On Wed, May 14, 2008 2:49 pm, Dionysus Blazakis wrote: > It seems there was an off-by-one error in the strspn code in our libc. > The buffer was a byte too small and resulted in overwriting the saved > ebx which was the offset to the GOT -- but only if strspn was used > with a \xff in the second string. > > I have a patch here: > http://dblaz.beevomit.org/dfly/strspn.patch > > I've verified it fixes the PHP problem. Also, I tested it against a > small program that called strspn with a \xff in the second string and > verified that ebx was correctly restored (unlike prior to the patch).
This fixed it - the Digest is back up, thanks to Dave. This would be worth bringing back to 1.12.2.
