SplHeap: Avoid memcpy on overlapping pointer

Check if data would overlap and also add an assert. Previous implementations didn't have this issue, as the direct assignment was used. Signed-off-by: Anatol Belski <ab@php.net>
author: Anatol Belski <ab@php.net> 2020-06-21 22:16:56 +0200
committer: Anatol Belski <ab@php.net> 2020-06-21 22:53:46 +0200
commit: afe14236e3f172a656290fefa3d0ffa57bb48aa4 (patch)
tree: 4326c99da5ef249eb0bb53ca9c4ef4964987202b
parent: 525d8a8bfae487bd6890c6bf3688883ef804d82e (diff)
download: php-git-afe14236e3f172a656290fefa3d0ffa57bb48aa4.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/spl/spl_heap.c b/ext/spl/spl_heap.c
index 4aea640c71..abe13cb38f 100644
--- a/ext/spl/spl_heap.c
+++ b/ext/spl/spl_heap.c
@@ -98,6 +98,7 @@ static zend_always_inline void *spl_heap_elem(spl_ptr_heap *heap, size_t i) {
 }
 
 static zend_always_inline void spl_heap_elem_copy(spl_ptr_heap *heap, void *to, void *from) {
+	assert(to != from);
 	memcpy(to, from, heap->elem_size);
 }
 
@@ -333,7 +334,10 @@ static int spl_ptr_heap_delete_top(spl_ptr_heap *heap, void *elem, void *cmp_use
 		heap->flags |= SPL_HEAP_CORRUPTED;
 	}
 
-	spl_heap_elem_copy(heap, spl_heap_elem(heap, i), bottom);
+	void *to = spl_heap_elem(heap, i);
+	if (to != bottom) {
+		spl_heap_elem_copy(heap, to, bottom);
+	}
 	return SUCCESS;
 }
 /* }}} */
author	Anatol Belski <ab@php.net>	2020-06-21 22:16:56 +0200
committer	Anatol Belski <ab@php.net>	2020-06-21 22:53:46 +0200
commit	afe14236e3f172a656290fefa3d0ffa57bb48aa4 (patch)
tree	4326c99da5ef249eb0bb53ca9c4ef4964987202b
parent	525d8a8bfae487bd6890c6bf3688883ef804d82e (diff)
download	php-git-afe14236e3f172a656290fefa3d0ffa57bb48aa4.tar.gz