[Pkg-php-commits] [php/debian-sid] Cherry-pick fix for bug php#50481 (Storing many SPLFixedArray in an array crashes)

[Ondřej Surý]

---
 debian/patches/bug50481.patch |   27 +++++++++++++++++++++++++++
 debian/patches/series         |    1 +
 2 files changed, 28 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/bug50481.patch

diff --git a/debian/patches/bug50481.patch b/debian/patches/bug50481.patch
new file mode 100644
index 0000000..723e1d3
--- /dev/null
+++ b/debian/patches/bug50481.patch
@@ -0,0 +1,27 @@
+--- a/ext/spl/spl_fixedarray.c
++++ b/ext/spl/spl_fixedarray.c
+@@ -158,6 +158,9 @@ static HashTable* spl_fixedarray_object_
+ 				zend_hash_index_update(intern->std.properties, i, (void *)&intern->array->elements[i], sizeof(zval *), NULL);
+ 				Z_ADDREF_P(intern->array->elements[i]);
+ 			} else {
++				if (GC_G(gc_active)) {
++					return NULL;
++				}
+ 				zend_hash_index_update(intern->std.properties, i, (void *)&EG(uninitialized_zval_ptr), sizeof(zval *), NULL);
+ 				Z_ADDREF_P(EG(uninitialized_zval_ptr));
+ 			}
+--- /dev/null
++++ b/ext/spl/tests/bug52573.phpt
+@@ -0,0 +1,12 @@
++--TEST--
++Bug #52573 (SplFileObject::fscanf Segmentation fault)
++--FILE--
++<?php
++
++$result = null;
++$f = new SplFileObject(__FILE__, 'r');
++$f->fscanf('<?php // %s', $result);
++
++?>
++--EXPECTF--
++Warning: Parameter 3 to fscanf() expected to be a reference, value given in %s on line 5
diff --git a/debian/patches/series b/debian/patches/series
index b014de1..24ea326 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -60,3 +60,4 @@ CVE-2010-3870.patch
 CVE-2010-4156.patch
 bug52573.patch
 bug52487.patch
+bug50481.patch
-- 
1.7.1