From 1f4f33afcfd8282bcdeff9ebcee7aade8c659308 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 19 Dec 2011 02:05:03 +0000 Subject: implement the solution for isset/string offsets, fix bug #60362 --- Zend/tests/bug31098.phpt | 14 ++++--- Zend/tests/bug39018.phpt | 39 ++++++++++------- Zend/tests/bug39304.phpt | 6 +-- Zend/tests/bug39304_2_4.phpt | 6 +-- Zend/tests/bug54262.phpt | 2 +- Zend/tests/bug60362.phpt | 74 ++++++++++++++++++++++++++++++++ Zend/tests/empty_str_offset.phpt | 91 ++++++++++++++++++++++++++++++++++++++++ Zend/tests/indexing_001.phpt | 2 + Zend/tests/isset_str_offset.phpt | 91 ++++++++++++++++++++++++++++++++++++++++ Zend/tests/offset_assign.phpt | 4 +- Zend/tests/offset_string.phpt | 22 +++++++++- Zend/tests/result_unused.phpt | 2 +- Zend/tests/str_offset_001.phpt | 12 +++--- Zend/zend_execute.c | 22 +++++++++- Zend/zend_vm_def.h | 7 ++++ Zend/zend_vm_execute.h | 84 +++++++++++++++++++++++++++++++++++++ 16 files changed, 441 insertions(+), 37 deletions(-) create mode 100644 Zend/tests/bug60362.phpt create mode 100644 Zend/tests/empty_str_offset.phpt create mode 100644 Zend/tests/isset_str_offset.phpt diff --git a/Zend/tests/bug31098.phpt b/Zend/tests/bug31098.phpt index 3038636bab..23cec9bbf4 100644 --- a/Zend/tests/bug31098.phpt +++ b/Zend/tests/bug31098.phpt @@ -17,7 +17,7 @@ var_dump(isset($a['b'])); $simpleString = "Bogus String Text"; echo isset($simpleString->wrong)?"bug\n":"ok\n"; -echo isset($simpleString["wrong"])?"ok\n":"bug\n"; +echo isset($simpleString["wrong"])?"bug\n":"ok\n"; echo isset($simpleString[-1])?"bug\n":"ok\n"; echo isset($simpleString[0])?"ok\n":"bug\n"; echo isset($simpleString["0"])?"ok\n":"bug\n"; @@ -34,8 +34,8 @@ bool(false) bool(false) bool(false) bool(false) -bool(true) -bool(true) +bool(false) +bool(false) ok ok ok @@ -44,8 +44,12 @@ ok ok ok -Notice: Trying to get property of non-object in %sbug31098.php on line %d -ok +Notice: Trying to get property of non-object in %s on line %d ok + +Warning: Illegal string offset 'wrong' in %s on line %d ok ok + +Warning: Illegal string offset 'wrong' in %s on line %d +ok \ No newline at end of file diff --git a/Zend/tests/bug39018.phpt b/Zend/tests/bug39018.phpt index 1c67eb2989..e1968ad041 100644 --- a/Zend/tests/bug39018.phpt +++ b/Zend/tests/bug39018.phpt @@ -6,7 +6,7 @@ Bug #39018 (Error control operator '@' fails to suppress "Uninitialized string o error_reporting(E_ALL); $a = 'foo'; -$a[11111111111]; +$a[111111111111111111111]; $a = ''; @@ -62,31 +62,42 @@ print "\nDone\n"; ?> --EXPECTF-- +Notice: String offset cast occured in %s on line %d -Notice: Uninitialized string offset: %i in %s on line 6 +Notice: Uninitialized string offset: 0 in %s on line %d -Notice: Uninitialized string offset: 0 in %s on line 10 +Notice: Uninitialized string offset: 0 in %s on line %d -Notice: Uninitialized string offset: 0 in %s on line 12 +Notice: String offset cast occured in %s on line %d -Notice: Uninitialized string offset: %i in %s on line 14 +Notice: Uninitialized string offset: %i in %s on line %d -Notice: Uninitialized string offset: %i in %s on line 16 +Notice: String offset cast occured in %s on line %d -Notice: Uninitialized string offset: 0 in %s on line 18 +Notice: Uninitialized string offset: %i in %s on line %d -Notice: Uninitialized string offset: 4 in %s on