From: Dmitry Stogov Date: Thu, 1 Sep 2005 12:00:37 +0000 (+0000) Subject: Fixed bug #34277 (array_filter() crashes with references and objects) X-Git-Tag: php-5.1.0RC2_PRE~36 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e615889d6b433dfd171b89e8be40d1abe8ccbb31;p=php Fixed bug #34277 (array_filter() crashes with references and objects) --- diff --git a/NEWS b/NEWS index b157fe6ff2..525ff3e2c0 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,8 @@ PHP NEWS - Fixed bug #34299 (ReflectionClass::isInstantiable() returns true for abstract classes). (Marcus) - Fixed bug #34284 (CLI phpinfo showing html on _SERVER["argv"]). (Jani) +- Fixed bug #34277 (array_filter() crashes with references and objects). + (Dmitry) - Fixed bug #34276 (setAttributeNS doesn't work with default namespace). (Rob) - Fixed bug #34257 (lib64 not handled correctly in ming extension). (Marcus) - Fixed bug #34221 (Compiling xmlrpc as shared fails other parts). (Jani) diff --git a/ext/standard/array.c b/ext/standard/array.c index e34c915e2f..f3b50b9d79 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -4117,6 +4117,7 @@ PHP_FUNCTION(array_reduce) PHP_FUNCTION(array_filter) { zval **input, **callback = NULL; + zval *array; zval **operand; zval **args[1]; zval *retval = NULL; @@ -4136,6 +4137,7 @@ PHP_FUNCTION(array_filter) php_error_docref(NULL TSRMLS_CC, E_WARNING, "The first argument should be an array"); return; } + array = *input; if (ZEND_NUM_ARGS() > 1) { if (!zend_is_callable(*callback, 0, &callback_name)) { @@ -4147,13 +4149,13 @@ PHP_FUNCTION(array_filter) } array_init(return_value); - if (zend_hash_num_elements(Z_ARRVAL_PP(input)) == 0) { + if (zend_hash_num_elements(Z_ARRVAL_P(array)) == 0) { return; } - for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(input), &pos); - zend_hash_get_current_data_ex(Z_ARRVAL_PP(input), (void **)&operand, &pos) == SUCCESS; - zend_hash_move_forward_ex(Z_ARRVAL_PP(input), &pos)) { + for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(array), &pos); + zend_hash_get_current_data_ex(Z_ARRVAL_P(array), (void **)&operand, &pos) == SUCCESS; + zend_hash_move_forward_ex(Z_ARRVAL_P(array), &pos)) { if (callback) { zend_fcall_info fci; @@ -4186,7 +4188,7 @@ PHP_FUNCTION(array_filter) } zval_add_ref(operand); - switch (zend_hash_get_current_key_ex(Z_ARRVAL_PP(input), &string_key, &string_key_len, &num_key, 0, &pos)) { + switch (zend_hash_get_current_key_ex(Z_ARRVAL_P(array), &string_key, &string_key_len, &num_key, 0, &pos)) { case HASH_KEY_IS_STRING: zend_hash_update(Z_ARRVAL_P(return_value), string_key, string_key_len, operand, sizeof(zval *), NULL); break; diff --git a/ext/standard/tests/array/bug34227.phpt b/ext/standard/tests/array/bug34227.phpt new file mode 100755 index 0000000000..51064ae8a8 --- /dev/null +++ b/ext/standard/tests/array/bug34227.phpt @@ -0,0 +1,100 @@ +--TEST-- +Bug #34277 (array_filter() crashes with references and objects) +--FILE-- +m2(); + } + + function m2() + { + $this->m3(); + } + + function m3() + { + $this->m4(); + } + + function m4() + { + $this->m5(); + } + + function m5() + { + $this->m6(); + } + + function m6() + { + $this->m7(); + } + + function m7() + { + $this->m8(); + } + + function m8() + { + $this->m9(); + } + + function m9() + { + $this->m10(); + } + + function m10() + { + $this->m11(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); + } + + function m11($a1, $a2, $a3, $a4, $a5, $a6, $a7, $a8, $a9, $a10) + { + $arr = explode('a', 'b'); + } +} + +function f($str) +{ + $obj =& new C; + $obj->m1(); + return TRUE; +} + +function p5($a1, $a2, $a3, $a4, $a5, $a6, $a7, $a8, $a9, $a10, $a11, $a12) +{ + $ret = array_filter(array(0), 'f'); +} + +function p4() +{ + p5(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12); +} + +function p3() +{ + p4(); +} + +function p2() +{ + p3(); +} + +function p1() +{ + p2(); +} + +p1(); +echo "ok\n"; +?> +--EXPECT-- +ok