Avoid null pointer arithmetic in SplFixedArray

nikic · nikic · commit b65380286a8f · 2021-07-02T15:39:22.000+02:00
Fixes bug62904.phpt under clang ubsan.
diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c
@@ -134,9 +134,10 @@ static void spl_fixedarray_copy_ctor(spl_fixedarray *to, spl_fixedarray *from)
 {
 	zend_long size = from->size;
 	spl_fixedarray_init(to, size);
-
-	zval *begin = from->elements, *end = from->elements + size;
-	spl_fixedarray_copy_range(to, 0, begin, end);
+	if (size != 0) {
+		zval *begin = from->elements, *end = from->elements + size;
+		spl_fixedarray_copy_range(to, 0, begin, end);
+	}
 }
 
 /* Destructs the elements in the range [from, to).

Original file line number	Diff line number	Diff line change
`@@ -134,9 +134,10 @@ static void spl_fixedarray_copy_ctor(spl_fixedarray to, spl_fixedarray from)`
`134`	`134`	`{`
`135`	`135`	`zend_long size = from->size;`
`136`	`136`	`spl_fixedarray_init(to, size);`
`137`		`-`
`138`		`- zval begin = from->elements, end = from->elements + size;`
`139`		`- spl_fixedarray_copy_range(to, 0, begin, end);`
	`137`	`+ if (size != 0) {`
	`138`	`+ zval begin = from->elements, end = from->elements + size;`
	`139`	`+ spl_fixedarray_copy_range(to, 0, begin, end);`
	`140`	`+ }`
`140`	`141`	`}`
`141`	`142`
`142`	`143`	`/* Destructs the elements in the range [from, to).`