Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/Zend/zend_API.c trunk/Zend/zend_API.c

Sun, 07 Aug 2011 08:25:10 -0700 

True, but the problem here is that name may be free'ed at that point. On
line 3355 we have:

        property_info.name = (char*)name;

and then on 3365:

        if (ce->type == ZEND_USER_CLASS) {
            efree(property_info.name);
        } else {
            free(property_info.name);
        }
        property_info.name = interned_name;

So property_info.name is set to the interned_name at that point, but the
original name char* is pointing to free'd storage which is then used in
that hash update.

-Rasmus

On 08/07/2011 06:04 AM, Felipe Pena wrote:
> felipe                                   Sun, 07 Aug 2011 13:04:02 +0000
> 
> Revision: http://svn.php.net/viewvc?view=revision&revision=314420
> 
> Log:
> - Revert r314387
>   (property_info.name has the mangled name)
> 
> Changed paths:
>     U   php/php-src/branches/PHP_5_4/Zend/zend_API.c
>     U   php/php-src/trunk/Zend/zend_API.c
> 
> Modified: php/php-src/branches/PHP_5_4/Zend/zend_API.c
> ===================================================================
> --- php/php-src/branches/PHP_5_4/Zend/zend_API.c      2011-08-07 11:13:27 UTC 
> (rev 314419)
> +++ php/php-src/branches/PHP_5_4/Zend/zend_API.c      2011-08-07 13:04:02 UTC 
> (rev 314420)
> @@ -3378,7 +3378,7 @@
> 
>       property_info.ce = ce;
> 
> -     zend_hash_quick_update(&ce->properties_info, property_info.name, 
> property_info.name_length+1, h, &property_info, sizeof(zend_property_info), 
> NULL);
> +     zend_hash_quick_update(&ce->properties_info, name, name_length+1, h, 
> &property_info, sizeof(zend_property_info), NULL);
> 
>       return SUCCESS;
>  }
> 
> Modified: php/php-src/trunk/Zend/zend_API.c
> ===================================================================
> --- php/php-src/trunk/Zend/zend_API.c 2011-08-07 11:13:27 UTC (rev 314419)
> +++ php/php-src/trunk/Zend/zend_API.c 2011-08-07 13:04:02 UTC (rev 314420)
> @@ -3378,7 +3378,7 @@
> 
>       property_info.ce = ce;
> 
> -     zend_hash_quick_update(&ce->properties_info, property_info.name, 
> property_info.name_length+1, h, &property_info, sizeof(zend_property_info), 
> NULL);
> +     zend_hash_quick_update(&ce->properties_info, name, name_length+1, h, 
> &property_info, sizeof(zend_property_info), NULL);
> 
>       return SUCCESS;
>  }
> 
> 
> 
> 


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to