Hi!
On 8/7/11 8:24 AM, Rasmus Lerdorf wrote:
True, but the problem here is that name may be free'ed at that point. On
line 3355 we have:
property_info.name = (char*)name;
and then on 3365:
if (ce->type == ZEND_USER_CLASS) {
efree(property_info.name);
} else {
free(property_info.name);
}
property_info.name = interned_name;
So property_info.name is set to the interned_name at that point, but the
original name char* is pointing to free'd storage which is then used in
that hash update.
I don't think it can be. Only non-interned string is freed, and
property_info.name = (char*)name is executed only for interned strings.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php