diff options
author | Anatol Belski <ab@php.net> | 2020-06-21 22:16:56 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2020-06-21 22:53:46 +0200 |
commit | afe14236e3f172a656290fefa3d0ffa57bb48aa4 (patch) | |
tree | 4326c99da5ef249eb0bb53ca9c4ef4964987202b | |
parent | 525d8a8bfae487bd6890c6bf3688883ef804d82e (diff) | |
download | php-git-afe14236e3f172a656290fefa3d0ffa57bb48aa4.tar.gz |
SplHeap: Avoid memcpy on overlapping pointer
Check if data would overlap and also add an assert. Previous
implementations didn't have this issue, as the direct assignment was
used.
Signed-off-by: Anatol Belski <ab@php.net>
-rw-r--r-- | ext/spl/spl_heap.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/spl/spl_heap.c b/ext/spl/spl_heap.c index 4aea640c71..abe13cb38f 100644 --- a/ext/spl/spl_heap.c +++ b/ext/spl/spl_heap.c @@ -98,6 +98,7 @@ static zend_always_inline void *spl_heap_elem(spl_ptr_heap *heap, size_t i) { } static zend_always_inline void spl_heap_elem_copy(spl_ptr_heap *heap, void *to, void *from) { + assert(to != from); memcpy(to, from, heap->elem_size); } @@ -333,7 +334,10 @@ static int spl_ptr_heap_delete_top(spl_ptr_heap *heap, void *elem, void *cmp_use heap->flags |= SPL_HEAP_CORRUPTED; } - spl_heap_elem_copy(heap, spl_heap_elem(heap, i), bottom); + void *to = spl_heap_elem(heap, i); + if (to != bottom) { + spl_heap_elem_copy(heap, to, bottom); + } return SUCCESS; } /* }}} */ |