From: Dmitry Stogov Date: Thu, 1 Sep 2005 11:58:41 +0000 (+0000) Subject: Fixed bug #34277 (array_filter() crashes with references and objects) X-Git-Tag: PRE_NEW_OCI8_EXTENSION~41 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cbd1c89e81bffd53873fde924ce257026daacf30;p=php Fixed bug #34277 (array_filter() crashes with references and objects) --- diff --git a/NEWS b/NEWS index f1d7939e88..3f2bd276d6 100644 --- a/NEWS +++ b/NEWS @@ -22,5 +22,7 @@ PHP NEWS - Fixed bug #34310 (foreach($arr as $c->d => $x) crashes). (Dmitry) - Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9). (Derick) +- Fixed bug #34277 (array_filter() crashes with references and objects). + (Dmitry) - Fixed bug #33957 (gmdate('W')/date('W') sometimes returns wrong week number). (Derick) diff --git a/ext/standard/array.c b/ext/standard/array.c index cb321c9c14..53251dc4c8 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -4366,6 +4366,7 @@ PHP_FUNCTION(array_reduce) PHP_FUNCTION(array_filter) { zval **input, **callback = NULL; + zval *array; zval **operand; zval **args[1]; zval *retval = NULL; @@ -4385,6 +4386,7 @@ PHP_FUNCTION(array_filter) php_error_docref(NULL TSRMLS_CC, E_WARNING, "The first argument should be an array"); return; } + array = *input; if (ZEND_NUM_ARGS() > 1) { if (!zend_is_callable(*callback, 0, &callback_name)) { @@ -4396,13 +4398,13 @@ PHP_FUNCTION(array_filter) } array_init(return_value); - if (zend_hash_num_elements(Z_ARRVAL_PP(input)) == 0) { + if (zend_hash_num_elements(Z_ARRVAL_P(array)) == 0) { return; } - for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(input), &pos); - zend_hash_get_current_data_ex(Z_ARRVAL_PP(input), (void **)&operand, &pos) == SUCCESS; - zend_hash_move_forward_ex(Z_ARRVAL_PP(input), &pos)) { + for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(array), &pos); + zend_hash_get_current_data_ex(Z_ARRVAL_P(array), (void **)&operand, &pos) == SUCCESS; + zend_hash_move_forward_ex(Z_ARRVAL_P(array), &pos)) { zend_uchar utype; if (callback) { @@ -4436,7 +4438,7 @@ PHP_FUNCTION(array_filter) } zval_add_ref(operand); - switch (zend_hash_get_current_key_ex(Z_ARRVAL_PP(input), &string_key, &string_key_len, &num_key, 0, &pos)) { + switch (zend_hash_get_current_key_ex(Z_ARRVAL_P(array), &string_key, &string_key_len, &num_key, 0, &pos)) { case HASH_KEY_IS_STRING: utype = IS_STRING; goto ukey; diff --git a/ext/standard/tests/array/bug34227.phpt b/ext/standard/tests/array/bug34227.phpt new file mode 100755 index 0000000000..51064ae8a8 --- /dev/null +++ b/ext/standard/tests/array/bug34227.phpt @@ -0,0 +1,100 @@ +--TEST-- +Bug #34277 (array_filter() crashes with references and objects) +--FILE-- +m2(); + } + + function m2() + { + $this->m3(); + } + + function m3() + { + $this->m4(); + } + + function m4() + { + $this->m5(); + } + + function m5() + { + $this->m6(); + } + + function m6() + { + $this->m7(); + } + + function m7() + { + $this->m8(); + } + + function m8() + { + $this->m9(); + } + + function m9() + { + $this->m10(); + } + + function m10() + { + $this->m11(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); + } + + function m11($a1, $a2, $a3, $a4, $a5, $a6, $a7, $a8, $a9, $a10) + { + $arr = explode('a', 'b'); + } +} + +function f($str) +{ + $obj =& new C; + $obj->m1(); + return TRUE; +} + +function p5($a1, $a2, $a3, $a4, $a5, $a6, $a7, $a8, $a9, $a10, $a11, $a12) +{ + $ret = array_filter(array(0), 'f'); +} + +function p4() +{ + p5(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12); +} + +function p3() +{ + p4(); +} + +function p2() +{ + p3(); +} + +function p1() +{ + p2(); +} + +p1(); +echo "ok\n"; +?> +--EXPECT-- +ok