From 013059c247185935ca7921533740e767e2630311 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Fri, 25 Jul 2008 08:53:11 +0000
Subject: [PATCH] Fixed uninitialized data

---
 Zend/zend_execute_API.c         | 1 +
 ext/mysql/php_mysql.c           | 1 +
 ext/mysqli/mysqli.c             | 1 +
 ext/pdo/pdo_dbh.c               | 1 +
 ext/pdo/pdo_stmt.c              | 2 ++
 ext/pgsql/pgsql.c               | 1 +
 ext/reflection/php_reflection.c | 7 +++++++
 ext/spl/spl_directory.c         | 1 +
 ext/sqlite/sqlite.c             | 1 +
 main/streams/userspace.c        | 1 +
 10 files changed, 17 insertions(+)

diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index fbf9c78a2e..6ca0e63def 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -1380,6 +1380,7 @@ ZEND_API int zend_u_lookup_class_ex(zend_uchar type, zstr name, int name_length,
 	fcall_cache.initialized = EG(autoload_func) ? 1 : 0;
 	fcall_cache.function_handler = EG(autoload_func);
 	fcall_cache.calling_scope = NULL;
+	fcall_cache.called_scope = NULL;
 	fcall_cache.object_pp = NULL;
 
 	exception = EG(exception);
diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c
index b51b70f7db..3f9a57e4b7 100644
--- a/ext/mysql/php_mysql.c
+++ b/ext/mysql/php_mysql.c
@@ -2209,6 +2209,7 @@ static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type,
 			fcc.initialized = 1;
 			fcc.function_handler = ce->constructor;
 			fcc.calling_scope = EG(scope);
+			fcc.called_scope = Z_OBJCE_P(return_value);
 			fcc.object_pp = &return_value;
 		
 			if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index f246677539..7562e94632 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -1343,6 +1343,7 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags
 			fcc.initialized = 1;
 			fcc.function_handler = ce->constructor;
 			fcc.calling_scope = EG(scope);
+			fcc.called_scope = Z_OBJCE_P(return_value);
 			fcc.object_pp = &return_value;
 
 			if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
index 4d92bd676d..83e7ca5de7 100755
--- a/ext/pdo/pdo_dbh.c
+++ b/ext/pdo/pdo_dbh.c
@@ -483,6 +483,7 @@ static void pdo_stmt_construct(pdo_stmt_t *stmt, zval *object, zend_class_entry
 		fcc.initialized = 1;
 		fcc.function_handler = dbstmt_ce->constructor;
 		fcc.calling_scope = EG(scope);
+		fcc.called_scope = Z_OBJCE_P(object);
 		fcc.object_pp = &object;
 
 		if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c
index 980cb8570d..897775f0e5 100755
--- a/ext/pdo/pdo_stmt.c
+++ b/ext/pdo/pdo_stmt.c
@@ -753,6 +753,7 @@ static int do_fetch_class_prepare(pdo_stmt_t *stmt TSRMLS_DC) /* {{{ */
 		fcc->initialized = 1;
 		fcc->function_handler = ce->constructor;
 		fcc->calling_scope = EG(scope);
+		fcc->called_scope = ce;
 		return 1;
 	} else if (stmt->fetch.cls.ctor_args) {
 		pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "user-supplied class does not have a constructor, use NULL for the ctor_params parameter, or simply omit it" TSRMLS_CC);
@@ -849,6 +850,7 @@ static int make_callable_ex(pdo_stmt_t *stmt, zval *callable, zend_fcall_info *
 	fcc->initialized = 1;
 	fcc->function_handler = function_handler;
 	fcc->calling_scope = EG(scope);
+	fcc->called_scope = Z_OBJCE_PP(object);
 	fcc->object_pp = object;
 	
 	return 1;
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index c2d3c2ea3b..331d0b65af 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2625,6 +2625,7 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type,
 			fcc.initialized = 1;
 			fcc.function_handler = ce->constructor;
 			fcc.calling_scope = EG(scope);
+			fcc.called_scope = Z_OBJCE_P(return_value);
 			fcc.object_pp = &return_value;
 		
