[PHP-CVS] com php-src: Fixed bug #61453.: NEWS ext/spl/spl_observer.c ext/spl/tests/bug61453.phpt

Wed, 21 Mar 2012 05:44:39 -0700 

Commit:    0f001703a8987960de041b216a023869ab439857
Author:    Gustavo André dos Santos Lopes <cataphr...@php.net>         Wed, 21 
Mar 2012 12:39:30 +0000
Parents:   1e18f11c9ab56fb120c9e26ecd3f68f0651cddde
Branches:  PHP-5.4 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=0f001703a8987960de041b216a023869ab439857

Log:
Fixed bug #61453.

The "hash" function used strncpy on data that would have NUL bytes, ending the
copy prematurely and causing collisions between objects.

Bugs:
https://bugs.php.net/61453

Changed paths:
  M  NEWS
  M  ext/spl/spl_observer.c
  A  ext/spl/tests/bug61453.phpt


Diff:
0f001703a8987960de041b216a023869ab439857
diff --git a/NEWS b/NEWS
index af4f4c9..530159c 100644
--- a/NEWS
+++ b/NEWS
@@ -96,6 +96,8 @@ PHP                                                           
             NEWS
     ReflectionMethod::invokeArgs()). (Laruence)
 
 - SPL:
+  . Fixed bug #61453 (SplObjectStorage does not identify objects correctly).
+    (Gustavo)
   . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
 
 - Standard:
diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c
index 5eaa8fd..4b8be82 100755
--- a/ext/spl/spl_observer.c
+++ b/ext/spl/spl_observer.c
@@ -146,14 +146,14 @@ static char 
*spl_object_storage_get_hash(spl_SplObjectStorage *intern, zval *thi
 
                return (char*)&Z_OBJVAL_P(obj);
 #else
-               char *hash = emalloc((hash_len+1)*sizeof(char));
+               char *hash = emalloc(hash_len + 1);
 
                zend_object_value zvalue;
                memset(&zvalue, 0, sizeof(zend_object_value));
                zvalue.handle = Z_OBJ_HANDLE_P(obj);
                zvalue.handlers = Z_OBJ_HT_P(obj);
 
-               strncpy(hash, (char *)&zvalue, hash_len);
+               memcpy(hash, (char *)&zvalue, hash_len);
                hash[hash_len] = 0;
 
                if (hash_len_ptr) {
diff --git a/ext/spl/tests/bug61453.phpt b/ext/spl/tests/bug61453.phpt
new file mode 100644
index 0000000..e5b1387
--- /dev/null
+++ b/ext/spl/tests/bug61453.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #61453:    SplObjectStorage does not identify objects correctly
+--FILE--
+<?php
+$limit = 1000;
+$objects = new SplObjectStorage;
+for($i = 0; $i < $limit; $i++){
+       $object = new StdClass;
+
+       if(isset($objects[$object])){
+               die("this should never happen, but did after $i iteration");
+       }
+
+       $objects[$object] = 1;
+}
+?>
+==DONE==
+--EXPECT--
+==DONE==


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to