line 28 +Notice: Uninitialized string offset: 0 in %s on line %d -Notice: Uninitialized string offset: 4 in %s on line 34 +Notice: Uninitialized string offset: 4 in %s on line %d -Notice: Uninitialized string offset: 4 in %s on line 38 +Notice: Uninitialized string offset: 4 in %s on line %d -Notice: Uninitialized string offset: 4 in %s on line 42 +Notice: Uninitialized string offset: 4 in %s on line %d -Notice: Uninitialized string offset: 4 in %s on line 46 +Notice: Uninitialized string offset: 4 in %s on line %d -Notice: Uninitialized string offset: 12 in %s on line 50 +Notice: Uninitialized string offset: 4 in %s on line %d -Notice: Uninitialized string offset: 12 in %s on line 52 +Notice: String offset cast occured in %s on line %d + +Notice: Uninitialized string offset: 12 in %s on line %d + +Notice: String offset cast occured in %s on line %d + +Notice: Uninitialized string offset: 12 in %s on line %d + +Notice: String offset cast occured in %s on line %d + +Notice: String offset cast occured in %s on line %d b Done diff --git a/Zend/tests/bug39304.phpt b/Zend/tests/bug39304.phpt index ea068df75d..8303b82573 100755 --- a/Zend/tests/bug39304.phpt +++ b/Zend/tests/bug39304.phpt @@ -7,10 +7,10 @@ Bug #39304 (Segmentation fault with list unpacking of string offset) echo "I am alive"; ?> --EXPECTF-- -Notice: Uninitialized string offset: 0 in %sbug39304.php on line 3 +Notice: Uninitialized string offset: 0 in %sbug39304.php on line %d -Notice: Uninitialized string offset: 1 in %sbug39304.php on line 3 +Notice: Uninitialized string offset: 1 in %sbug39304.php on line %d -Notice: Uninitialized string offset: 0 in %sbug39304.php on line 3 +Notice: Uninitialized string offset: 0 in %sbug39304.php on line %d I am alive diff --git a/Zend/tests/bug39304_2_4.phpt b/Zend/tests/bug39304_2_4.phpt index e4863d6fcb..b0e6ddc72c 100644 --- a/Zend/tests/bug39304_2_4.phpt +++ b/Zend/tests/bug39304_2_4.phpt @@ -9,10 +9,10 @@ Bug #39304 (Segmentation fault with list unpacking of string offset) var_dump($a,$b); ?> --EXPECTF-- -Notice: Uninitialized string offset: 0 in %sbug39304_2_4.php on line 3 +Notice: Uninitialized string offset: 0 in %sbug39304_2_4.php on line %d -Notice: Uninitialized string offset: 1 in %sbug39304_2_4.php on line 3 +Notice: Uninitialized string offset: 1 in %sbug39304_2_4.php on line %d -Notice: Uninitialized string offset: 0 in %sbug39304_2_4.php on line 3 +Notice: Uninitialized string offset: 0 in %sbug39304_2_4.php on line %d string(0) "" string(0) "" diff --git a/Zend/tests/bug54262.phpt b/Zend/tests/bug54262.phpt index 1b9d3513cc..17a6ea6381 100644 --- a/Zend/tests/bug54262.phpt +++ b/Zend/tests/bug54262.phpt @@ -9,7 +9,7 @@ $simpleString["wrong"] = "f"; echo "ok\n"; ?> --EXPECTF-- -bool(true) +bool(false) Warning: Attempt to modify property of non-object in %sbug54262.php on line 4 diff --git a/Zend/tests/bug60362.phpt b/Zend/tests/bug60362.phpt new file mode 100644 index 0000000000..e8d16ea4cb --- /dev/null +++ b/Zend/tests/bug60362.phpt @@ -0,0 +1,74 @@ +--TEST-- +Bug #60362: non-existent sub-sub keys should not have values +--FILE-- + 'foz'); + +if (isset($arr['exists']['non_existent'])) { + echo "sub-key 'non_existent' is set: "; + var_dump($arr['exists']['non_existent']); +} else { + echo "sub-key 'non_existent' is not set.