File php-CVE-2015-4116.patch of Package php5.14673

X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_heap.c;h=fad237932b14e051f592fb6db049f9a791e5b8d6;hp=02833074fa062ee83894982b2acf5bff724f314a;hb=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1;hpb=9031a902e3393ff7dc8a02615430a7d894c740fa

diff --git a/ext/spl/spl_heap.c b/ext/spl/spl_heap.c
index 0283307..fad2379 100644
--- a/ext/spl/spl_heap.c
+++ b/ext/spl/spl_heap.c
@@ -249,9 +249,10 @@ static void spl_ptr_heap_insert(spl_ptr_heap *heap, spl_ptr_heap_element elem, v
 	heap->ctor(elem TSRMLS_CC);
 
 	/* sifting up */
-	for(i = heap->count++; i > 0 && heap->cmp(heap->elements[(i-1)/2], elem, cmp_userdata TSRMLS_CC) < 0; i = (i-1)/2) {
+	for(i = heap->count; i > 0 && heap->cmp(heap->elements[(i-1)/2], elem, cmp_userdata TSRMLS_CC) < 0; i = (i-1)/2) {
 		heap->elements[i] = heap->elements[(i-1)/2];
 	}
+	heap->count++;
 
 	if (EG(exception)) {
 		/* exception thrown during comparison */