clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 18:37:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed segfault (invalid free handling)

Browse Source
This commit is contained in:
Xinchen Hui 2014-03-16 22:05:38 +08:00
parent 5ec42e9dec
commit b78bbe93ca
2 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ext/spl/spl_directory.c
View File

@ -123,9 +123,9 @@ static void spl_filesystem_object_free_storage(zend_object *object TSRMLS_DC) /*
break;
}
//???if (intern->it) {
//zend_iterator_dtor(intern->it TSRMLS_CC);
//}
if (intern->it) {
//????zend_iterator_dtor(&intern->it->intern);
}
efree(intern);
} /* }}} */
@ -1661,7 +1661,7 @@ static void spl_filesystem_dir_it_dtor(zend_object_iterator *iter TSRMLS_DC)
zval *object = &iterator->intern.data;
zval_ptr_dtor(object);
}
efree(iter);
efree(iterator);
/* Otherwise we were called from the owning object free storage handler as
* it sets
* iterator->intern.data to NULL.
@ -1738,6 +1738,7 @@ static void spl_filesystem_tree_it_dtor(zend_object_iterator *iter TSRMLS_DC)
ZVAL_UNDEF(&iterator->current);
}
}
efree(iter);
}
/* }}} */
@ -2983,8 +2984,8 @@ PHP_MINIT_FUNCTION(spl_directory)
{
REGISTER_SPL_STD_CLASS_EX(SplFileInfo, spl_filesystem_object_new, spl_SplFileInfo_functions);
memcpy(&spl_filesystem_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
spl_filesystem_object_handlers.clone_obj = spl_filesystem_object_clone;
spl_filesystem_object_handlers.cast_object = spl_filesystem_object_cast;
spl_filesystem_object_handlers.clone_obj = spl_filesystem_object_clone;
spl_filesystem_object_handlers.cast_object = spl_filesystem_object_cast;
spl_filesystem_object_handlers.get_debug_info = spl_filesystem_object_get_debug_info;
spl_filesystem_object_handlers.dtor_obj = zend_objects_destroy_object;
spl_filesystem_object_handlers.free_obj = spl_filesystem_object_free_storage;

4
ext/spl/spl_directory.h
View File

@ -114,10 +114,6 @@ static inline spl_filesystem_object *spl_filesystem_from_obj(zend_object *obj) /
static inline spl_filesystem_iterator* spl_filesystem_object_to_iterator(spl_filesystem_object *obj TSRMLS_DC)
{
if (obj->it) {
zend_iterator_dtor(&obj->it->intern TSRMLS_CC);
}
obj->it = ecalloc(1, sizeof(spl_filesystem_iterator));
obj->it->object = (void *)obj;
zend_iterator_init(&obj->it->intern TSRMLS_CC);