Fix memory leak(null coalescing operator with Spl hash)

The SEPARATE_ARG_IF_REF macro increased the refcount of the object passed as a key. However, when the key did not exist in the ArrayAccess implementation, the code returned early without trying to decrement the refcount. Add a test of `??` succeeding+failing on a SplObjectStorage instance.
author: Tyson Andre <tysonandre775@hotmail.com> 2016-11-20 15:18:32 -0800
committer: Tyson Andre <tysonandre775@hotmail.com> 2016-11-20 15:46:13 -0800
commit: cdb7aafc23bd1fd396305df9cddca1717b58f2b3 (patch)
tree: 2bb7f7848ed92471b8aad648a99569672860102a /Zend/zend_object_handlers.c
parent: 60574ea1ac4790abe818c2c7510d0e391c12c06a (diff)
download: php-git-cdb7aafc23bd1fd396305df9cddca1717b58f2b3.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index 70dab660b3..af92d67496 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -736,9 +736,11 @@ zval *zend_std_read_dimension(zval *object, zval *offset, int type, zval *rv) /*
 		if (type == BP_VAR_IS) {
 			zend_call_method_with_1_params(object, ce, NULL, "offsetexists", rv, offset);
 			if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
+				zval_ptr_dtor(offset);
 				return NULL;
 			}
 			if (!i_zend_is_true(rv)) {
+				zval_ptr_dtor(offset);
 				zval_ptr_dtor(rv);
 				return &EG(uninitialized_zval);
 			}
author	Tyson Andre <tysonandre775@hotmail.com>	2016-11-20 15:18:32 -0800
committer	Tyson Andre <tysonandre775@hotmail.com>	2016-11-20 15:46:13 -0800
commit	cdb7aafc23bd1fd396305df9cddca1717b58f2b3 (patch)
tree	2bb7f7848ed92471b8aad648a99569672860102a /Zend/zend_object_handlers.c
parent	60574ea1ac4790abe818c2c7510d0e391c12c06a (diff)
download	php-git-cdb7aafc23bd1fd396305df9cddca1717b58f2b3.tar.gz