Commit: 0f001703a8987960de041b216a023869ab439857 Author: Gustavo André dos Santos Lopes <cataphr...@php.net> Wed, 21 Mar 2012 12:39:30 +0000 Parents: 1e18f11c9ab56fb120c9e26ecd3f68f0651cddde Branches: PHP-5.4 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=0f001703a8987960de041b216a023869ab439857 Log: Fixed bug #61453. The "hash" function used strncpy on data that would have NUL bytes, ending the copy prematurely and causing collisions between objects. Bugs: https://bugs.php.net/61453 Changed paths: M NEWS M ext/spl/spl_observer.c A ext/spl/tests/bug61453.phpt Diff: 0f001703a8987960de041b216a023869ab439857 diff --git a/NEWS b/NEWS index af4f4c9..530159c 100644 --- a/NEWS +++ b/NEWS @@ -96,6 +96,8 @@ PHP NEWS ReflectionMethod::invokeArgs()). (Laruence) - SPL: + . Fixed bug #61453 (SplObjectStorage does not identify objects correctly). + (Gustavo) . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) - Standard: diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index 5eaa8fd..4b8be82 100755 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -146,14 +146,14 @@ static char *spl_object_storage_get_hash(spl_SplObjectStorage *intern, zval *thi return (char*)&Z_OBJVAL_P(obj); #else - char *hash = emalloc((hash_len+1)*sizeof(char)); + char *hash = emalloc(hash_len + 1); zend_object_value zvalue; memset(&zvalue, 0, sizeof(zend_object_value)); zvalue.handle = Z_OBJ_HANDLE_P(obj); zvalue.handlers = Z_OBJ_HT_P(obj); - strncpy(hash, (char *)&zvalue, hash_len); + memcpy(hash, (char *)&zvalue, hash_len); hash[hash_len] = 0; if (hash_len_ptr) { diff --git a/ext/spl/tests/bug61453.phpt b/ext/spl/tests/bug61453.phpt new file mode 100644 index 0000000..e5b1387 --- /dev/null +++ b/ext/spl/tests/bug61453.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #61453: SplObjectStorage does not identify objects correctly +--FILE-- +<?php +$limit = 1000; +$objects = new SplObjectStorage; +for($i = 0; $i < $limit; $i++){ + $object = new StdClass; + + if(isset($objects[$object])){ + die("this should never happen, but did after $i iteration"); + } + + $objects[$object] = 1; +} +?> +==DONE== +--EXPECT-- +==DONE== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php