clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-23 02:47:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix #41970 (call_user_func_*() leaks on failure)

Browse Source
This commit is contained in:
Antony Dovgal 2007-07-12 09:19:04 +00:00
parent 79f68fd828
commit 86c819cede
2 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ext/standard/basic_functions.c
View File

@ -5032,7 +5032,7 @@ PHP_FUNCTION(error_get_last)
Call a user function which is the first parameter */
PHP_FUNCTION(call_user_func)
{
zval *retval_ptr = return_value;
zval *retval_ptr = NULL;
zend_fcall_info fci;
zend_fcall_info_cache fci_cache;
@ -5040,13 +5040,12 @@ PHP_FUNCTION(call_user_func)
return;
}
fci.retval_ptr_ptr = return_value_ptr;
fci.retval_ptr_ptr = &retval_ptr;
if (zend_call_function(&fci, &fci_cache TSRMLS_CC) == SUCCESS) {
zval_ptr_dtor(&retval_ptr);
}
if (!*return_value_ptr) {
ALLOC_INIT_ZVAL(*return_value_ptr);
*return_value = **fci.retval_ptr_ptr;
zval_copy_ctor(return_value);
zval_ptr_dtor(fci.retval_ptr_ptr);
}
if (fci.params) {
@ -5059,7 +5058,7 @@ PHP_FUNCTION(call_user_func)
Call a user function which is the first parameter with the arguments contained in array */
PHP_FUNCTION(call_user_func_array)
{
zval *params, *retval_ptr = return_value;
zval *params, *retval_ptr = NULL;
zend_fcall_info fci;
zend_fcall_info_cache fci_cache;
@ -5067,15 +5066,13 @@ PHP_FUNCTION(call_user_func_array)
return;
}
fci.retval_ptr_ptr = return_value_ptr;
zend_fcall_info_args(&fci, params TSRMLS_CC);
fci.retval_ptr_ptr = &retval_ptr;
if (zend_call_function(&fci, &fci_cache TSRMLS_CC) == SUCCESS) {
zval_ptr_dtor(&retval_ptr);
}
if (!*return_value_ptr) {
ALLOC_INIT_ZVAL(*return_value_ptr);
*return_value = **fci.retval_ptr_ptr;
zval_copy_ctor(return_value);
zval_ptr_dtor(fci.retval_ptr_ptr);
}
zend_fcall_info_args_clear(&fci, 1);

24
ext/standard/tests/general_functions/bug41970.phpt Normal file
View File

@ -0,0 +1,24 @@
--TEST--
Bug #41970 (call_user_func_*() leaks on failure)
--FILE--
<?php
$a = array(4,3,2);
var_dump(call_user_func_array("sort", array($a)));
var_dump(call_user_func_array("strlen", array($a)));
var_dump(call_user_func("sort", $a));
var_dump(call_user_func("strlen", $a));
echo "Done\n";
?>
--EXPECTF--
NULL
Notice: Array to string conversion in %s on line %d
int(5)
NULL
Notice: Array to string conversion in %s on line %d
int(5)
Done