php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array

Browse Source 
Fixes GH-19839
Closes GH-19851
This commit is contained in:
Ilija Tovilo
2025-09-15 22:07:38 +02:00
parent 4ad4d54873
commit f045716288
3 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -10,6 +10,8 @@ PHP NEWS
exception are triggered). (nielsdos)
. Fixed bug GH-19653 (Closure named argument unpacking between temporary
closures can cause a crash). (nielsdos, Arnaud, Bob)
. Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland
array). (ilutov)
- Date:
. Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.

18
Zend/tests/gh19839.phpt Normal file
View File

@@ -0,0 +1,18 @@
--TEST--
GH-19839: Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array
--FILE--
<?php
const X = 'x';
$x = null;
unset(${X});
$a = $GLOBALS;
sort($a);
serialize($a);
?>
===DONE===
--EXPECT--
===DONE===

5
Zend/zend_hash.c
View File

@@ -2466,6 +2466,7 @@ ZEND_API HashTable* ZEND_FASTCALL zend_array_dup(HashTable *source)
target->nTableSize = HT_MIN_SIZE;
HT_SET_DATA_ADDR(target, &uninitialized_bucket);
} else if (GC_FLAGS(source) & IS_ARRAY_IMMUTABLE) {
ZEND_ASSERT(!(HT_FLAGS(source) & HASH_FLAG_HAS_EMPTY_IND));
HT_FLAGS(target) = HT_FLAGS(source) & HASH_FLAG_MASK;
target->nTableMask = source->nTableMask;
target->nNumUsed = source->nNumUsed;
@@ -2482,6 +2483,7 @@ ZEND_API HashTable* ZEND_FASTCALL zend_array_dup(HashTable *source)
memcpy(HT_GET_DATA_ADDR(target), HT_GET_DATA_ADDR(source), HT_USED_SIZE(source));
}
} else if (HT_IS_PACKED(source)) {
ZEND_ASSERT(!(HT_FLAGS(source) & HASH_FLAG_HAS_EMPTY_IND));
HT_FLAGS(target) = HT_FLAGS(source) & HASH_FLAG_MASK;
target->nTableMask = HT_MIN_MASK;
target->nNumUsed = source->nNumUsed;
@@ -2501,7 +2503,8 @@ ZEND_API HashTable* ZEND_FASTCALL zend_array_dup(HashTable *source)
zend_array_dup_packed_elements(source, target, 1);
}
} else {
HT_FLAGS(target) = HT_FLAGS(source) & HASH_FLAG_MASK;
/* Indirects are removed during duplication, remove HASH_FLAG_HAS_EMPTY_IND accordingly. */
HT_FLAGS(target) = HT_FLAGS(source) & (HASH_FLAG_MASK & ~HASH_FLAG_HAS_EMPTY_IND);
target->nTableMask = source->nTableMask;
target->nNextFreeElement = source->nNextFreeElement;
target->nInternalPointer =