diff options
| author | Antony Dovgal <tony2001@php.net> | 2006-07-26 08:03:48 +0000 |
|---|---|---|
| committer | Antony Dovgal <tony2001@php.net> | 2006-07-26 08:03:48 +0000 |
| commit | 65626296dab1ad4748653b4e418615c16d84d49a (patch) | |
| tree | f744397098a5435539584c7ca58b9bd3ec1136a9 /ext/reflection/php_reflection.c | |
| parent | 7987bba7435cd7eec85c2faf1457fb2faebdbe12 (diff) | |
| download | php-git-65626296dab1ad4748653b4e418615c16d84d49a.tar.gz | |
MFH: fix bug #38217 (ReflectionClass::newInstanceArgs() tries to allocate too much memory)
Diffstat (limited to 'ext/reflection/php_reflection.c')
| -rw-r--r-- | ext/reflection/php_reflection.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 20de73ce09..d6a5f909ed 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -3394,7 +3394,7 @@ ZEND_METHOD(reflection_class, newInstanceArgs) zval *retval_ptr; reflection_object *intern; zend_class_entry *ce; - int argc; + int argc = 0; HashTable *args; @@ -3404,11 +3404,13 @@ ZEND_METHOD(reflection_class, newInstanceArgs) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|h", &args) == FAILURE) { return; } - argc = args->nNumOfElements; + if (ZEND_NUM_ARGS() > 0) { + argc = args->nNumOfElements; + } /* Run the constructor if there is one */ if (ce->constructor) { - zval ***params; + zval ***params = NULL; zend_fcall_info fci; zend_fcall_info_cache fcc; @@ -3416,10 +3418,12 @@ ZEND_METHOD(reflection_class, newInstanceArgs) zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, "Access to non-public constructor of class %s", ce->name); return; } - - params = safe_emalloc(sizeof(zval **), argc, 0); - zend_hash_apply_with_argument(args, (apply_func_arg_t)_zval_array_to_c_array, ¶ms TSRMLS_CC); - params -= argc; + + if (argc) { + params = safe_emalloc(sizeof(zval **), argc, 0); + zend_hash_apply_with_argument(args, (apply_func_arg_t)_zval_array_to_c_array, ¶ms TSRMLS_CC); + params -= argc; + } object_init_ex(return_value, ce); @@ -3439,7 +3443,9 @@ ZEND_METHOD(reflection_class, newInstanceArgs) fcc.object_pp = &return_value; if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) { - efree(params); + if (params) { + efree(params); + } zval_ptr_dtor(&retval_ptr); zend_error(E_WARNING, "Invocation of %s's constructor failed", ce->name); RETURN_NULL(); @@ -3447,7 +3453,9 @@ ZEND_METHOD(reflection_class, newInstanceArgs) if (retval_ptr) { zval_ptr_dtor(&retval_ptr); } - efree(params); + if (params) { + efree(params); + } } else if (!ZEND_NUM_ARGS()) { object_init_ex(return_value, ce); } else { |