diff options
| author | Dmitry Stogov <dmitry@php.net> | 2010-10-01 11:53:04 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2010-10-01 11:53:04 +0000 |
| commit | d3b6fbe39bc74920da5e73a546208252a01f9586 (patch) | |
| tree | 26b6737dfaaacdb0552c4b351ab93c4ecf628186 | |
| parent | f64e4bac49586a416bb397f9f9134477751c39b8 (diff) | |
| download | php-git-d3b6fbe39bc74920da5e73a546208252a01f9586.tar.gz | |
Fixed bug #52940 (call_user_func_array still allows call-time pass-by-reference). (cataphract@php.net)
| -rw-r--r-- | Zend/tests/bug52940.phpt | 23 | ||||
| -rw-r--r-- | Zend/zend_execute_API.c | 20 | ||||
| -rw-r--r-- | ext/standard/tests/array/array_map_variation19.phpt | 2 | ||||
| -rw-r--r-- | ext/standard/tests/general_functions/call_user_func_array_variation_001.phpt | 2 |
4 files changed, 34 insertions, 13 deletions
diff --git a/Zend/tests/bug52940.phpt b/Zend/tests/bug52940.phpt new file mode 100644 index 0000000000..f8d31c0dbe --- /dev/null +++ b/Zend/tests/bug52940.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #52940 (call_user_func_array still allows call-time pass-by-reference) +--FILE-- +<?php +function foo($a) { + $a++; + var_dump($a); +} +function bar(&$a) { + $a++; + var_dump($a); +} +$a = 1; +call_user_func_array("foo", array(&$a)); +var_dump($a); +call_user_func_array("bar", array(&$a)); +var_dump($a); +?> +--EXPECT-- +int(2) +int(1) +int(2) +int(2) diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index f9c9bce99f..1f1a2b13d9 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -850,17 +850,8 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS for (i=0; i<fci->param_count; i++) { zval *param; - if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION - && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0 - && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) - && PZVAL_IS_REF(*fci->params[i])) { - SEPARATE_ZVAL(fci->params[i]); - } - - if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) - && !PZVAL_IS_REF(*fci->params[i])) { - - if (Z_REFCOUNT_PP(fci->params[i]) > 1) { + if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)) { + if (!PZVAL_IS_REF(*fci->params[i]) && Z_REFCOUNT_PP(fci->params[i]) > 1) { zval *new_zval; if (fci->no_separation) { @@ -888,6 +879,13 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS Z_ADDREF_PP(fci->params[i]); Z_SET_ISREF_PP(fci->params[i]); param = *fci->params[i]; + } else if (PZVAL_IS_REF(*fci->params[i]) && + /* don't separate references for __call */ + (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0 ) { + ALLOC_ZVAL(param); + *param = **(fci->params[i]); + INIT_PZVAL(param); + zval_copy_ctor(param); } else if (*fci->params[i] != &EG(uninitialized_zval)) { Z_ADDREF_PP(fci->params[i]); param = *fci->params[i]; diff --git a/ext/standard/tests/array/array_map_variation19.phpt b/ext/standard/tests/array/array_map_variation19.phpt index 9478f70eff..0e56428a03 100644 --- a/ext/standard/tests/array/array_map_variation19.phpt +++ b/ext/standard/tests/array/array_map_variation19.phpt @@ -34,7 +34,7 @@ array(2) { } array(2) { [0]=> - &string(7) "changed" + &string(10) "original.0" [1]=> string(10) "original.1" }
\ No newline at end of file diff --git a/ext/standard/tests/general_functions/call_user_func_array_variation_001.phpt b/ext/standard/tests/general_functions/call_user_func_array_variation_001.phpt index 340e4e5daf..c05a329342 100644 --- a/ext/standard/tests/general_functions/call_user_func_array_variation_001.phpt +++ b/ext/standard/tests/general_functions/call_user_func_array_variation_001.phpt @@ -50,7 +50,7 @@ array(1) { ------ Calling by_val() with referenced argument ------ array(1) { [0]=> - &string(7) "changed" + &string(8) "original" } ------ Calling by_ref() with referenced argument ------ array(1) { |