Skip to content

Commit e6ae1bf

Browse files
committed
Check dual_it validity in CallbackFilterIterator::accept()
Avoid accessing intern->u.cbfilter null pointer, though it's harmless here.
1 parent f90c735 commit e6ae1bf

File tree

1 file changed

+6
-8
lines changed

1 file changed

+6
-8
lines changed

ext/spl/spl_iterators.c

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1767,34 +1767,32 @@ PHP_METHOD(RegexIterator, __construct)
17671767
/* {{{ Calls the callback with the current value, the current key and the inner iterator as arguments */
17681768
PHP_METHOD(CallbackFilterIterator, accept)
17691769
{
1770-
spl_dual_it_object *intern = Z_SPLDUAL_IT_P(ZEND_THIS);
1771-
zend_fcall_info *fci = &intern->u.cbfilter->fci;
1772-
zend_fcall_info_cache *fcc = &intern->u.cbfilter->fcc;
1773-
zval params[3];
1770+
spl_dual_it_object *intern = Z_SPLDUAL_IT_P(ZEND_THIS);
17741771

17751772
if (zend_parse_parameters_none() == FAILURE) {
17761773
RETURN_THROWS();
17771774
}
17781775

1776+
SPL_FETCH_AND_CHECK_DUAL_IT(intern, ZEND_THIS);
1777+
17791778
if (Z_TYPE(intern->current.data) == IS_UNDEF || Z_TYPE(intern->current.key) == IS_UNDEF) {
17801779
RETURN_FALSE;
17811780
}
17821781

1782+
zval params[3];
17831783
ZVAL_COPY_VALUE(&params[0], &intern->current.data);
17841784
ZVAL_COPY_VALUE(&params[1], &intern->current.key);
17851785
ZVAL_COPY_VALUE(&params[2], &intern->inner.zobject);
17861786

1787+
zend_fcall_info *fci = &intern->u.cbfilter->fci;
1788+
zend_fcall_info_cache *fcc = &intern->u.cbfilter->fcc;
17871789
fci->retval = return_value;
17881790
fci->param_count = 3;
17891791
fci->params = params;
17901792

17911793
if (zend_call_function(fci, fcc) != SUCCESS || Z_ISUNDEF_P(return_value)) {
17921794
RETURN_FALSE;
17931795
}
1794-
1795-
if (EG(exception)) {
1796-
RETURN_THROWS();
1797-
}
17981796
}
17991797
/* }}} */
18001798

0 commit comments

Comments
 (0)