diff options
| author | Zeev Suraski <zeev@php.net> | 2000-04-13 15:56:02 +0000 |
|---|---|---|
| committer | Zeev Suraski <zeev@php.net> | 2000-04-13 15:56:02 +0000 |
| commit | c6c261e922131b1249757fa5c142d2659b743996 (patch) | |
| tree | a13ae8ce3a5c466091c1be0beb63790a63dd55f9 /Zend/zend_operators.c | |
| parent | 9f598b187c9f3755b5a6a0db7e6be9872fbdc938 (diff) | |
| download | php-git-c6c261e922131b1249757fa5c142d2659b743996.tar.gz | |
Fix a memory leak when using assign-op bitwise operators on strings
Diffstat (limited to 'Zend/zend_operators.c')
| -rw-r--r-- | Zend/zend_operators.c | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 60ce076a38..5b05a2d09c 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -727,7 +727,8 @@ ZEND_API int bitwise_or_function(zval *result, zval *op1, zval *op2) if (op1->type == IS_STRING && op2->type == IS_STRING) { zval *longer, *shorter; - int i; + char *result_str; + int i, result_len; if (op1->value.str.len >= op2->value.str.len) { longer = op1; @@ -738,11 +739,16 @@ ZEND_API int bitwise_or_function(zval *result, zval *op1, zval *op2) } result->type = IS_STRING; - result->value.str.len = longer->value.str.len; - result->value.str.val = estrndup(longer->value.str.val, longer->value.str.len); + result_len = longer->value.str.len; + result_str = estrndup(longer->value.str.val, longer->value.str.len); for (i = 0; i < shorter->value.str.len; i++) { - result->value.str.val[i] |= shorter->value.str.val[i]; + result_str[i] |= shorter->value.str.val[i]; + } + if (result==op1) { + efree(result->value.str.val); } + result->value.str.val = result_str; + result->value.str.len = result_len; return SUCCESS; } zendi_convert_to_long(op1, op1_copy, result); @@ -760,7 +766,8 @@ ZEND_API int bitwise_and_function(zval *result, zval *op1, zval *op2) if (op1->type == IS_STRING && op2->type == IS_STRING) { zval *longer, *shorter; - int i; + char *result_str; + int i, result_len; if (op1->value.str.len >= op2->value.str.len) { longer = op1; @@ -771,11 +778,16 @@ ZEND_API int bitwise_and_function(zval *result, zval *op1, zval *op2) } result->type = IS_STRING; - result->value.str.len = shorter->value.str.len; - result->value.str.val = estrndup(shorter->value.str.val, shorter->value.str.len); + result_len = shorter->value.str.len; + result_str = estrndup(shorter->value.str.val, shorter->value.str.len); for (i = 0; i < shorter->value.str.len; i++) { - result->value.str.val[i] &= longer->value.str.val[i]; + result_str[i] &= longer->value.str.val[i]; } + if (result==op1) { + efree(result->value.str.val); + } + result->value.str.val = result_str; + result->value.str.len = result_len; return SUCCESS; } @@ -795,7 +807,8 @@ ZEND_API int bitwise_xor_function(zval *result, zval *op1, zval *op2) if (op1->type == IS_STRING && op2->type == IS_STRING) { zval *longer, *shorter; - int i; + char *result_str; + int i, result_len; if (op1->value.str.len >= op2->value.str.len) { longer = op1; @@ -806,11 +819,16 @@ ZEND_API int bitwise_xor_function(zval *result, zval *op1, zval *op2) } result->type = IS_STRING; - result->value.str.len = shorter->value.str.len; - result->value.str.val = estrndup(shorter->value.str.val, shorter->value.str.len); + result_len = shorter->value.str.len; + result_str = estrndup(shorter->value.str.val, shorter->value.str.len); for (i = 0; i < shorter->value.str.len; i++) { - result->value.str.val[i] ^= longer->value.str.val[i]; + result_str[i] ^= longer->value.str.val[i]; + } + if (result==op1) { + efree(result->value.str.val); } + result->value.str.val = result_str; + result->value.str.len = result_len; return SUCCESS; } |