From: Dmitry Stogov <dmitry@php.net>
Date: Sat, 26 Jul 2008 18:32:20 +0000 (+0000)
Subject: Added checks for destroied objects
X-Git-Tag: php-5.3.0alpha1~102
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8ee5b58bbe3dd586ec3f9dd12d7f4d8c200ed4e7;p=php

Added checks for destroied objects
---

diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index 2ec10b8239..2afb16576c 100644
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -2573,6 +2573,15 @@ ZEND_API zend_bool zend_is_callable_ex(zval *callable, zval **object_pp, uint ch
 	fcc->calling_scope = NULL;
 	fcc->object_pp = NULL;
 
+	if (object_pp && (!*object_pp ||  Z_TYPE_PP(object_pp) != IS_OBJECT)) {
+		object_pp = NULL;
+	}
+	if (object_pp &&
+	    (!EG(objects_store).object_buckets || 
+	     !EG(objects_store).object_buckets[Z_OBJ_HANDLE_PP(object_pp)].valid)) {
+		return 0;
+	}
+
 	switch (Z_TYPE_P(callable)) {
 		case IS_STRING:
 			if (object_pp && *object_pp) {
@@ -2648,6 +2657,11 @@ ZEND_API zend_bool zend_is_callable_ex(zval *callable, zval **object_pp, uint ch
 						}
 
 					} else {
+						if (!EG(objects_store).object_buckets || 
+						    !EG(objects_store).object_buckets[Z_OBJ_HANDLE_PP(obj)].valid) {
+							return 0;
+						}
+
 						fcc->calling_scope = Z_OBJCE_PP(obj); /* TBFixed: what if it's overloaded? */
 
 						fcc->object_pp = obj;
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 561bbdcf49..ed57d740af 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -744,7 +744,9 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS
 			zend_error(E_STRICT, "%s", error);
 			efree(error);
 		}
-		efree(callable_name);
+		if (callable_name) {
+			efree(callable_name);
+		}
 	}
 
 	EX(function_state).function = fci_cache->function_handler;