From 8ef85b486af7a59d295a2d3a3a565ad408eeadac Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sun, 28 Oct 2007 13:44:09 +0000 Subject: [PATCH] MFB: Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) --- ext/reflection/php_reflection.c | 12 +++++++---- ext/reflection/tests/bug42976.phpt | 34 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 ext/reflection/tests/bug42976.phpt diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 0ce79a14d3..37ca021614 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -3484,7 +3484,7 @@ ZEND_METHOD(reflection_class, isInstance) Returns an instance of this class */ ZEND_METHOD(reflection_class, newInstance) { - zval *retval_ptr; + zval *retval_ptr = NULL; reflection_object *intern; zend_class_entry *ce; int argc = ZEND_NUM_ARGS(); @@ -3528,7 +3528,9 @@ ZEND_METHOD(reflection_class, newInstance) if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) { efree(params); - zval_ptr_dtor(&retval_ptr); + if (retval_ptr) { + zval_ptr_dtor(&retval_ptr); + } zend_error(E_WARNING, "Invocation of %v's constructor failed", ce->name); RETURN_NULL(); } @@ -3548,7 +3550,7 @@ ZEND_METHOD(reflection_class, newInstance) Returns an instance of this class */ ZEND_METHOD(reflection_class, newInstanceArgs) { - zval *retval_ptr; + zval *retval_ptr = NULL; reflection_object *intern; zend_class_entry *ce; int argc = 0; @@ -3603,7 +3605,9 @@ ZEND_METHOD(reflection_class, newInstanceArgs) if (params) { efree(params); } - zval_ptr_dtor(&retval_ptr); + if (retval_ptr) { + zval_ptr_dtor(&retval_ptr); + } zend_error(E_WARNING, "Invocation of %v's constructor failed", ce->name); RETURN_NULL(); } diff --git a/ext/reflection/tests/bug42976.phpt b/ext/reflection/tests/bug42976.phpt new file mode 100644 index 0000000000..38aed3a400 --- /dev/null +++ b/ext/reflection/tests/bug42976.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) +--FILE-- +newInstance($x); // causes crash +var_dump($x); +$x = "x.original"; +$rc->newInstanceArgs(array($x)); // causes crash +var_dump($x); + +echo "Done\n"; +?> +--EXPECTF-- +string(9) "x.changed" + +Warning: Invocation of C's constructor failed in %s/bug42976.php on line %d +string(10) "x.original" + +Warning: Invocation of C's constructor failed in %s/bug42976.php on line %d +string(10) "x.original" +Done -- 2.50.1