From fda8d2fe687033ebc9ee2d8b1379fb05da102824 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 2 Mar 2012 03:40:40 +0000 Subject: [PATCH] MFH: Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX) --- NEWS | 4 ++++ ext/standard/array.c | 11 ++++++++--- ext/standard/tests/array/bug61058.phpt | 8 ++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 ext/standard/tests/array/bug61058.phpt diff --git a/NEWS b/NEWS index c845cef5057..5048bc880c2 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,10 @@ PHP NEWS . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) +- Array: + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). + (Laruence) + 01 Mar 2012, PHP 5.4.0 - Installation: diff --git a/ext/standard/array.c b/ext/standard/array.c index 764697c8b77..7af2f44b605 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -1563,12 +1563,17 @@ PHP_FUNCTION(array_fill) array_init_size(return_value, num); num--; - zval_add_ref(&val); zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, &val, sizeof(zval *), NULL); + zval_add_ref(&val); while (num--) { - zval_add_ref(&val); - zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL); + if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL) == SUCCESS) { + zval_add_ref(&val); + } else { + zval_dtor(return_value); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot add element to the array as the next element is already occupied"); + RETURN_FALSE; + } } } /* }}} */ diff --git a/ext/standard/tests/array/bug61058.phpt b/ext/standard/tests/array/bug61058.phpt new file mode 100644 index 00000000000..1f0f6fe630d --- /dev/null +++ b/ext/standard/tests/array/bug61058.phpt @@ -0,0 +1,8 @@ +--TEST-- +Bug #61058 (array_fill leaks if start index is PHP_INT_MAX) +--FILE-- + +--EXPECTF-- +Warning: array_fill(): Cannot add element to the array as the next element is already occupied in %sbug61058.php on line %d