tony2001 Wed Nov 23 06:15:11 2005 EDT
Added files: (Branch: PHP_5_1)
/php-src/ext/pdo_sqlite/tests bug35336.phpt
Modified files:
/php-src NEWS
/ZendEngine2 zend_API.c
Log:
fix #35336 (crash on PDO::FETCH_CLASS + __set())
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.2027.2.216&r2=1.2027.2.217&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.216 php-src/NEWS:1.2027.2.217
--- php-src/NEWS:1.2027.2.216 Wed Nov 23 04:26:42 2005
+++ php-src/NEWS Wed Nov 23 06:15:08 2005
@@ -3,6 +3,7 @@
?? Nov 2005, PHP 5.1
- Fixed bug #35342 (isset(DOMNodeList->length) returns false). (Rob)
- Fixed bug #35341 (Fix for bug #33760 breaks build with older curl). (Tony)
+- Fixed bug #35336 (crash on PDO::FETCH_CLASS + __set()). (Tony)
- Fixed bug #35303 (PDO prepare() crashes with invalid parameters). (Ilia)
- Fixed bug #35293 (PDO segfaults when using persistent connections). (Tony)
- Fixed bug #35278 (Multiple virtual() calls crash Apache 2 php module). (Ilia)
http://cvs.php.net/diff.php/ZendEngine2/zend_API.c?r1=1.296.2.10&r2=1.296.2.11&ty=u
Index: ZendEngine2/zend_API.c
diff -u ZendEngine2/zend_API.c:1.296.2.10 ZendEngine2/zend_API.c:1.296.2.11
--- ZendEngine2/zend_API.c:1.296.2.10 Wed Nov 16 19:19:23 2005
+++ ZendEngine2/zend_API.c Wed Nov 23 06:15:10 2005
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: zend_API.c,v 1.296.2.10 2005/11/17 00:19:23 iliaa Exp $ */
+/* $Id: zend_API.c,v 1.296.2.11 2005/11/23 11:15:10 tony2001 Exp $ */
#include "zend.h"
#include "zend_execute.h"
@@ -723,11 +723,13 @@
if (hash_key->nKeyLength) {
zval *obj = va_arg(args, zval *);
zend_object_handlers *obj_ht = va_arg(args,
zend_object_handlers *);
- zval member;
+ zval *member;
TSRMLS_FETCH();
- ZVAL_STRINGL(&member, hash_key->arKey, hash_key->nKeyLength-1,
0);
- obj_ht->write_property(obj, &member, *value TSRMLS_CC);
+ MAKE_STD_ZVAL(member);
+ ZVAL_STRINGL(member, hash_key->arKey, hash_key->nKeyLength-1,
1);
+ obj_ht->write_property(obj, member, *value TSRMLS_CC);
+ zval_ptr_dtor(&member);
}
return ZEND_HASH_APPLY_KEEP;
}
@@ -791,7 +793,7 @@
ALLOC_ZVAL(q);
*q = **p;
- INIT_PZVAL(q)
+ INIT_PZVAL(q);
zval_copy_ctor(q);
zend_hash_add(class_type->static_members, str_index, str_length, (void**)&q,
sizeof(zval*), NULL);
}
@@ -1169,58 +1171,68 @@
ZEND_API int add_property_long_ex(zval *arg, char *key, uint key_len, long n
TSRMLS_DC)
{
zval *tmp;
- zval z_key;
+ zval *z_key;
MAKE_STD_ZVAL(tmp);
ZVAL_LONG(tmp, n);
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
+
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, tmp TSRMLS_CC);
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, tmp TSRMLS_CC);
zval_ptr_dtor(&tmp); /* write_property will add 1 to refcount */
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
ZEND_API int add_property_bool_ex(zval *arg, char *key, uint key_len, int b
TSRMLS_DC)
{
zval *tmp;
- zval z_key;
+ zval *z_key;
MAKE_STD_ZVAL(tmp);
ZVAL_BOOL(tmp, b);
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, tmp TSRMLS_CC);
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, tmp TSRMLS_CC);
zval_ptr_dtor(&tmp); /* write_property will add 1 to refcount */
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
ZEND_API int add_property_null_ex(zval *arg, char *key, uint key_len TSRMLS_DC)
{
zval *tmp;
- zval z_key;
+ zval *z_key;
MAKE_STD_ZVAL(tmp);
ZVAL_NULL(tmp);
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, tmp TSRMLS_CC);
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, tmp TSRMLS_CC);
