diff options
| author | Xinchen Hui <laruence@php.net> | 2015-06-18 22:28:29 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2015-06-18 22:28:29 +0800 |
| commit | 20f34166829a6f6c4b4f5f05b10ca296e3742f1c (patch) | |
| tree | 0d5d61ddb7f7f053749ec4cd3252b83004cabfd7 | |
| parent | 7cde797ecba14f4524946009be1b2c0846b65723 (diff) | |
| download | php-git-20f34166829a6f6c4b4f5f05b10ca296e3742f1c.tar.gz | |
Fixed bug #69872 (uninitialised value in strtr with array)
| -rw-r--r-- | ext/standard/string.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index 9bf3b4c61f..c11dae61bf 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -2988,7 +2988,7 @@ static void php_strtr_array(zval *return_value, zend_string *input, HashTable *p size_t minlen = 128*1024; size_t maxlen = 0; HashTable str_hash; - zval *entry, tmp, dummy; + zval *entry, dummy; char *key; smart_str result = {0}; zend_ulong bitset[256/sizeof(zend_ulong)]; @@ -3024,17 +3024,15 @@ static void php_strtr_array(zval *return_value, zend_string *input, HashTable *p } ZEND_HASH_FOREACH_END(); if (UNEXPECTED(num_keys)) { + zend_string *key_used; /* we have to rebuild HashTable with numeric keys */ zend_hash_init(&str_hash, zend_hash_num_elements(pats), NULL, NULL, 0); ZEND_HASH_FOREACH_KEY_VAL(pats, num_key, str_key, entry) { if (UNEXPECTED(!str_key)) { - ZVAL_LONG(&tmp, num_key); - convert_to_string(&tmp); - str_key = Z_STR(tmp); - len = str_key->len; + key_used = zend_long_to_str(num_key); + len = key_used->len; if (UNEXPECTED(len > slen)) { /* skip long patterns */ - zval_dtor(&tmp); continue; } if (len > maxlen) { @@ -3045,17 +3043,18 @@ static void php_strtr_array(zval *return_value, zend_string *input, HashTable *p } /* remember possible key length */ num_bitset[len / sizeof(zend_ulong)] |= Z_UL(1) << (len % sizeof(zend_ulong)); - bitset[((unsigned char)str_key->val[0]) / sizeof(zend_ulong)] |= Z_UL(1) << (((unsigned char)str_key->val[0]) % sizeof(zend_ulong)); + bitset[((unsigned char)key_used->val[0]) / sizeof(zend_ulong)] |= Z_UL(1) << (((unsigned char)key_used->val[0]) % sizeof(zend_ulong)); } else { - len = str_key->len; + key_used = str_key; + len = key_used->len; if (UNEXPECTED(len > slen)) { /* skip long patterns */ continue; } } - zend_hash_add(&str_hash, str_key, entry); - if (str_key == Z_STR(tmp)) { - zval_dtor(&tmp); + zend_hash_add(&str_hash, key_used, entry); + if (UNEXPECTED(!str_key)) { + zend_string_release(key_used); } } ZEND_HASH_FOREACH_END(); pats = &str_hash; |