From 82b86c1c38887d3a20da5b9b4966bf144f410866 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 6 Apr 2009 11:10:32 +0000 Subject: [PATCH] Bug #47880 (crashes in call_user_func_array()) --- NEWS | 1 + Zend/tests/bug47880.phpt | 15 +++++++++++++++ Zend/zend_API.c | 6 ------ 3 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 Zend/tests/bug47880.phpt diff --git a/NEWS b/NEWS index c0b0224761..2322e0320c 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ PHP NEWS - Undeprecated ticks. (Arnaud) - Upgraded bundled sqlite to version 3.6.12. (Scott) +- Fixed bug #47880 (crashes in call_user_func_array()). (Dmitry) - Fixed bug #47856 (stristr() converts needle to lower-case). (Ilia) - Fixed bug #47851 (is_callable throws fatal error). (Dmitry) - Fixed bug #47819 (Getting pdo_mysql.so: undefined symbol: mysqlnd_debug_init diff --git a/Zend/tests/bug47880.phpt b/Zend/tests/bug47880.phpt new file mode 100644 index 0000000000..bf2022c809 --- /dev/null +++ b/Zend/tests/bug47880.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #47880 (crashes in call_user_func_array()) +--FILE-- + +--EXPECT-- +ok diff --git a/Zend/zend_API.c b/Zend/zend_API.c index b0c460606c..0e186691d7 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -2856,9 +2856,6 @@ ZEND_API int zend_fcall_info_init(zval *callable, uint check_flags, zend_fcall_i ZEND_API void zend_fcall_info_args_clear(zend_fcall_info *fci, int free_mem) /* {{{ */ { if (fci->params) { - while (fci->param_count) { - zval_ptr_dtor(fci->params[--fci->param_count]); - } if (free_mem) { efree(fci->params); fci->params = NULL; @@ -2906,7 +2903,6 @@ ZEND_API int zend_fcall_info_args(zend_fcall_info *fci, zval *args TSRMLS_DC) /* zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(args), &pos); while (zend_hash_get_current_data_ex(Z_ARRVAL_P(args), (void *) &arg, &pos) == SUCCESS) { *params++ = arg; - Z_ADDREF_P(*arg); zend_hash_move_forward_ex(Z_ARRVAL_P(args), &pos); } @@ -2929,7 +2925,6 @@ ZEND_API int zend_fcall_info_argp(zend_fcall_info *fci TSRMLS_DC, int argc, zval fci->params = (zval ***) erealloc(fci->params, fci->param_count * sizeof(zval **)); for (i = 0; i < argc; ++i) { - Z_ADDREF_P(*(argv[i])); fci->params[i] = argv[i]; } } @@ -2955,7 +2950,6 @@ ZEND_API int zend_fcall_info_argv(zend_fcall_info *fci TSRMLS_DC, int argc, va_l for (i = 0; i < argc; ++i) { arg = va_arg(*argv, zval **); - Z_ADDREF_P(*arg); fci->params[i] = arg; } } -- 2.50.1