From 0427669e6697b90bff0df4f4a83592aebac55488 Mon Sep 17 00:00:00 2001
From: Xenira <1288524+Xenira@users.noreply.github.com>
Date: Thu, 6 Feb 2025 17:13:36 +0100
Subject: [PATCH] fix(array): fix null dereference in iterator (#358)

Refs: #357
---
 src/types/array.rs              | 16 +++++++++++++---
 tests/src/integration/array.php |  5 +++--
 tests/src/integration/array.rs  |  2 +-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/types/array.rs b/src/types/array.rs
index 907e9d0568..3bf6f41132 100644
--- a/src/types/array.rs
+++ b/src/types/array.rs
@@ -739,7 +739,11 @@ impl<'a> Iter<'a> {
             )
         };
 
-        if key_type == -1 {
+        // Key type `-1` is ???
+        // Key type `1` is string
+        // Key type `2` is long
+        // Key type `3` is null meaning the end of the array
+        if key_type == -1 || key_type == 3 {
             return None;
         }
 
@@ -753,10 +757,16 @@ impl<'a> Iter<'a> {
             );
         }
         let value = unsafe {
-            &*zend_hash_get_current_data_ex(
+            let val_ptr = zend_hash_get_current_data_ex(
                 self.ht as *const ZendHashTable as *mut ZendHashTable,
                 &mut self.pos as *mut HashPosition,
-            )
+            );
+
+            if val_ptr.is_null() {
+                return None;
+            }
+
+            &*val_ptr
         };
 
         if !key.is_long() && !key.is_string() {
diff --git a/tests/src/integration/array.php b/tests/src/integration/array.php
index b17a99eca5..1232582c91 100644
--- a/tests/src/integration/array.php
+++ b/tests/src/integration/array.php
@@ -3,13 +3,14 @@
 require('_utils.php');
 
 // Tests sequential arrays
-$array = test_array(['a', 'b', 'c']);
+$array = test_array(['a', 'b', 'c', 'd']);
+unset($array[2]);
 
 assert(is_array($array));
 assert(count($array) === 3);
 assert(in_array('a', $array));
 assert(in_array('b', $array));
-assert(in_array('c', $array));
+assert(in_array('d', $array));
 
 // Tests associative arrays
 $assoc = test_array_assoc([
diff --git a/tests/src/integration/array.rs b/tests/src/integration/array.rs
index 447ece1bde..617ab770c5 100644
--- a/tests/src/integration/array.rs
+++ b/tests/src/integration/array.rs
@@ -1,4 +1,4 @@
 #[test]
-fn binary_works() {
+fn array_works() {
     assert!(crate::integration::run_php("array.php"));
 }