diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | Zend/tests/bug40899.phpt | 9 | ||||
| -rw-r--r-- | Zend/zend_compile.c | 2 |
3 files changed, 11 insertions, 1 deletions
@@ -35,6 +35,7 @@ PHP NEWS - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry) - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek) - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) +- Fixed bug #40899 (memory leak when nesting list()). (Dmitry) - Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony) - Fixed bug #40872 (inconsistency in offsetSet, offsetExists treatment of string enclosed integers). (Marcus) diff --git a/Zend/tests/bug40899.phpt b/Zend/tests/bug40899.phpt new file mode 100644 index 0000000000..7be0f6b8e9 --- /dev/null +++ b/Zend/tests/bug40899.phpt @@ -0,0 +1,9 @@ +--TEST-- +Bug #40899 (memory leak when nesting list()) +--FILE-- +<?php +list(list($a,$b),$c)=array(array('a','b'),'c'); +echo "$a$b$c\n"; +?> +--EXPECT-- +abc diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index ff2963d921..faf63e0ef3 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -3423,6 +3423,7 @@ void zend_do_list_end(znode *result, znode *expr TSRMLS_DC) opline->opcode = ZEND_FETCH_DIM_TMP_VAR; break; } + opline->extended_value = ZEND_FETCH_ADD_LOCK; } else { opline->opcode = ZEND_FETCH_DIM_R; } @@ -3434,7 +3435,6 @@ void zend_do_list_end(znode *result, znode *expr TSRMLS_DC) Z_TYPE(opline->op2.u.constant) = IS_LONG; Z_LVAL(opline->op2.u.constant) = *((int *) dimension->data); INIT_PZVAL(&opline->op2.u.constant); - opline->extended_value = ZEND_FETCH_ADD_LOCK; last_container = opline->result; dimension = dimension->next; } |