tony2001 Fri Jan 25 13:42:36 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/standard array.c
Log:
MFH: endless loop (and stack overflow) protection in compact()
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/array.c?r1=1.308.2.21.2.37.2.15&r2=1.308.2.21.2.37.2.16&diff_format=u
Index: php-src/ext/standard/array.c
diff -u php-src/ext/standard/array.c:1.308.2.21.2.37.2.15
php-src/ext/standard/array.c:1.308.2.21.2.37.2.16
--- php-src/ext/standard/array.c:1.308.2.21.2.37.2.15 Wed Jan 23 12:09:52 2008
+++ php-src/ext/standard/array.c Fri Jan 25 13:42:36 2008
@@ -21,7 +21,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: array.c,v 1.308.2.21.2.37.2.15 2008/01/23 12:09:52 tony2001 Exp $ */
+/* $Id: array.c,v 1.308.2.21.2.37.2.16 2008/01/25 13:42:36 tony2001 Exp $ */
#include "php.h"
#include "php_ini.h"
@@ -1450,6 +1450,13 @@
else if (Z_TYPE_P(entry) == IS_ARRAY) {
HashPosition pos;
+ if ((Z_ARRVAL_P(entry)->nApplyCount > 1)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion
detected");
+ return;
+ }
+
+ Z_ARRVAL_P(entry)->nApplyCount++;
+
zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(entry), &pos);
while (zend_hash_get_current_data_ex(Z_ARRVAL_P(entry),
(void**)&value_ptr, &pos) == SUCCESS) {
value = *value_ptr;
@@ -1457,6 +1464,7 @@
php_compact_var(eg_active_symbol_table, return_value,
value);
zend_hash_move_forward_ex(Z_ARRVAL_P(entry), &pos);
}
+ Z_ARRVAL_P(entry)->nApplyCount--;
}
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
