From: Felipe Pena Date: Mon, 6 Apr 2009 23:56:20 +0000 (+0000) Subject: - Fixed bug #47903 ("@" operator does not work with string offsets (PHP_5_2 only!)) X-Git-Tag: php-5.2.10RC1~238 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d52ad52511cd3071a30c20e01680c0e2e484c6e8;p=php - Fixed bug #47903 ("@" operator does not work with string offsets (PHP_5_2 only!)) (MFH: #39018) --- diff --git a/NEWS b/NEWS index b24a0e2404..d444439a92 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ PHP NEWS - Fixed memory leak in ob_get_clean/ob_get_flush. (Christian) - Fixed segfault on invalid session.save_path. (Hannes) +- Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe) - Fixed bug #47845 (PDO_Firebird omits first row from query). (Lars W) - Fixed bug #47831 (Compile warning for strnlen() in main/spprintf.c). (Ilia, rainer dot jung at kippdata dot de) diff --git a/Zend/tests/bug39304.phpt b/Zend/tests/bug39304.phpt index 9e4416c969..5ab569ba6e 100755 --- a/Zend/tests/bug39304.phpt +++ b/Zend/tests/bug39304.phpt @@ -6,4 +6,6 @@ Bug #39304 (Segmentation fault with list unpacking of string offset) list($a, $b) = $s[0]; ?> --EXPECTF-- -Fatal error: Cannot use string offset as an array in %sbug39304.php on line 3 +Notice: Uninitialized string offset: 0 in %s on line %d + +Fatal error: Cannot use string offset as an array in %sbug39304.php on line %d diff --git a/Zend/tests/bug41919.phpt b/Zend/tests/bug41919.phpt index 0ac3276b07..2c4f985ebb 100644 --- a/Zend/tests/bug41919.phpt +++ b/Zend/tests/bug41919.phpt @@ -8,4 +8,6 @@ $foo[3]->bar[1] = "bang"; echo "ok\n"; ?> --EXPECTF-- +Notice: Uninitialized string offset: 3 in %s on line %d + Fatal error: Cannot use string offset as an object in %sbug41919.php on line %d diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 3dc4ab2253..6fe169784c 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -183,7 +183,6 @@ static inline zval *_get_zval_ptr_var(znode *node, temp_variable *Ts, zend_free_ if (T->str_offset.str->type != IS_STRING || ((int)T->str_offset.offset < 0) || (T->str_offset.str->value.str.len <= (int)T->str_offset.offset)) { - zend_error(E_NOTICE, "Uninitialized string offset: %d", T->str_offset.offset); ptr->value.str.val = STR_EMPTY_ALLOC(); ptr->value.str.len = 0; } else { @@ -1133,6 +1132,9 @@ static void zend_fetch_dimension_address(temp_variable *result, zval **container break; } if (result) { + if (Z_LVAL_P(dim) < 0 || Z_STRLEN_P(container) <= Z_LVAL_P(dim)) { + zend_error(E_NOTICE, "Uninitialized string offset: %ld", Z_LVAL_P(dim)); + } container = *container_ptr; result->str_offset.str = container; PZVAL_LOCK(container);