From: Dmitry Stogov <dmitry@php.net>
Date: Wed, 8 Jun 2005 19:55:01 +0000 (+0000)
Subject: Fixed memory allocation bugs in array_reduce() with initial value (#22463 & #24980)
X-Git-Tag: php-4.4.0RC1~11
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a82e35c290e5383016401d4177052f0e84c5e984;p=php

Fixed memory allocation bugs in array_reduce() with initial value (#22463 & #24980)
---

diff --git a/ext/standard/array.c b/ext/standard/array.c
index 8723030513..bc0e893a1f 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -3238,8 +3238,11 @@ PHP_FUNCTION(array_reduce)
 	efree(callback_name);
 
 	if (ZEND_NUM_ARGS() > 2) {
-		convert_to_long_ex(initial);
-		result = *initial;
+		ALLOC_ZVAL(result);
+		*result = **initial;
+		zval_copy_ctor(result);
+		convert_to_long(result);
+		INIT_PZVAL(result);
 	} else {
 		MAKE_STD_ZVAL(result);
 		ZVAL_NULL(result);
@@ -3255,6 +3258,7 @@ PHP_FUNCTION(array_reduce)
 		if (result) {
 			*return_value = *result;
 			zval_copy_ctor(return_value);
+			zval_ptr_dtor(&result);
 		}
 		return;
 	}