Skip to content

Commit

Permalink
SplHeap: Avoid memcpy on overlapping pointer
Browse files Browse the repository at this point in the history 
Check if data would overlap and also add an assert. Previous
implementations didn't have this issue, as the direct assignment was
used.

Signed-off-by: Anatol Belski <ab@php.net>
  • Loading branch information
@weltling
weltling committed Jun 21, 2020
1 parent 525d8a8 commit afe1423
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion ext/spl/spl_heap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ static zend_always_inline void *spl_heap_elem(spl_ptr_heap *heap, size_t i) {
}

static zend_always_inline void spl_heap_elem_copy(spl_ptr_heap *heap, void *to, void *from) {
assert(to != from);
memcpy(to, from, heap->elem_size);
}

Expand Down Expand Up @@ -333,7 +334,10 @@ static int spl_ptr_heap_delete_top(spl_ptr_heap *heap, void *elem, void *cmp_use
heap->flags |= SPL_HEAP_CORRUPTED;
}

spl_heap_elem_copy(heap, spl_heap_elem(heap, i), bottom);
void *to = spl_heap_elem(heap, i);
if (to != bottom) {
spl_heap_elem_copy(heap, to, bottom);
}
return SUCCESS;
}
/* }}} */
Expand Down

0 comments on commit afe1423

Please sign in to comment.