diff options
| author | Xinchen Hui <laruence@gmail.com> | 2016-02-07 23:19:24 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2016-02-07 23:19:24 +0800 |
| commit | 336e39f2b194e1425dc363abd18554f60c80bed1 (patch) | |
| tree | 50df936af5e455cbfc963ca9fd3db7f29d9e29ae /ext/pcre | |
| parent | 9f82f21d018aafbfea723960a335f435202bff77 (diff) | |
| download | php-git-336e39f2b194e1425dc363abd18554f60c80bed1.tar.gz | |
Fixed bug #71537 (PCRE segfault from Opcache)
Diffstat (limited to 'ext/pcre')
| -rw-r--r-- | ext/pcre/php_pcre.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index ee3e36b6ab..93bfc00052 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -1350,7 +1350,6 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, zend_string *su static zend_string *php_replace_in_subject(zval *regex, zval *replace, zval *subject, int limit, int is_callable_replace, int *replace_count) { zval *regex_entry, - *replace_entry = NULL, *replace_value, empty_replace; zend_string *result; @@ -1372,25 +1371,26 @@ static zend_string *php_replace_in_subject(zval *regex, zval *replace, zval *sub /* For each entry in the regex array, get the entry */ ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(regex), regex_entry) { + zval replace_str; /* Make sure we're dealing with strings. */ zend_string *regex_str = zval_get_string(regex_entry); + ZVAL_UNDEF(&replace_str); /* If replace is an array and not a callable construct */ if (Z_TYPE_P(replace) == IS_ARRAY && !is_callable_replace) { /* Get current entry */ - replace_entry = NULL; while (replace_idx < Z_ARRVAL_P(replace)->nNumUsed) { if (Z_TYPE(Z_ARRVAL_P(replace)->arData[replace_idx].val) != IS_UNDEF) { - replace_entry = &Z_ARRVAL_P(replace)->arData[replace_idx].val; + ZVAL_COPY(&replace_str, &Z_ARRVAL_P(replace)->arData[replace_idx].val); break; } replace_idx++; } - if (replace_entry != NULL) { + if (!Z_ISUNDEF(replace_str)) { if (!is_callable_replace) { - convert_to_string_ex(replace_entry); + convert_to_string(&replace_str); } - replace_value = replace_entry; + replace_value = &replace_str; replace_idx++; } else { /* We've run out of replacement strings, so use an empty one */ @@ -1413,10 +1413,12 @@ static zend_string *php_replace_in_subject(zval *regex, zval *replace, zval *sub } else { zend_string_release(subject_str); zend_string_release(regex_str); + zval_dtor(&replace_str); return NULL; } zend_string_release(regex_str); + zval_dtor(&replace_str); } ZEND_HASH_FOREACH_END(); return subject_str; |