Attached is a suggested fix for bug #22592, which has finally come out of
a successful long-hour-introspection with zend_execute.c.
Although the patch actually does somewhat hackish things and should
appear to be invalid, I believe it's the right one.
Moriyoshi
Index: Zend/zend_execute.c
===================================================================
RCS file: /repository/ZendEngine2/zend_execute.c,v
retrieving revision 1.445
diff -u -r1.445 zend_execute.c
--- Zend/zend_execute.c 11 Mar 2003 23:19:45 -0000 1.445
+++ Zend/zend_execute.c 15 Mar 2003 23:28:51 -0000
@@ -441,7 +441,7 @@
break;
}
if (T->EA.data.str_offset.offset >=
T->EA.data.str_offset.str->value.str.len) {
- zend_uint i;
+ int i;
if
(T->EA.data.str_offset.str->value.str.len==0) {
STR_FREE(T->EA.data.str_offset.str->value.str.val);
@@ -467,37 +467,25 @@
T->EA.data.str_offset.str->value.str.val[T->EA.data.str_offset.offset] =
final_value->value.str.val[0];
- if (op2) {
- if (op2->op_type == IS_VAR) {
- if (value ==
&T(op2->u.var).tmp_var) {
-
STR_FREE(value->value.str.val);
- }
- } else {
- if (final_value ==
&T(op2->u.var).tmp_var) {
- /* we can
safely free final_value here
- * because
separation is done only
- * in case
op2->op_type == IS_VAR */
-
STR_FREE(final_value->value.str.val);
- }
- }
- }
if (final_value == &tmp) {
zval_dtor(final_value);
}
- /*
- * the value of an assignment to a
string offset is undefined
- T(result->u.var).var =
&T->EA.data.str_offset.str;
- */
} while (0);
- /* zval_ptr_dtor(&T->EA.data.str_offset.str);
Nuke this line if it doesn't cause a leak */
- T->tmp_var.type = IS_STRING;
}
break;
EMPTY_SWITCH_DEFAULT_CASE()
}
- T(result->u.var).var.ptr_ptr = &EG(uninitialized_zval_ptr);
- SELECTIVE_PZVAL_LOCK(*T(result->u.var).var.ptr_ptr, result);
+
+ if (type == IS_TMP_VAR) {
+ memcpy(T(result->u.var).var.tmp_str, value->value.str.val, 2);
+ STR_FREE(value->value.str.val);
+ value->value.str.val = T(result->u.var).var.tmp_str;
+ value->value.str.len = 1;
+ }
+ T(result->u.var).var.ptr_ptr = &value;
+ SELECTIVE_PZVAL_LOCK(value, result);
AI_USE_PTR(T(result->u.var).var);
+
return;
}
Index: Zend/zend_execute.h
===================================================================
RCS file: /repository/ZendEngine2/zend_execute.h,v
retrieving revision 1.52
diff -u -r1.52 zend_execute.h
--- Zend/zend_execute.h 16 Feb 2003 11:12:42 -0000 1.52
+++ Zend/zend_execute.h 15 Mar 2003 23:28:51 -0000
@@ -32,6 +32,7 @@
struct {
zval **ptr_ptr;
zval *ptr;
+ char tmp_str[4];
} var;
struct {
zval tmp_var; /* a dummy */
@@ -39,7 +40,7 @@
union {
struct {
zval *str;
- zend_uint offset;
+ int offset;
} str_offset;
zend_property_reference overloaded_element;
} data;
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