 			if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c
index f0ca613c96..170585a841 100644
--- a/ext/reflection/php_reflection.c
+++ b/ext/reflection/php_reflection.c
@@ -1256,6 +1256,7 @@ static void _reflection_export(INTERNAL_FUNCTION_PARAMETERS, zend_class_entry *c
 	fcc.initialized = 1;
 	fcc.function_handler = ce_ptr->constructor;
 	fcc.calling_scope = ce_ptr;
+	fcc.called_scope = Z_OBJCE_P(reflector_ptr);
 	fcc.object_pp = &reflector_ptr;
 
 	result = zend_call_function(&fci, &fcc TSRMLS_CC);
@@ -1637,6 +1638,7 @@ ZEND_METHOD(reflection_function, invoke)
 	fcc.initialized = 1;
 	fcc.function_handler = fptr;
 	fcc.calling_scope = EG(scope);
+	fcc.called_scope = NULL;
 	fcc.object_pp = NULL;
 
 	result = zend_call_function(&fci, &fcc TSRMLS_CC);
@@ -1701,6 +1703,7 @@ ZEND_METHOD(reflection_function, invokeArgs)
 	fcc.initialized = 1;
 	fcc.function_handler = fptr;
 	fcc.calling_scope = EG(scope);
+	fcc.called_scope = NULL;
 	fcc.object_pp = NULL;
 
 	result = zend_call_function(&fci, &fcc TSRMLS_CC);
@@ -2462,6 +2465,7 @@ ZEND_METHOD(reflection_method, invoke)
 	fcc.initialized = 1;
 	fcc.function_handler = mptr;
 	fcc.calling_scope = obj_ce;
+	fcc.called_scope = Z_OBJCE_PP(object_pp);
 	fcc.object_pp = object_pp;
 
 	result = zend_call_function(&fci, &fcc TSRMLS_CC);
@@ -2566,6 +2570,7 @@ ZEND_METHOD(reflection_method, invokeArgs)
 	fcc.initialized = 1;
 	fcc.function_handler = mptr;
 	fcc.calling_scope = obj_ce;
+	fcc.called_scope = Z_OBJCE_P(object);
 	fcc.object_pp = &object;
 
 	result = zend_call_function(&fci, &fcc TSRMLS_CC);
@@ -3645,6 +3650,7 @@ ZEND_METHOD(reflection_class, newInstance)
 		fcc.initialized = 1;
 		fcc.function_handler = ce->constructor;
 		fcc.calling_scope = EG(scope);
+		fcc.called_scope = Z_OBJCE_P(return_value);
 		fcc.object_pp = &return_value;
 
 		if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
@@ -3720,6 +3726,7 @@ ZEND_METHOD(reflection_class, newInstanceArgs)
 		fcc.initialized = 1;
 		fcc.function_handler = ce->constructor;
 		fcc.calling_scope = EG(scope);
+		fcc.called_scope = Z_OBJCE_P(return_value);
 		fcc.object_pp = &return_value;
 
 		if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index b3d6b68afc..f3081938da 100755
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -1958,6 +1958,7 @@ static int spl_filesystem_file_call(spl_filesystem_object *intern, zend_function
 	fcic.initialized = 1;
 	fcic.function_handler = func_ptr;
 	fcic.calling_scope = NULL;
+	fcic.called_scope = NULL;
 	fcic.object_pp = NULL;
 
 	result = zend_call_function(&fci, &fcic TSRMLS_CC);
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index fce4746f2e..15f9d25dee 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -2711,6 +2711,7 @@ PHP_FUNCTION(sqlite_fetch_object)
 		fcc.initialized = 1;
 		fcc.function_handler = ce->constructor;
 		fcc.calling_scope = EG(scope);
+		fcc.called_scope = Z_OBJCE_P(return_value);
 		fcc.object_pp = &return_value;
 
 		if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
diff --git a/main/streams/userspace.c b/main/streams/userspace.c
index 6300404918..fd3b70c673 100644
--- a/main/streams/userspace.c
+++ b/main/streams/userspace.c
@@ -262,6 +262,7 @@ static php_stream *user_wrapper_opener(php_stream_wrapper *wrapper, char *filena
 		fcc.initialized = 1;
 		fcc.function_handler = uwrap->ce->constructor;
 		fcc.calling_scope = EG(scope);
+		fcc.called_scope = Z_OBJCE_P(us->object);
 		fcc.object_pp = &us->object;
 
 		if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
-- 
2.40.0