mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-22 08:20:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Improved fix for #61058, and add test script

Browse Source
This commit is contained in:
Xinchen Hui 2012-02-12 05:32:24 +00:00
parent c578917e30
commit 33125e2312
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ext/standard/array.c
View File

@ -1557,15 +1557,16 @@ PHP_FUNCTION(array_fill)
array_init_size(return_value, num);
num--;
zval_add_ref(&val);
if (zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, &val, sizeof(zval *), NULL) == FAILURE) {
zval_ptr_dtor(&val);
}
zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, &val, sizeof(zval *), NULL);
zval_add_ref(&val);
while (num--) {
zval_add_ref(&val);
if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL) == FAILURE) {
zval_ptr_dtor(&val);
if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL) == SUCCESS) {
zval_add_ref(&val);
} else {
zval_dtor(return_value);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot add element to the array as the next element is already occupied");
RETURN_FALSE;
}
}
}

8
ext/standard/tests/array/bug61058.phpt Normal file
View File

@ -0,0 +1,8 @@
--TEST--
Bug #61058 (array_fill leaks if start index is PHP_INT_MAX)
--FILE--
<?php
array_fill(PHP_INT_MAX, 2, '*');
?>
--EXPECTF--
Warning: array_fill(): Cannot add element to the array as the next element is already occupied in %sbug61058.php on line %d