diff options
| author | Xinchen Hui <laruence@php.net> | 2012-08-23 23:27:16 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2012-08-23 23:27:16 +0800 |
| commit | 13bcf685cb0a92e502ebe39f4b22c64304a9f333 (patch) | |
| tree | 3c3d7a01e2c69381bce445075f5b78b05c78ca60 | |
| parent | eca4fc69918c856966298435bd1133e55a3c8e58 (diff) | |
| download | php-git-13bcf685cb0a92e502ebe39f4b22c64304a9f333.tar.gz | |
Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/spl/spl_fixedarray.c | 12 | ||||
| -rw-r--r-- | ext/spl/tests/bug62904.phpt | 19 |
3 files changed, 29 insertions, 4 deletions
@@ -39,6 +39,8 @@ PHP NEWS . Fixed bug (segfault due to retval is not initialized). (Laruence) - SPL: + . Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray) + (Laruence) . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault). (Laruence, Gustavo) diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c index ee8f51eb33..0aac6d3f30 100644 --- a/ext/spl/spl_fixedarray.c +++ b/ext/spl/spl_fixedarray.c @@ -223,10 +223,14 @@ static zend_object_value spl_fixedarray_object_new_ex(zend_class_entry *class_ty if (orig && clone_orig) { spl_fixedarray_object *other = (spl_fixedarray_object*)zend_object_store_get_object(orig TSRMLS_CC); intern->ce_get_iterator = other->ce_get_iterator; - - intern->array = emalloc(sizeof(spl_fixedarray)); - spl_fixedarray_init(intern->array, other->array->size TSRMLS_CC); - spl_fixedarray_copy(intern->array, other->array TSRMLS_CC); + if (!other->array) { + /* leave a empty object, will be dtor later by CLONE handler */ + zend_throw_exception(spl_ce_RuntimeException, "The instance wasn't initialized properly", 0 TSRMLS_CC); + } else { + intern->array = emalloc(sizeof(spl_fixedarray)); + spl_fixedarray_init(intern->array, other->array->size TSRMLS_CC); + spl_fixedarray_copy(intern->array, other->array TSRMLS_CC); + } } while (parent) { diff --git a/ext/spl/tests/bug62904.phpt b/ext/spl/tests/bug62904.phpt new file mode 100644 index 0000000000..7e392da9ab --- /dev/null +++ b/ext/spl/tests/bug62904.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #62904 (Crash when cloning an object which inherits SplFixedArray) +--FILE-- +<?php + +class foo extends SplFixedArray { + public function __construct($size) { + } +} + +$x = new foo(2); + +try { + $z = clone $x; +} catch (Exception $e) { + var_dump($e->getMessage()); +} +--EXPECTF-- +string(40) "The instance wasn't initialized properly" |