Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4: Check for zero-length keys in spl_array_skip_protected and don't skip them.
author: Adam Harvey <aharvey@php.net> 2014-05-29 17:53:28 +0000
committer: Adam Harvey <aharvey@php.net> 2014-05-29 17:53:28 +0000
commit: 43e3a83d51ac82dd3b08c545bf57b9090cf07dd3 (patch)
tree: bd55f96616ce5577d0b45ac7f7e7485d77873da9 /ext/spl/spl_array.c
parent: 4ef561c7bacd76d3221237e52cfcbcef257c9ee7 (diff)
parent: b5d9983ff4373793621ee4b21d4964b30c5d21c8 (diff)
download: php-git-43e3a83d51ac82dd3b08c545bf57b9090cf07dd3.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c
index f41d0fb9cd..644295d497 100644
--- a/ext/spl/spl_array.c
+++ b/ext/spl/spl_array.c
@@ -922,7 +922,14 @@ static int spl_array_skip_protected(spl_array_object *intern, HashTable *aht TSR
 	if (Z_TYPE_P(intern->array) == IS_OBJECT) {
 		do {
 			if (zend_hash_get_current_key_ex(aht, &string_key, &string_length, &num_key, 0, &intern->pos) == HASH_KEY_IS_STRING) {
-				if (!string_length || string_key[0]) {
+				/* zend_hash_get_current_key_ex() should never set
+				 * string_length to 0 when returning HASH_KEY_IS_STRING, but we
+				 * may as well be defensive and consider that successful.
+				 * Beyond that, we're looking for protected keys (which will
+				 * have a null byte at string_key[0]), but want to avoid
+				 * skipping completely empty keys (which will also have the
+				 * null byte, but a string_length of 1). */
+				if (!string_length || string_key[0] || string_length == 1) {
 					return SUCCESS;
 				}
 			} else {
author	Adam Harvey <aharvey@php.net>	2014-05-29 17:53:28 +0000
committer	Adam Harvey <aharvey@php.net>	2014-05-29 17:53:28 +0000
commit	43e3a83d51ac82dd3b08c545bf57b9090cf07dd3 (patch)
tree	bd55f96616ce5577d0b45ac7f7e7485d77873da9 /ext/spl/spl_array.c
parent	4ef561c7bacd76d3221237e52cfcbcef257c9ee7 (diff)
parent	b5d9983ff4373793621ee4b21d4964b30c5d21c8 (diff)
download	php-git-43e3a83d51ac82dd3b08c545bf57b9090cf07dd3.tar.gz