From a12e272b9a96fac3668c9d9c8bc4c30f69cb485c Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Tue, 24 Nov 2009 21:54:12 +0000 Subject: [PATCH] - Fixed bug #50255 (isset() and empty() silently casts array to object) --- NEWS | 2 ++ Zend/tests/bug50255.phpt | 30 ++++++++++++++++++++++++++++++ Zend/zend_vm_def.h | 2 +- Zend/zend_vm_execute.h | 24 ++++++++++++------------ 4 files changed, 45 insertions(+), 13 deletions(-) create mode 100644 Zend/tests/bug50255.phpt diff --git a/NEWS b/NEWS index 3123fd35f6..0c8ea4a60d 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,8 @@ PHP NEWS - Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe) +- Fixed bug #50255 (isset() and empty() silently casts array to object). + (Felipe) - Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick) - Fixed bug #50207 (segmentation fault when concatenating very large strings diff --git a/Zend/tests/bug50255.phpt b/Zend/tests/bug50255.phpt new file mode 100644 index 0000000000..9f390af7cf --- /dev/null +++ b/Zend/tests/bug50255.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #50255 (isset() and empty() silently casts array to object) +--FILE-- + 'bar'); + +print "isset\n"; +var_dump(isset($arr->foo)); +var_dump(isset($arr->bar)); +var_dump(isset($arr['foo'])); +var_dump(isset($arr['bar'])); +print "empty\n"; +var_dump(empty($arr->foo)); +var_dump(empty($arr->bar)); +var_dump(empty($arr['foo'])); +var_dump(empty($arr['bar'])); + +?> +--EXPECT-- +isset +bool(false) +bool(false) +bool(true) +bool(false) +empty +bool(true) +bool(true) +bool(false) +bool(true) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 499d539d98..0431d80854 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -3532,7 +3532,7 @@ ZEND_VM_HELPER_EX(zend_isset_isempty_dim_prop_obj_handler, VAR|UNUSED|CV, CONST| zend_free_op free_op2; zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index f2863a6ddd..9aa59ff2b1 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -9750,7 +9750,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_CONST(int prop_dim, zval *offset = &opline->op2.u.constant; - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -11283,7 +11283,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_TMP(int prop_dim, ZE zend_free_op free_op2; zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -12864,7 +12864,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_VAR(int prop_dim, ZE zend_free_op free_op2; zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -14890,7 +14890,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_CV(int prop_dim, ZEN zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -16009,7 +16009,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_CONST(int prop_di zval *offset = &opline->op2.u.constant; - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -17002,7 +17002,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_TMP(int prop_dim, zend_free_op free_op2; zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -17995,7 +17995,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_VAR(int prop_dim, zend_free_op free_op2; zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -19256,7 +19256,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_UNUSED_CV(int prop_dim, zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -22018,7 +22018,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_CONST(int prop_dim, Z zval *offset = &opline->op2.u.constant; - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -23543,7 +23543,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_TMP(int prop_dim, ZEN zend_free_op free_op2; zval *offset = _get_zval_ptr_tmp(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -25115,7 +25115,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_VAR(int prop_dim, ZEN zend_free_op free_op2; zval *offset = _get_zval_ptr_var(&opline->op2, EX(Ts), &free_op2 TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; @@ -27131,7 +27131,7 @@ static int zend_isset_isempty_dim_prop_obj_handler_SPEC_CV_CV(int prop_dim, ZEND zval *offset = _get_zval_ptr_cv(&opline->op2, EX(Ts), BP_VAR_R TSRMLS_CC); - if (Z_TYPE_PP(container) == IS_ARRAY) { + if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) { HashTable *ht; int isset = 0; -- 2.50.1