From 2f62602c03c08c9d6c83f0ec8755d480eb9af900 Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Mon, 19 Dec 2011 16:48:18 +0000
Subject: Fixed bug #60558 (Invalid read and writes) Re-Fixed bug #60536
 (Traits Segfault) #Thanks to tony2001, I found the previous fix -r321089 is
 actually not a correct one. #The key problem there is because the traits
 didn't correct set the property_info.offset #for private properties. so here
 come the new fix.

---
 Zend/zend_object_handlers.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'Zend/zend_object_handlers.c')

diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index d524c23faa..b14c15795b 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -62,7 +62,6 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
 		ALLOC_HASHTABLE(zobj->properties);
 		zend_hash_init(zobj->properties, 0, NULL, ZVAL_PTR_DTOR, 0);
 		if (ce->default_properties_count) {
-			char *flags = ecalloc(ce->default_properties_count, sizeof(char));
 			for (zend_hash_internal_pointer_reset_ex(&ce->properties_info, &pos);
 			     zend_hash_get_current_data_ex(&ce->properties_info, (void**)&prop_info, &pos) == SUCCESS;
 			     zend_hash_move_forward_ex(&ce->properties_info, &pos)) {
@@ -71,7 +70,6 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
 				    prop_info->offset >= 0 &&
 				    zobj->properties_table[prop_info->offset]) {
 					zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
-					flags[prop_info->offset] = 1;
 				}				
 			}
 			while (ce->parent && ce->parent->default_properties_count) {
@@ -84,15 +82,10 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
 					    (prop_info->flags & ZEND_ACC_PRIVATE) != 0 && 
 					    prop_info->offset >= 0 &&
 						zobj->properties_table[prop_info->offset]) {
-						if (UNEXPECTED(flags[prop_info->offset])) {
-							zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
-						} else {
-							zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
-						}
+						zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
 					}				
 				}
 			}
-			efree(flags);
 		}
 	}
 }
-- 
cgit v1.2.1