\n"; +} +if (isset($arr['exists'][1])) { + echo "sub-key 1 is set: "; + var_dump($arr['exists'][1]); +} else { + echo "sub-key 1 is not set.\n"; +} + +echo "-------------------\n"; +if (isset($arr['exists']['non_existent']['sub_sub'])) { + echo "sub-key 'sub_sub' is set: "; + var_dump($arr['exists']['non_existent']['sub_sub']); +} else { + echo "sub-sub-key 'sub_sub' is not set.\n"; +} +if (isset($arr['exists'][1][0])) { + echo "sub-sub-key 0 is set: "; + var_dump($arr['exists'][1][0]); +} else { + echo "sub-sub-key 0 is not set.\n"; +} + +echo "-------------------\n"; +if (empty($arr['exists']['non_existent'])) { + echo "sub-key 'non_existent' is empty.\n"; +} else { + echo "sub-key 'non_existent' is not empty: "; + var_dump($arr['exists']['non_existent']); +} +if (empty($arr['exists'][1])) { + echo "sub-key 1 is empty.\n"; +} else { + echo "sub-key 1 is not empty: "; + var_dump($arr['exists'][1]); +} + +echo "-------------------\n"; +if (empty($arr['exists']['non_existent']['sub_sub'])) { + echo "sub-sub-key 'sub_sub' is empty.\n"; +} else { + echo "sub-sub-key 'sub_sub' is not empty: "; + var_dump($arr['exists']['non_existent']['sub_sub']); +} +if (empty($arr['exists'][1][0])) { + echo "sub-sub-key 0 is empty.\n"; +} else { + echo "sub-sub-key 0 is not empty: "; + var_dump($arr['exists'][1][0]); +} +echo "DONE"; +--EXPECT-- +sub-key 'non_existent' is not set. +sub-key 1 is set: string(1) "o" +------------------- +sub-sub-key 'sub_sub' is not set. +sub-sub-key 0 is set: string(1) "o" +------------------- +sub-key 'non_existent' is empty. +sub-key 1 is not empty: string(1) "o" +------------------- +sub-sub-key 'sub_sub' is empty. +sub-sub-key 0 is not empty: string(1) "o" +DONE diff --git a/Zend/tests/empty_str_offset.phpt b/Zend/tests/empty_str_offset.phpt new file mode 100644 index 0000000000..09e8d010ff --- /dev/null +++ b/Zend/tests/empty_str_offset.phpt @@ -0,0 +1,91 @@ +--TEST-- +Testing empty() with string offsets +--FILE-- + +--EXPECTF-- +- empty --- +bool(true) +bool(false) +bool(false) +bool(true) +bool(false) +bool(true) +bool(true) +- string --- +bool(true) +bool(false) +bool(false) +bool(true) +bool(true) +bool(true) + +Notice: A non well formed numeric value encountered in %s line %d +bool(false) +- bool --- +bool(false) +bool(false) +bool(true) +- null --- +bool(false) +- double --- +bool(true) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(true) +- array --- +bool(true) +bool(true) +- object --- +bool(true) +- resource --- +bool(true) +done diff --git a/Zend/tests/indexing_001.phpt b/Zend/tests/indexing_001.phpt index 83c2c8d528..0e466ab8ce 100644 --- a/Zend/tests/indexing_001.phpt +++ b/Zend/tests/indexing_001.phpt @@ -71,6 +71,8 @@ array(1) { } } +Warning: Illegal string offset 'foo' in %s on line %d + Notice: Array to string conversion in %s on line %d string(1) "A" diff --git a/Zend/tests/isset_str_offset.phpt b/Zend/tests/isset_str_offset.phpt new file mode 100644 index 0000000000..66b025ccec --- /dev/null +++ b/Zend/tests/isset_str_offset.phpt @@ -0,0 +1,91 @@ +--TEST-- +Testing isset with string offsets +--FILE-- + +--EXPECTF-- +- isset --- +bool(false) +bool(true) +bool(true) +bool(true) +bool(true) +bool(false) +bool(false) +- string --- +bool(false) +bool(true) +bool(true) +bool(true) +bool(false) +bool(false) + +Notice: A non well formed