From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 22 Jul 2020 09:31:15 +0000 (+0200)
Subject: Check dual_it validity in CallbackFilterIterator::accept()
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e6ae1bf4898f2f48c3521dba0d465bab706557eb;p=php

Check dual_it validity in CallbackFilterIterator::accept()

Avoid accessing intern->u.cbfilter null pointer, though it's
harmless here.
---

diff --git a/ext/spl/spl_iterators.c b/ext/spl/spl_iterators.c
index cee2b7b39f..311cc880b1 100644
--- a/ext/spl/spl_iterators.c
+++ b/ext/spl/spl_iterators.c
@@ -1767,23 +1767,25 @@ PHP_METHOD(RegexIterator, __construct)
 /* {{{ Calls the callback with the current value, the current key and the inner iterator as arguments */
 PHP_METHOD(CallbackFilterIterator, accept)
 {
-	spl_dual_it_object     *intern = Z_SPLDUAL_IT_P(ZEND_THIS);
-	zend_fcall_info        *fci = &intern->u.cbfilter->fci;
-	zend_fcall_info_cache  *fcc = &intern->u.cbfilter->fcc;
-	zval                    params[3];
+	spl_dual_it_object *intern = Z_SPLDUAL_IT_P(ZEND_THIS);
 
 	if (zend_parse_parameters_none() == FAILURE) {
 		RETURN_THROWS();
 	}
 
+	SPL_FETCH_AND_CHECK_DUAL_IT(intern, ZEND_THIS);
+
 	if (Z_TYPE(intern->current.data) == IS_UNDEF || Z_TYPE(intern->current.key) == IS_UNDEF) {
 		RETURN_FALSE;
 	}
 
+	zval params[3];
 	ZVAL_COPY_VALUE(&params[0], &intern->current.data);
 	ZVAL_COPY_VALUE(&params[1], &intern->current.key);
 	ZVAL_COPY_VALUE(&params[2], &intern->inner.zobject);
 
+	zend_fcall_info *fci = &intern->u.cbfilter->fci;
+	zend_fcall_info_cache *fcc = &intern->u.cbfilter->fcc;
 	fci->retval = return_value;
 	fci->param_count = 3;
 	fci->params = params;
@@ -1791,10 +1793,6 @@ PHP_METHOD(CallbackFilterIterator, accept)
 	if (zend_call_function(fci, fcc) != SUCCESS || Z_ISUNDEF_P(return_value)) {
 		RETURN_FALSE;
 	}
-
-	if (EG(exception)) {
-		RETURN_THROWS();
-	}
 }
 /* }}} */