tony2001 Mon Dec 19 13:53:06 2005 EDT
Modified files: (Branch: PHP_5_1)
/php-src/ext/spl spl_observer.c
Log:
fix possible reads of uninitialized memory (reproducible only on 64bit
platforms)
http://cvs.php.net/viewcvs.cgi/php-src/ext/spl/spl_observer.c?r1=1.2.2.2&r2=1.2.2.3&diff_format=u
Index: php-src/ext/spl/spl_observer.c
diff -u php-src/ext/spl/spl_observer.c:1.2.2.2
php-src/ext/spl/spl_observer.c:1.2.2.3
--- php-src/ext/spl/spl_observer.c:1.2.2.2 Mon Nov 14 22:03:02 2005
+++ php-src/ext/spl/spl_observer.c Mon Dec 19 13:53:06 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: spl_observer.c,v 1.2.2.2 2005/11/14 22:03:02 tony2001 Exp $ */
+/* $Id: spl_observer.c,v 1.2.2.3 2005/12/19 13:53:06 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
# include "config.h"
@@ -129,13 +129,17 @@
SPL_METHOD(SplObjectStorage, attach)
{
zval *obj;
+ zend_object_value zvalue;
spl_SplObjectStorage *intern =
(spl_SplObjectStorage*)zend_object_store_get_object(getThis() TSRMLS_CC);
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &obj) ==
FAILURE) {
return;
}
-
- zend_hash_update(&intern->storage, (char*)&obj->value.obj,
sizeof(obj->value.obj), &obj, sizeof(zval**), NULL);
+ memset(&zvalue, 0, sizeof(zend_object_value));
+ zvalue.handle = obj->value.obj.handle;
+ zvalue.handlers = obj->value.obj.handlers;
+
+ zend_hash_update(&intern->storage, (char*)&zvalue,
sizeof(zend_object_value), &obj, sizeof(zval*), NULL);
obj->refcount++;
} /* }}} */
@@ -144,13 +148,17 @@
SPL_METHOD(SplObjectStorage, detach)
{
zval *obj;
+ zend_object_value zvalue;
spl_SplObjectStorage *intern =
(spl_SplObjectStorage*)zend_object_store_get_object(getThis() TSRMLS_CC);
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &obj) ==
FAILURE) {
return;
}
+ memset(&zvalue, 0, sizeof(zend_object_value));
+ zvalue.handle = obj->value.obj.handle;
+ zvalue.handlers = obj->value.obj.handlers;
- zend_hash_del(&intern->storage, (char*)&obj->value.obj,
sizeof(obj->value.obj));
+ zend_hash_del(&intern->storage, (char*)&zvalue,
sizeof(zend_object_value));
zend_hash_internal_pointer_reset_ex(&intern->storage, &intern->pos);
intern->index = 0;
} /* }}} */
@@ -160,13 +168,17 @@
SPL_METHOD(SplObjectStorage, contains)
{
zval *obj;
+ zend_object_value zvalue;
spl_SplObjectStorage *intern =
(spl_SplObjectStorage*)zend_object_store_get_object(getThis() TSRMLS_CC);
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &obj) ==
FAILURE) {
return;
}
+ memset(&zvalue, 0, sizeof(zend_object_value));
+ zvalue.handle = obj->value.obj.handle;
+ zvalue.handlers = obj->value.obj.handlers;
- RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&obj->value.obj,
sizeof(obj->value.obj)));
+ RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&zvalue,
sizeof(zend_object_value)));
} /* }}} */
/* {{{ proto int SplObjectStorage::count()
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
