clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.

Browse Source
This commit is contained in:
Dmitry Stogov 2010-05-11 10:41:19 +00:00
parent 962aa93ec7
commit 5b18acdcc9
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -23,6 +23,9 @@ PHP NEWS
- Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
(Andrey)
- Fixed a possible memory corruption because of unexpected call-time pass by
refernce and following memory clobbering through callbacks.
Reported by Stefan Esser (Dmitry)
- Fixed a possible memory corruption in addcslashes(). Reported by Stefan
Esser (Dmitry)
- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan

6
Zend/zend_API.c
View File

@ -412,6 +412,12 @@ static char *zend_parse_arg_impl(int arg_num, zval **arg, va_list *va, char **sp
case IS_DOUBLE:
case IS_BOOL:
convert_to_string_ex(arg);
if (UNEXPECTED(Z_ISREF_PP(arg) != 0)) {
/* it's dangerous to return pointers to string
buffer of referenced variable, because it can
be clobbered throug magic callbacks */
SEPARATE_ZVAL(arg);
}
*p = Z_STRVAL_PP(arg);
*pl = Z_STRLEN_PP(arg);
break;