stas Tue, 11 Aug 2009 22:46:07 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=287123
Log:
fix potential memory issue on serialization
# When internal class uses zend_mangle_property_name it's malloc()
# so it should be freed with free()
Changed paths:
U php/php-src/branches/PHP_5_2/ext/standard/var.c
U php/php-src/branches/PHP_5_3/ext/standard/var.c
U php/php-src/trunk/ext/standard/var.c
Modified: php/php-src/branches/PHP_5_2/ext/standard/var.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/standard/var.c 2009-08-11 22:45:21 UTC
(rev 287122)
+++ php/php-src/branches/PHP_5_2/ext/standard/var.c 2009-08-11 22:46:07 UTC
(rev 287123)
@@ -617,20 +617,20 @@
Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
if
(zend_hash_find(Z_OBJPROP_P(struc), priv_name, prop_name_length+1, (void *) &d)
== SUCCESS) {
php_var_serialize_string(buf, priv_name, prop_name_length);
- efree(priv_name);
+ pefree(priv_name,
ce->type & ZEND_INTERNAL_CLASS);
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
- efree(priv_name);
+ pefree(priv_name, ce->type &
ZEND_INTERNAL_CLASS);
zend_mangle_property_name(&prot_name, &prop_name_length, "*", 1,
Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
if
(zend_hash_find(Z_OBJPROP_P(struc), prot_name, prop_name_length+1, (void *) &d)
== SUCCESS) {
php_var_serialize_string(buf, prot_name, prop_name_length);
- efree(prot_name);
+ pefree(prot_name,
ce->type & ZEND_INTERNAL_CLASS);
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
- efree(prot_name);
+ pefree(prot_name, ce->type &
ZEND_INTERNAL_CLASS);
php_error_docref(NULL
TSRMLS_CC, E_NOTICE, "\"%s\" returned as member variable from __sleep() but
does not exist", Z_STRVAL_PP(name));
php_var_serialize_string(buf,
Z_STRVAL_PP(name), Z_STRLEN_PP(name));
php_var_serialize_intern(buf,
nvalp, var_hash TSRMLS_CC);
Modified: php/php-src/branches/PHP_5_3/ext/standard/var.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/var.c 2009-08-11 22:45:21 UTC
(rev 287122)
+++ php/php-src/branches/PHP_5_3/ext/standard/var.c 2009-08-11 22:46:07 UTC
(rev 287123)
@@ -599,19 +599,19 @@
zend_mangle_property_name(&priv_name, &prop_name_length, ce->name,
ce->name_length, Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type &
ZEND_INTERNAL_CLASS);
if
(zend_hash_find(Z_OBJPROP_P(struc), priv_name, prop_name_length + 1, (void *)
&d) == SUCCESS) {
php_var_serialize_string(buf, priv_name, prop_name_length);
- efree(priv_name);
+ pefree(priv_name,
ce->type & ZEND_INTERNAL_CLASS);
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
- efree(priv_name);
+ pefree(priv_name, ce->type &
ZEND_INTERNAL_CLASS);
zend_mangle_property_name(&prot_name, &prop_name_length, "*", 1,
Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
if
(zend_hash_find(Z_OBJPROP_P(struc), prot_name, prop_name_length + 1, (void *)
&d) == SUCCESS) {
php_var_serialize_string(buf, prot_name, prop_name_length);
- efree(prot_name);
+ pefree(prot_name,
ce->type & ZEND_INTERNAL_CLASS);
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
- efree(prot_name);
+ pefree(prot_name, ce->type &
ZEND_INTERNAL_CLASS);
php_error_docref(NULL
TSRMLS_CC, E_NOTICE, "\"%s\" returned as member variable from __sleep() but
does not exist", Z_STRVAL_PP(name));
php_var_serialize_string(buf,
Z_STRVAL_PP(name), Z_STRLEN_PP(name));
php_var_serialize_intern(buf,
nvalp, var_hash TSRMLS_CC);
Modified: php/php-src/trunk/ext/standard/var.c
===================================================================
--- php/php-src/trunk/ext/standard/var.c 2009-08-11 22:45:21 UTC (rev
287122)
+++ php/php-src/trunk/ext/standard/var.c 2009-08-11 22:46:07 UTC (rev
287123)
@@ -860,11 +860,11 @@
} else {
php_var_serialize_string(buf, priv_name.s, prop_name_length);
}
- efree(priv_name.v);
+ pefree(priv_name.v,
ce->type & ZEND_INTERNAL_CLASS);
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
- efree(priv_name.v);
+ pefree(priv_name.v, ce->type &
ZEND_INTERNAL_CLASS);
zend_u_mangle_property_name(&prot_name, &prop_name_length, Z_TYPE_PP(name),
star, 1, Z_UNIVAL_PP(name), Z_UNILEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
if
(zend_u_hash_find(Z_OBJPROP_P(struc), Z_TYPE_PP(name), prot_name,
prop_name_length+1, (void *) &d) == SUCCESS) {
if (Z_TYPE_PP(name) ==
IS_UNICODE) {
@@ -872,11 +872,11 @@
} else {
php_var_serialize_string(buf, prot_name.s, prop_name_length);
}
- efree(prot_name.v);
+ pefree(prot_name.v,
ce->type & ZEND_INTERNAL_CLASS);
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
- efree(prot_name.v);
+ pefree(prot_name.v, ce->type &
ZEND_INTERNAL_CLASS);
php_error_docref(NULL
TSRMLS_CC, E_NOTICE, "\"%R\" returned as member variable from __sleep() but
does not exist", Z_TYPE_PP(name), Z_UNIVAL_PP(name));
if (Z_TYPE_PP(name) ==
IS_UNICODE) {
php_var_serialize_unicode(buf, Z_USTRVAL_PP(name), Z_USTRLEN_PP(name));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