zval_ptr_dtor(&tmp); /* write_property will add 1 to refcount */
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
ZEND_API int add_property_resource_ex(zval *arg, char *key, uint key_len, long
n TSRMLS_DC)
{
zval *tmp;
- zval z_key;
+ zval *z_key;
MAKE_STD_ZVAL(tmp);
ZVAL_RESOURCE(tmp, n);
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, tmp TSRMLS_CC);
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
+
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, tmp TSRMLS_CC);
zval_ptr_dtor(&tmp); /* write_property will add 1 to refcount */
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
@@ -1228,14 +1240,17 @@
ZEND_API int add_property_double_ex(zval *arg, char *key, uint key_len, double
d TSRMLS_DC)
{
zval *tmp;
- zval z_key;
+ zval *z_key;
MAKE_STD_ZVAL(tmp);
ZVAL_DOUBLE(tmp, d);
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
+
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, tmp TSRMLS_CC);
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, tmp TSRMLS_CC);
zval_ptr_dtor(&tmp); /* write_property will add 1 to refcount */
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
@@ -1243,40 +1258,46 @@
ZEND_API int add_property_string_ex(zval *arg, char *key, uint key_len, char
*str, int duplicate TSRMLS_DC)
{
zval *tmp;
- zval z_key;
+ zval *z_key;
MAKE_STD_ZVAL(tmp);
ZVAL_STRING(tmp, str, duplicate);
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, tmp TSRMLS_CC);
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, tmp TSRMLS_CC);
zval_ptr_dtor(&tmp); /* write_property will add 1 to refcount */
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
ZEND_API int add_property_stringl_ex(zval *arg, char *key, uint key_len, char
*str, uint length, int duplicate TSRMLS_DC)
{
zval *tmp;
- zval z_key;
+ zval *z_key;
MAKE_STD_ZVAL(tmp);
ZVAL_STRINGL(tmp, str, length, duplicate);
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, tmp TSRMLS_CC);
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, tmp TSRMLS_CC);
zval_ptr_dtor(&tmp); /* write_property will add 1 to refcount */
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
ZEND_API int add_property_zval_ex(zval *arg, char *key, uint key_len, zval
*value TSRMLS_DC)
{
- zval z_key;
+ zval *z_key;
- ZVAL_STRINGL(&z_key, key, key_len-1, 0);
+ MAKE_STD_ZVAL(z_key);
+ ZVAL_STRINGL(z_key, key, key_len-1, 1);
- Z_OBJ_HANDLER_P(arg, write_property)(arg, &z_key, value TSRMLS_CC);
+ Z_OBJ_HANDLER_P(arg, write_property)(arg, z_key, value TSRMLS_CC);
+ zval_ptr_dtor(&z_key);
return SUCCESS;
}
@@ -2402,7 +2423,7 @@
ZEND_API void zend_update_property(zend_class_entry *scope, zval *object, char
*name, int name_length, zval *value TSRMLS_DC)
{
- zval property;
+ zval *property;
zend_class_entry *old_scope = EG(scope);
EG(scope) = scope;
@@ -2415,8 +2436,10 @@
zend_error(E_CORE_ERROR, "Property %s of class %s cannot be
updated", name, class_name);
}
- ZVAL_STRINGL(&property, name, name_length, 0);
- Z_OBJ_HT_P(object)->write_property(object, &property, value TSRMLS_CC);
+ MAKE_STD_ZVAL(property);
+ ZVAL_STRINGL(property, name, name_length, 1);
+ Z_OBJ_HT_P(object)->write_property(object, property, value TSRMLS_CC);
+ zval_ptr_dtor(&property);
EG(scope) = old_scope;
}
http://cvs.php.net/co.php/php-src/ext/pdo_sqlite/tests/bug35336.phpt?r=1.1&p=1
Index: php-src/ext/pdo_sqlite/tests/bug35336.phpt
+++ php-src/ext/pdo_sqlite/tests/bug35336.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
