[Pkg-php-commits] [php/debian-sid] Cherry pick fix for segfault when extending SplFixedArray

Ondřej Surý ondrej at sury.org
Wed Jan 5 10:06:14 UTC 2011 

---
 ...fix-segfault-when-extending-SplFixedArray.patch |   40 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 2 files changed, 41 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/fix-segfault-when-extending-SplFixedArray.patch

diff --git a/debian/patches/fix-segfault-when-extending-SplFixedArray.patch b/debian/patches/fix-segfault-when-extending-SplFixedArray.patch
new file mode 100644
index 0000000..a714bd5
--- /dev/null
+++ b/debian/patches/fix-segfault-when-extending-SplFixedArray.patch
@@ -0,0 +1,40 @@
+--- /dev/null
++++ b/ext/spl/tests/bug53362.phpt
+@@ -0,0 +1,22 @@
++--TEST--
++Bug #53362 (Segmentation fault when extending SplFixedArray)
++--FILE--
++<?php
++
++class obj extends SplFixedArray{
++	public function offsetSet($offset, $value) {
++		var_dump($offset);
++	}
++}
++
++$obj = new obj;
++
++$obj[]=2;
++$obj[]=2;
++$obj[]=2;
++
++?>
++--EXPECTF--
++NULL
++NULL
++NULL
+--- a/ext/spl/spl_fixedarray.c
++++ b/ext/spl/spl_fixedarray.c
+@@ -409,7 +409,11 @@ static void spl_fixedarray_object_write_
+ 	intern = (spl_fixedarray_object *)zend_object_store_get_object(object TSRMLS_CC);
+ 
+ 	if (intern->fptr_offset_set) {
+-		SEPARATE_ARG_IF_REF(offset);
++		if (!offset) {
++			ALLOC_INIT_ZVAL(offset);
++		} else {
++			SEPARATE_ARG_IF_REF(offset);
++		}
+ 		SEPARATE_ARG_IF_REF(value);
+ 		zend_call_method_with_2_params(&object, intern->std.ce, &intern->fptr_offset_set, "offsetSet", NULL, offset, value);
+ 		zval_ptr_dtor(&value);
diff --git a/debian/patches/series b/debian/patches/series
index 16e2c5d..e29eab9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -85,3 +85,4 @@ fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
 fix-leaks-and-crash-bug-when-passing-the-callback-as-variable.patch
 fix-memory-leak-inside-highlight_string.patch
 fix-segfault-in-pgsql_stmt_execute-when-postgres-is-down.patch
+fix-segfault-when-extending-SplFixedArray.patch
-- 
1.7.1

More information about the Pkg-php-commits mailing list