True, but the problem here is that name may be free'ed at that point. On line 3355 we have:
property_info.name = (char*)name; and then on 3365: if (ce->type == ZEND_USER_CLASS) { efree(property_info.name); } else { free(property_info.name); } property_info.name = interned_name; So property_info.name is set to the interned_name at that point, but the original name char* is pointing to free'd storage which is then used in that hash update. -Rasmus On 08/07/2011 06:04 AM, Felipe Pena wrote: > felipe Sun, 07 Aug 2011 13:04:02 +0000 > > Revision: http://svn.php.net/viewvc?view=revision&revision=314420 > > Log: > - Revert r314387 > (property_info.name has the mangled name) > > Changed paths: > U php/php-src/branches/PHP_5_4/Zend/zend_API.c > U php/php-src/trunk/Zend/zend_API.c > > Modified: php/php-src/branches/PHP_5_4/Zend/zend_API.c > =================================================================== > --- php/php-src/branches/PHP_5_4/Zend/zend_API.c 2011-08-07 11:13:27 UTC > (rev 314419) > +++ php/php-src/branches/PHP_5_4/Zend/zend_API.c 2011-08-07 13:04:02 UTC > (rev 314420) > @@ -3378,7 +3378,7 @@ > > property_info.ce = ce; > > - zend_hash_quick_update(&ce->properties_info, property_info.name, > property_info.name_length+1, h, &property_info, sizeof(zend_property_info), > NULL); > + zend_hash_quick_update(&ce->properties_info, name, name_length+1, h, > &property_info, sizeof(zend_property_info), NULL); > > return SUCCESS; > } > > Modified: php/php-src/trunk/Zend/zend_API.c > =================================================================== > --- php/php-src/trunk/Zend/zend_API.c 2011-08-07 11:13:27 UTC (rev 314419) > +++ php/php-src/trunk/Zend/zend_API.c 2011-08-07 13:04:02 UTC (rev 314420) > @@ -3378,7 +3378,7 @@ > > property_info.ce = ce; > > - zend_hash_quick_update(&ce->properties_info, property_info.name, > property_info.name_length+1, h, &property_info, sizeof(zend_property_info), > NULL); > + zend_hash_quick_update(&ce->properties_info, name, name_length+1, h, > &property_info, sizeof(zend_property_info), NULL); > > return SUCCESS; > } > > > > -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php