Okay, thank you for letting me know it in detail. BTW There should have been more cleaner code :) I'll take a look at it if time permits.
Moriyoshi
On 2003/11/14, at 0:25, Stefan Esser wrote:
If we allow odd increments (the code actually increased the limit by 1) the boundary check is worthless. The last time I commited something I added a +2 so catch all kinds of off-by-one or off-by-two (this already catched the filename)
Example: num_vars = 10 and num_var_max = 11 if (num_vars >= num_vars_max) is false and the buffer is not resized but we write to array[10] and array[11] (where array[10] was the last allocated). This happens everytime we allow odd increments. In the current code this is no security threat, because always 2 more are allocated. Nevertheless now the code stays within the boundary and the 2 element safety buffer isnt needed anymore.
Stefan
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php