Fixed bug #54265 (crash when variable gets reassigned in error handler)

2024-09-22 02:17:32 +00:00 · 2011-03-16 15:21:38 +00:00 · 2011-03-16 15:21:38 +00:00 · b60e4fe4f0
commit b60e4fe4f0
parent 34846cff4d
2 changed files with 31 additions and 2 deletions
--- a/Zend/tests/bug54265.phpt
+++ b/Zend/tests/bug54265.phpt
@ -0,0 +1,17 @@
 --TEST--
 Bug #54265 (crash when variable gets reassigned in error handler)
 --FILE--
 <?php
 function my_errorhandler($errno,$errormsg) {
  global $my_var;
  $my_var = 0;
  echo "EROOR: $errormsg\n";
 }
 set_error_handler("my_errorhandler");
 $my_var = str_repeat("A",$my_var[0]->errormsg = "xyz");
 echo "ok\n";
 ?>
 --EXPECT--
 EROOR: Creating default object from empty value
 ok
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@ -657,10 +657,22 @@ static inline void zend_assign_to_object(zval **retval, zval **object_ptr, zval
 		    (Z_TYPE_P(object) == IS_BOOL && Z_LVAL_P(object) == 0) ||
 		    (Z_TYPE_P(object) == IS_STRING && Z_STRLEN_P(object) == 0)) {
 			SEPARATE_ZVAL_IF_NOT_REF(object_ptr);
 			zval_dtor(*object_ptr);
 			object_init(*object_ptr);
 			object = *object_ptr;
 			Z_ADDREF_P(object);
 			zend_error(E_WARNING, "Creating default object from empty value");
 			if (Z_REFCOUNT_P(object) == 1) {
 				/* object was removed by error handler, nothing to assign to */
 				zval_ptr_dtor(&object);
 				if (retval) {
 					*retval = &EG(uninitialized_zval);
 					PZVAL_LOCK(*retval);
 				}
 				FREE_OP(free_value);
 				return;
 			}
 			Z_DELREF_P(object);
 			zval_dtor(object);
 			object_init(object);
 		} else {
 			zend_error(E_WARNING, "Attempt to assign property of non-object");
 			if (retval) {