diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2004-07-01 16:28:32 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2004-07-01 16:28:32 +0000 |
| commit | 2ba0608e48df987eafc587085eba6da52dadc525 (patch) | |
| tree | 2164c7c9b4de2f2909e5ddcf0010e5f4b7277891 | |
| parent | e8f984d77a14c0e5dfd854f7c7865037b83cf03d (diff) | |
| download | php-git-2ba0608e48df987eafc587085eba6da52dadc525.tar.gz | |
Do not use alloca() where it can be easily abused by the users.
# This probably should go into reflection code as well.
| -rw-r--r-- | Zend/zend_constants.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/Zend/zend_constants.c b/Zend/zend_constants.c index 0bb8cc4b25..dfcc1ae562 100644 --- a/Zend/zend_constants.c +++ b/Zend/zend_constants.c @@ -231,10 +231,8 @@ ZEND_API int zend_get_constant(char *name, uint name_len, zval *result TSRMLS_DC scope = CG(active_class_entry); } - class_name = do_alloca(class_name_len+1); - memcpy(class_name, name, class_name_len); - class_name[class_name_len] = '\0'; - + class_name = estrndup(name, class_name_len); + if (class_name_len == sizeof("self")-1 && strcmp(class_name, "self") == 0) { if (scope) { ce = &scope; @@ -255,7 +253,7 @@ ZEND_API int zend_get_constant(char *name, uint name_len, zval *result TSRMLS_DC retval = 0; } } - free_alloca(class_name); + efree(class_name); if (retval && ce) { if (zend_hash_find(&((*ce)->constants_table), constant_name, const_name_len+1, (void **) &ret_constant) != SUCCESS) { @@ -275,9 +273,8 @@ ZEND_API int zend_get_constant(char *name, uint name_len, zval *result TSRMLS_DC } if (zend_hash_find(EG(zend_constants), name, name_len+1, (void **) &c) == FAILURE) { - lookup_name = do_alloca(name_len+1); - zend_str_tolower_copy(lookup_name, name, name_len); - lookup_name[name_len] = '\0'; + lookup_name = estrndup(name, name_len); + zend_str_tolower(lookup_name, name_len); if (zend_hash_find(EG(zend_constants), lookup_name, name_len+1, (void **) &c)==SUCCESS) { if ((c->flags & CONST_CS) && memcmp(c->name, name, name_len)!=0) { @@ -286,7 +283,7 @@ ZEND_API int zend_get_constant(char *name, uint name_len, zval *result TSRMLS_DC } else { retval=0; } - free_alloca(lookup_name); + efree(lookup_name); } if (retval) { @@ -312,8 +309,8 @@ ZEND_API int zend_register_constant(zend_constant *c TSRMLS_DC) if (!(c->flags & CONST_CS)) { /* keep in mind that c->name_len already contains the '\0' */ - lowercase_name = do_alloca(c->name_len); - zend_str_tolower_copy(lowercase_name, c->name, c->name_len - 1); + lowercase_name = estrndup(c->name, c->name_len); + zend_str_tolower(lowercase_name, c->name_len); name = lowercase_name; } else { name = c->name; @@ -328,7 +325,7 @@ ZEND_API int zend_register_constant(zend_constant *c TSRMLS_DC) ret = FAILURE; } if (lowercase_name) { - free_alloca(lowercase_name); + efree(lowercase_name); } return ret; } |