54 lines
1.5 KiB
Diff
54 lines
1.5 KiB
Diff
From 46f9fed0d8e4ca5264abd2da94105925024ede14 Mon Sep 17 00:00:00 2001
|
|
From: Nikita Popov <nikita.ppv@gmail.com>
|
|
Date: Thu, 15 Apr 2021 13:04:47 +0200
|
|
Subject: [PATCH] Handle ref return from Iterator::key()
|
|
|
|
Handle this in the implementation of get_current_key of user_it,
|
|
so that the callers may assume that the key is not a reference.
|
|
|
|
Fixes oss-fuzz #33018.
|
|
---
|
|
Zend/tests/iterator_key_by_ref.phpt | 15 +++++++++++++++
|
|
Zend/zend_interfaces.c | 3 +++
|
|
2 files changed, 18 insertions(+)
|
|
create mode 100644 Zend/tests/iterator_key_by_ref.phpt
|
|
|
|
diff --git a/Zend/tests/iterator_key_by_ref.phpt b/Zend/tests/iterator_key_by_ref.phpt
|
|
new file mode 100644
|
|
index 0000000..3bd2bcf
|
|
--- /dev/null
|
|
+++ b/Zend/tests/iterator_key_by_ref.phpt
|
|
@@ -0,0 +1,15 @@
|
|
+--TEST--
|
|
+Iterator::key() with by-ref return
|
|
+--FILE--
|
|
+<?php
|
|
+class Test extends ArrayIterator {
|
|
+ function &key() {
|
|
+ return $foo;
|
|
+ }
|
|
+}
|
|
+foreach (new Test([0]) as $k => $v) {
|
|
+ var_dump($k);
|
|
+}
|
|
+?>
|
|
+--EXPECT--
|
|
+NULL
|
|
diff --git a/Zend/zend_interfaces.c b/Zend/zend_interfaces.c
|
|
index 0d5af66..51b7717 100644
|
|
--- a/Zend/zend_interfaces.c
|
|
+++ b/Zend/zend_interfaces.c
|
|
@@ -154,6 +154,9 @@ ZEND_API void zend_user_it_get_current_key(zend_object_iterator *_iter, zval *ke
|
|
zend_user_iterator *iter = (zend_user_iterator*)_iter;
|
|
zval *object = &iter->it.data;
|
|
zend_call_method_with_0_params(Z_OBJ_P(object), iter->ce, &iter->ce->iterator_funcs_ptr->zf_key, "key", key);
|
|
+ if (UNEXPECTED(Z_ISREF_P(key))) {
|
|
+ zend_unwrap_reference(key);
|
|
+ }
|
|
}
|
|
/* }}} */
|
|
|
|
--
|
|
1.8.3.1
|
|
|