numeric value encountered in %s line %d +bool(true) +- bool --- +bool(true) +bool(true) +bool(false) +- null --- +bool(true) +- double --- +bool(false) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(false) +- array --- +bool(false) +bool(false) +- object --- +bool(false) +- resource --- +bool(false) +done diff --git a/Zend/tests/offset_assign.phpt b/Zend/tests/offset_assign.phpt index eebf63c4f3..721516f53c 100644 --- a/Zend/tests/offset_assign.phpt +++ b/Zend/tests/offset_assign.phpt @@ -8,4 +8,6 @@ $x['x']['y'] += 1; echo "Done\n"; ?> --EXPECTF-- -Fatal error: Cannot use string offset as an array in %s on line %d +Warning: Illegal string offset 'x' in %soffset_assign.php on line %d + +Fatal error: Cannot use string offset as an array in %soffset_assign.php on line %d diff --git a/Zend/tests/offset_string.phpt b/Zend/tests/offset_string.phpt index 63d8abe8dd..128350158e 100644 --- a/Zend/tests/offset_string.phpt +++ b/Zend/tests/offset_string.phpt @@ -9,6 +9,9 @@ var_dump($str[1]); var_dump($str[0.0836]); var_dump($str[NULL]); var_dump($str["run away"]); +var_dump($str["13"]); +var_dump($str["14.5"]); +var_dump($str["15 and then some"]); var_dump($str[TRUE]); var_dump($str[FALSE]); @@ -26,10 +29,27 @@ echo "Done\n"; ?> --EXPECTF-- string(1) "i" + +Notice: String offset cast occured in %s on line %d string(1) "S" + +Notice: String offset cast occured in %s on line %d string(1) "S" + +Warning: Illegal string offset 'run away' in %s on line %d string(1) "S" +string(1) "c" + +Warning: Illegal string offset '14.5' in %s on line %d +string(1) "o" + +Notice: A non well formed numeric value encountered in %s on line %d +string(1) "r" + +Notice: String offset cast occured in %s on line %d string(1) "i" + +Notice: String offset cast occured in %s on line %d string(1) "S" Warning: Illegal offset type in %s on line %d @@ -42,4 +62,4 @@ string(1) "%s" Warning: Illegal offset type in %s on line %d string(1) "i" -Done +Done \ No newline at end of file diff --git a/Zend/tests/result_unused.phpt b/Zend/tests/result_unused.phpt index ed8502ce34..0db744d089 100644 --- a/Zend/tests/result_unused.phpt +++ b/Zend/tests/result_unused.phpt @@ -24,6 +24,6 @@ $x->prop; $x->y; echo "ok\n"; --EXPECTF-- -Notice: Uninitialized string offset: 3 in %sresult_unused.php on line 11 +Notice: Uninitialized string offset: 3 in %sresult_unused.php on line %d ok diff --git a/Zend/tests/str_offset_001.phpt b/Zend/tests/str_offset_001.phpt index 1ebea6e28f..8a6b91b49a 100644 --- a/Zend/tests/str_offset_001.phpt +++ b/Zend/tests/str_offset_001.phpt @@ -24,28 +24,28 @@ foo($str[1][0]); foo($str[2][1]); ?> --EXPECTF-- -Notice: Uninitialized string offset: -1 in %sstr_offset_001.php on line 7 +Notice: Uninitialized string offset: -1 in %sstr_offset_001.php on line %d string(0) "" string(1) "a" string(1) "b" string(1) "c" -Notice: Uninitialized string offset: 3 in %sstr_offset_001.php on line 11 +Notice: Uninitialized string offset: 3 in %sstr_offset_001.php on line %d string(0) "" string(1) "b" -Notice: Uninitialized string offset: 1 in %sstr_offset_001.php on line 13 +Notice: Uninitialized string offset: 1 in %sstr_offset_001.php on line %d string(0) "" -Notice: Uninitialized string offset: -1 in %sstr_offset_001.php on line 15 +Notice: Uninitialized string offset: -1 in %sstr_offset_001.php on