Fxied segfault

laruence · laruence · commit aef01107e713 · 2015-06-11T23:14:21.000+08:00
diff --git a/msgpack_pack.c b/msgpack_pack.c
@@ -63,13 +63,17 @@ static inline int msgpack_var_add(HashTable *var_hash, zval *var, zval **var_old
         p = zend_print_long_to_buf(id + sizeof(id) - 1, (long)(var_noref));
         len = id + sizeof(id) - 1 - p;
     } else {
+		// TODO: uninitialized var_old?
         return 0;
     }
 
-    if (var_old && (*var_old = zend_hash_str_find(var_hash, p, len)) != NULL) {
+    if (var_old && ((*var_old = zend_hash_str_find(var_hash, p, len))) != NULL) {
         if (!Z_ISREF_P(var)) {
+			size_t offset = (char *)*var_old - (char*)var_hash->arData;
             ZVAL_LONG(&zv, -1);
             zend_hash_next_index_insert(var_hash, &zv);
+			/* table maybe resized */
+			*var_old = (zval *)((char *)var_hash->arData + offset);
         }
         return 0;
     }

Original file line number	Diff line number	Diff line change
`@@ -63,13 +63,17 @@ static inline int msgpack_var_add(HashTable var_hash, zval var, zval **var_old`
`63`	`63`	`p = zend_print_long_to_buf(id + sizeof(id) - 1, (long)(var_noref));`
`64`	`64`	`len = id + sizeof(id) - 1 - p;`
`65`	`65`	`} else {`
	`66`	`+ // TODO: uninitialized var_old?`
`66`	`67`	`return 0;`
`67`	`68`	`}`
`68`	`69`
`69`		`- if (var_old && (*var_old = zend_hash_str_find(var_hash, p, len)) != NULL) {`
	`70`	`+ if (var_old && ((*var_old = zend_hash_str_find(var_hash, p, len))) != NULL) {`
`70`	`71`	`if (!Z_ISREF_P(var)) {`
	`72`	`+ size_t offset = (char )var_old - (char*)var_hash->arData;`
`71`	`73`	`ZVAL_LONG(&zv, -1);`
`72`	`74`	`zend_hash_next_index_insert(var_hash, &zv);`
	`75`	`+ /* table maybe resized */`
	`76`	`+ var_old = (zval )((char *)var_hash->arData + offset);`
`73`	`77`	`}`
`74`	`78`	`return 0;`
`75`	`79`	`}`