mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
This commit is contained in:
parent
962aa93ec7
commit
5b18acdcc9
3
NEWS
3
NEWS
@ -23,6 +23,9 @@ PHP NEWS
|
||||
- Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
|
||||
(Andrey)
|
||||
|
||||
- Fixed a possible memory corruption because of unexpected call-time pass by
|
||||
refernce and following memory clobbering through callbacks.
|
||||
Reported by Stefan Esser (Dmitry)
|
||||
- Fixed a possible memory corruption in addcslashes(). Reported by Stefan
|
||||
Esser (Dmitry)
|
||||
- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan
|
||||
|
@ -412,6 +412,12 @@ static char *zend_parse_arg_impl(int arg_num, zval **arg, va_list *va, char **sp
|
||||
case IS_DOUBLE:
|
||||
case IS_BOOL:
|
||||
convert_to_string_ex(arg);
|
||||
if (UNEXPECTED(Z_ISREF_PP(arg) != 0)) {
|
||||
/* it's dangerous to return pointers to string
|
||||
buffer of referenced variable, because it can
|
||||
be clobbered throug magic callbacks */
|
||||
SEPARATE_ZVAL(arg);
|
||||
}
|
||||
*p = Z_STRVAL_PP(arg);
|
||||
*pl = Z_STRLEN_PP(arg);
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user