clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

php_add_var_hash() uses sizeof(id) in the calls to zend_hash_*, implying

Browse Source 
that all bytes in the character array have been set (they are used
to compute the hash value using hashpjw).

The function assumes that sprintf's %p modifier would always prefix
the output with "0x".  On HPUX, this is not the case.  Hence, not
all bytes may be properly initialized before being read.

This has been addressed by using only initialized bytes as the key.
This commit is contained in:
Sascha Schumann 2001-01-09 05:49:37 +00:00
parent 426d4104ea
commit dbb3402c0f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ext/standard/var.c
View File

@ -161,7 +161,7 @@ inline int php_add_var_hash(HashTable *var_hash, zval *var, void *var_old) {
snprintf(id,sizeof(id)-1, "%p", var);
id[sizeof(id)-1]='\0';
if(var_old && zend_hash_find(var_hash, id, sizeof(id), var_old) == SUCCESS) {
if(var_old && zend_hash_find(var_hash, id, strlen(id), var_old) == SUCCESS) {
if(!var->is_ref) {
/* we still need to bump up the counter, since non-refs will
be counted separately by unserializer */
@ -172,7 +172,7 @@ inline int php_add_var_hash(HashTable *var_hash, zval *var, void *var_old) {
}
var_no = zend_hash_num_elements(var_hash)+1; /* +1 because otherwise hash will think we are trying to store NULL pointer */
zend_hash_add(var_hash, id, sizeof(id), &var_no, sizeof(var_no), NULL);
zend_hash_add(var_hash, id, strlen(id), &var_no, sizeof(var_no), NULL);
return SUCCESS;
}