diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rwxr-xr-x | Zend/tests/bug34260.phpt | 36 | ||||
| -rw-r--r-- | Zend/zend_execute_API.c | 4 |
3 files changed, 41 insertions, 1 deletions
@@ -30,6 +30,8 @@ PHP NEWS - Fixed bug #34277 (array_filter() crashes with references and objects). (Dmitry) - Fixed bug #34276 (setAttributeNS doesn't work with default namespace). (Rob) +- Fixed bug #34260 (Segfault with callbacks (array_map) + overloading). + (Dmitry) - Fixed bug #34257 (lib64 not handled correctly in ming extension). (Marcus) - Fixed bug #34221 (Compiling xmlrpc as shared fails other parts). (Jani) - Fixed bug #34191 (ob_gzhandler does not enforce trailing \0). (Ilia) diff --git a/Zend/tests/bug34260.phpt b/Zend/tests/bug34260.phpt new file mode 100755 index 0000000000..fa393d065c --- /dev/null +++ b/Zend/tests/bug34260.phpt @@ -0,0 +1,36 @@ +--TEST-- +Bug #34260 (Segfault with callbacks (array_map) + overloading) +--FILE-- +<?php +class Faulty +{ + function __call($Method,$Args) + { + switch($Method) + { + case 'seg': + echo "I hate me\n"; + break; + } + } + + function NormalMethod($Args) + { + echo "I heart me\n"; + } +} + +$Faulty = new Faulty(); +$Array = array('Some junk','Some other junk'); + +// This causes a seg fault. +$Failure = array_map(array($Faulty,'seg'),$Array); + +// This does not. +$Failure = array_map(array($Faulty,'NormalMethod'),$Array); +?> +--EXPECT-- +I hate me +I hate me +I heart me +I heart me diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 4a131ccf29..dcc1249f80 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -750,7 +750,9 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS return FAILURE; } } - if (fci_cache) { + if (fci_cache && + (EX(function_state).function->type != ZEND_INTERNAL_FUNCTION || + ((zend_internal_function*)EX(function_state).function)->handler != zend_std_call_user_call)) { fci_cache->function_handler = EX(function_state).function; fci_cache->object_pp = fci->object_pp; fci_cache->calling_scope = calling_scope; |