversion removes a refcount */
 		MAKE_STD_ZVAL(zpath);
 		ZVAL_STRINGL(zpath, path, path_len, 0);
 		Z_UNSET_ISREF_P(zpath);