tony2001 Fri Jan 25 13:42:24 2008 UTC
Modified files:
/php-src/ext/standard array.c
Log:
endless loop (and stack overflow) protection in compact()
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/array.c?r1=1.436&r2=1.437&diff_format=u
Index: php-src/ext/standard/array.c
diff -u php-src/ext/standard/array.c:1.436 php-src/ext/standard/array.c:1.437
--- php-src/ext/standard/array.c:1.436 Wed Jan 23 11:20:00 2008
+++ php-src/ext/standard/array.c Fri Jan 25 13:42:24 2008
@@ -21,7 +21,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: array.c,v 1.436 2008/01/23 11:20:00 tony2001 Exp $ */
+/* $Id: array.c,v 1.437 2008/01/25 13:42:24 tony2001 Exp $ */
#include "php.h"
#include "php_ini.h"
@@ -1574,6 +1574,13 @@
else if (Z_TYPE_P(entry) == IS_ARRAY) {
HashPosition pos;
+ if ((Z_ARRVAL_P(entry)->nApplyCount > 1)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion
detected");
+ return;
+ }
+
+ Z_ARRVAL_P(entry)->nApplyCount++;
+
zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(entry), &pos);
while (zend_hash_get_current_data_ex(Z_ARRVAL_P(entry),
(void**)&value_ptr, &pos) == SUCCESS) {
value = *value_ptr;
@@ -1581,6 +1588,7 @@
php_compact_var(eg_active_symbol_table, return_value,
value);
zend_hash_move_forward_ex(Z_ARRVAL_P(entry), &pos);
}
+ Z_ARRVAL_P(entry)->nApplyCount--;
}
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
