1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
From 8b55da74170b0c8686d2f2fa3d4e858f7785b6a2 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 12 Sep 2017 09:16:24 +0200
Subject: [PATCH] Fixed bug #75193 segfault in
collator_convert_object_to_string
---
ext/intl/collator/collator_sort.c | 8 ++++++--
ext/intl/tests/bug75193.phpt | 14 ++++++++++++++
2 files changed, 20 insertions(+), 2 deletions(-)
create mode 100644 ext/intl/tests/bug75193.phpt
diff --git a/ext/intl/collator/collator_sort.c b/ext/intl/collator/collator_sort.c
index 1ad42d3660f0..7e7bde671f6b 100644
--- a/ext/intl/collator/collator_sort.c
+++ b/ext/intl/collator/collator_sort.c
@@ -59,8 +59,12 @@ static int collator_regular_compare_function(zval *result, zval *op1, zval *op2)
zval norm1, norm2;
zval *num1_p = NULL, *num2_p = NULL;
zval *norm1_p = NULL, *norm2_p = NULL;
- zval* str1_p = collator_convert_object_to_string( op1, &str1 );
- zval* str2_p = collator_convert_object_to_string( op2, &str2 );
+ zval *str1_p, *str2_p;
+
+ ZVAL_NULL(&str1);
+ str1_p = collator_convert_object_to_string( op1, &str1 );
+ ZVAL_NULL(&str2);
+ str2_p = collator_convert_object_to_string( op2, &str2 );
/* If both args are strings AND either of args is not numeric string
* then use ICU-compare. Otherwise PHP-compare. */
diff --git a/ext/intl/tests/bug75193.phpt b/ext/intl/tests/bug75193.phpt
new file mode 100644
index 000000000000..d6c32dbe260a
--- /dev/null
+++ b/ext/intl/tests/bug75193.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #75193 segfault in collator_convert_object_to_string
+--SKIPIF--
+<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+--FILE--
+<?php
+$a = new \Collator('en_US');
+$b = [new stdclass, new stdclass];
+var_dump($a->sort($b));
+?>
+===DONE===
+--EXPECT--
+bool(true)
+===DONE===
|