line %d string(0) "" string(1) "a" string(1) "b" string(1) "c" -Notice: Uninitialized string offset: 3 in %sstr_offset_001.php on line 19 +Notice: Uninitialized string offset: 3 in %sstr_offset_001.php on line %d string(0) "" string(1) "b" -Notice: Uninitialized string offset: 1 in %sstr_offset_001.php on line 21 +Notice: Uninitialized string offset: 1 in %sstr_offset_001.php on line %d string(0) "" diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index e24a3dd6f2..3474ee43cd 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -1147,13 +1147,22 @@ convert_to_array: } if (Z_TYPE_P(dim) != IS_LONG) { + switch(Z_TYPE_P(dim)) { /* case IS_LONG: */ case IS_STRING: + if (IS_LONG == is_numeric_string(Z_STRVAL_P(dim), Z_STRLEN_P(dim), NULL, NULL, -1)) { + break; + } + if (type != BP_VAR_UNSET) { + zend_error(E_WARNING, "Illegal string offset '%s'", dim->value.str.val); + } + + break; case IS_DOUBLE: case IS_NULL: case IS_BOOL: - /* do nothing */ + zend_error(E_NOTICE, "String offset cast occured"); break; default: zend_error(E_WARNING, "Illegal offset type"); @@ -1265,10 +1274,19 @@ static void zend_fetch_dimension_address_read(temp_variable *result, zval **cont switch(Z_TYPE_P(dim)) { /* case IS_LONG: */ case IS_STRING: + if (IS_LONG == is_numeric_string(Z_STRVAL_P(dim), Z_STRLEN_P(dim), NULL, NULL, -1)) { + break; + } + if (type != BP_VAR_IS) { + zend_error(E_WARNING, "Illegal string offset '%s'", dim->value.str.val); + } + break; case IS_DOUBLE: case IS_NULL: case IS_BOOL: - /* do nothing */ + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "String offset cast occured"); + } break; default: zend_error(E_WARNING, "Illegal offset type"); diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index b47016d7f5..2c886bf24b 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -4507,10 +4507,17 @@ ZEND_VM_C_LABEL(num_index_prop): zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 59dd5080a5..8a0ef5b04b 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -14035,10 +14035,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -15941,10 +15948,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -18205,10 +18219,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -21119,10 +21140,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -22446,10 +22474,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -23596,10 +23631,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -24746,10 +24788,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -26162,10 +26211,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -29470,10 +29526,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -31250,10 +31313,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -33387,10 +33457,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { @@ -36038,10 +36115,17 @@ num_index_prop: zval tmp; if (Z_TYPE_P(offset) != IS_LONG) { + if (Z_TYPE_P(offset) <= IS_BOOL /* simple scalar types */ + || (Z_TYPE_P(offset) == IS_STRING /* or numeric string */ + && IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, -1))) { ZVAL_COPY_VALUE(&tmp, offset); zval_copy_ctor(&tmp); convert_to_long(&tmp); offset = &tmp; + } else { + /* can not be converted to proper offset, return "not set" */ + result = 0; + } } if (Z_TYPE_P(offset) == IS_LONG) { if (opline->extended_value & ZEND_ISSET) { -- cgit v1.2.1