diff options
| author | Xinchen Hui <laruence@php.net> | 2012-08-23 23:21:25 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2012-08-23 23:21:25 +0800 |
| commit | 42f91d6ac6e4c359313ddc90b86067ab9be6a80f (patch) | |
| tree | 8056b79b2e5b0381dc8789108fbd9cf7db5b1652 | |
| parent | 9a72b52a1f36d8eacf122d2bc52be6b792fbb18a (diff) | |
| download | php-git-42f91d6ac6e4c359313ddc90b86067ab9be6a80f.tar.gz | |
Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/spl/spl_fixedarray.c | 12 | ||||
| -rw-r--r-- | ext/spl/tests/bug62904.phpt | 19 |
3 files changed, 29 insertions, 4 deletions
@@ -46,6 +46,8 @@ PHP NEWS when close handler call exit). (Laruence) - SPL: + . Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray) + (Laruence) . Implemented FR #62840 (Add sort flag to ArrayObject::ksort). (Laruence) - Standard: diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c index 1124285545..244bd3e0df 100644 --- a/ext/spl/spl_fixedarray.c +++ b/ext/spl/spl_fixedarray.c @@ -223,10 +223,14 @@ static zend_object_value spl_fixedarray_object_new_ex(zend_class_entry *class_ty if (orig && clone_orig) { spl_fixedarray_object *other = (spl_fixedarray_object*)zend_object_store_get_object(orig TSRMLS_CC); intern->ce_get_iterator = other->ce_get_iterator; - - intern->array = emalloc(sizeof(spl_fixedarray)); - spl_fixedarray_init(intern->array, other->array->size TSRMLS_CC); - spl_fixedarray_copy(intern->array, other->array TSRMLS_CC); + if (!other->array) { + /* leave a empty object, will be dtor later by CLONE handler */ + zend_throw_exception(spl_ce_RuntimeException, "The instance wasn't initialized properly", 0 TSRMLS_CC); + } else { + intern->array = emalloc(sizeof(spl_fixedarray)); + spl_fixedarray_init(intern->array, other->array->size TSRMLS_CC); + spl_fixedarray_copy(intern->array, other->array TSRMLS_CC); + } } while (parent) { diff --git a/ext/spl/tests/bug62904.phpt b/ext/spl/tests/bug62904.phpt new file mode 100644 index 0000000000..7e392da9ab --- /dev/null +++ b/ext/spl/tests/bug62904.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #62904 (Crash when cloning an object which inherits SplFixedArray) +--FILE-- +<?php + +class foo extends SplFixedArray { + public function __construct($size) { + } +} + +$x = new foo(2); + +try { + $z = clone $x; +} catch (Exception $e) { + var_dump($e->getMessage()); +} +--EXPECTF-- +string(40) "The instance wasn't initialized properly" |