- Fixed a possible interruption array leak in trim()

author: Felipe Pena <felipe@php.net> 2010-07-02 00:33:42 +0000
committer: Felipe Pena <felipe@php.net> 2010-07-02 00:33:42 +0000
commit: d71b9d508e433ca127ceea3998399d910eae8a13 (patch)
tree: b995f85674a1a08c875e41e0f2ea29a11da1ac74
parent: 22dcb6114f7eae0465fa94ed9c83b839eff44d37 (diff)
download: php-git-d71b9d508e433ca127ceea3998399d910eae8a13.tar.gz
2 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 50560d3656..f2abbbe596 100644
--- a/NEWS
+++ b/NEWS
@@ -6,7 +6,7 @@ PHP                                                                        NEWS
 - Fixed a possible interruption array leak in strrchr(). Reported by
   Péter Veres. (Felipe)
 - Fixed a possible interruption array leak in strchr(), strstr(), substr(), 
-  chunk_split(), strtok(), addcslashes(), str_repeat(). (Felipe)
+  chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
 - Fixed a possible memory corruption in substr_replace() (Dmitry)
 - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
 
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 47b1610e28..4ebebacf21 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -774,6 +774,9 @@ static void php_do_trim(INTERNAL_FUNCTION_PARAMETERS, int mode)
 		WRONG_PARAM_COUNT;
 	}
 
+	if (PZVAL_IS_REF(*str)) {
+		SEPARATE_ZVAL(str);
+	}
 	convert_to_string_ex(str);
 
 	if (argc > 1) {
author	Felipe Pena <felipe@php.net>	2010-07-02 00:33:42 +0000
committer	Felipe Pena <felipe@php.net>	2010-07-02 00:33:42 +0000
commit	d71b9d508e433ca127ceea3998399d910eae8a13 (patch)
tree	b995f85674a1a08c875e41e0f2ea29a11da1ac74
parent	22dcb6114f7eae0465fa94ed9c83b839eff44d37 (diff)
download	php-git-d71b9d508e433ca127ceea3998399d910eae8a13.tar.gz