tony2001 Mon Dec 19 13:53:28 2005 EDT
Modified files:
/php-src/ext/spl spl_observer.c
Log:
MFB: fix possible invalid reads
http://cvs.php.net/viewcvs.cgi/php-src/ext/spl/spl_observer.c?r1=1.5&r2=1.6&diff_format=u
Index: php-src/ext/spl/spl_observer.c
diff -u php-src/ext/spl/spl_observer.c:1.5 php-src/ext/spl/spl_observer.c:1.6
--- php-src/ext/spl/spl_observer.c:1.5 Mon Nov 14 21:52:25 2005
+++ php-src/ext/spl/spl_observer.c Mon Dec 19 13:53:28 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: spl_observer.c,v 1.5 2005/11/14 21:52:25 tony2001 Exp $ */
+/* $Id: spl_observer.c,v 1.6 2005/12/19 13:53:28 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
# include "config.h"
@@ -129,13 +129,17 @@
SPL_METHOD(SplObjectStorage, attach)
{
zval *obj;
+ zend_object_value zvalue;
spl_SplObjectStorage *intern =
(spl_SplObjectStorage*)zend_object_store_get_object(getThis() TSRMLS_CC);
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &obj) ==
FAILURE) {
return;
}
-
- zend_hash_update(&intern->storage, (char*)&obj->value.obj,
sizeof(obj->value.obj), &obj, sizeof(zval**), NULL);
+ memset(&zvalue, 0, sizeof(zend_object_value));
+ zvalue.handle = obj->value.obj.handle;
+ zvalue.handlers = obj->value.obj.handlers;
+
+ zend_hash_update(&intern->storage, (char*)&zvalue,
sizeof(zend_object_value), &obj, sizeof(zval*), NULL);
obj->refcount++;
} /* }}} */
@@ -144,13 +148,17 @@
SPL_METHOD(SplObjectStorage, detach)
{
zval *obj;
+ zend_object_value zvalue;
spl_SplObjectStorage *intern =
(spl_SplObjectStorage*)zend_object_store_get_object(getThis() TSRMLS_CC);
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &obj) ==
FAILURE) {
return;
}
+ memset(&zvalue, 0, sizeof(zend_object_value));
+ zvalue.handle = obj->value.obj.handle;
+ zvalue.handlers = obj->value.obj.handlers;
- zend_hash_del(&intern->storage, (char*)&obj->value.obj,
sizeof(obj->value.obj));
+ zend_hash_del(&intern->storage, (char*)&zvalue,
sizeof(zend_object_value));
zend_hash_internal_pointer_reset_ex(&intern->storage, &intern->pos);
intern->index = 0;
} /* }}} */
@@ -160,13 +168,17 @@
SPL_METHOD(SplObjectStorage, contains)
{
zval *obj;
+ zend_object_value zvalue;
spl_SplObjectStorage *intern =
(spl_SplObjectStorage*)zend_object_store_get_object(getThis() TSRMLS_CC);
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &obj) ==
FAILURE) {
return;
}
+ memset(&zvalue, 0, sizeof(zend_object_value));
+ zvalue.handle = obj->value.obj.handle;
+ zvalue.handlers = obj->value.obj.handlers;
- RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&obj->value.obj,
sizeof(obj->value.obj)));
+ RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&zvalue,
sizeof(zend_object_value)));
} /* }}} */
/* {{{ proto int SplObjectStorage::count()
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
