From 5be006d48b7c4d8df89a76f6a532d13ce29e614d Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Thu, 12 Jun 2008 12:40:07 +0000
Subject: [PATCH] avoid invalid reads when reached memory_limit during
 initialization

---
 ext/spl/spl_fastarray.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ext/spl/spl_fastarray.c b/ext/spl/spl_fastarray.c
index e4a74064a4..4f98f10155 100644
--- a/ext/spl/spl_fastarray.c
+++ b/ext/spl/spl_fastarray.c
@@ -75,6 +75,7 @@ typedef struct _spl_fastarray_it { /* {{{ */
 static void spl_fastarray_init(spl_fastarray *array, long size TSRMLS_DC) /* {{{ */
 {
 	if (size > 0) {
+		array->size = 0; /* reset size in case ecalloc() fails */
 		array->elements = ecalloc(size, sizeof(zval *));
 		array->size = size;
 	} else {
@@ -198,7 +199,7 @@ static void spl_fastarray_object_free_storage(void *object TSRMLS_DC) /* {{{ */
 			}
 		}
 
-		if (intern->array->elements) {
+		if (intern->array->size > 0 && intern->array->elements) {
 			efree(intern->array->elements);
 		}
 		efree(intern->array);
-- 
2.50.1