On 8/7/11 8:24 AM, Rasmus Lerdorf wrote:
True, but the problem here is that name may be free'ed at that point. On
line 3355 we have:

        property_info.name = (char*)name;

and then on 3365:

         if (ce->type == ZEND_USER_CLASS) {
         } else {
        property_info.name = interned_name;

So property_info.name is set to the interned_name at that point, but the
original name char* is pointing to free'd storage which is then used in
that hash update.

I don't think it can be. Only non-interned string is freed, and property_info.name = (char*)name is executed only for interned strings.

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to