[Pkg-php-commits] [php/debian-sid] Cherry pick fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE

Ondřej Surý ondrej at sury.org
Wed Jan 5 10:06:14 UTC 2011


---
 .../do-not-overwrite-GLOBALS-and-this.patch        |   43 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 2 files changed, 44 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/do-not-overwrite-GLOBALS-and-this.patch

diff --git a/debian/patches/do-not-overwrite-GLOBALS-and-this.patch b/debian/patches/do-not-overwrite-GLOBALS-and-this.patch
new file mode 100644
index 0000000..3a22fdb
--- /dev/null
+++ b/debian/patches/do-not-overwrite-GLOBALS-and-this.patch
@@ -0,0 +1,43 @@
+--- a/ext/standard/array.c
++++ b/ext/standard/array.c
+@@ -1389,10 +1389,10 @@ PHP_FUNCTION(extract)
+ 
+ 			case EXTR_OVERWRITE:
+ 				/* GLOBALS protection */
+-				if (var_exists && var_name_len == sizeof("GLOBALS") && !strcmp(var_name, "GLOBALS")) {
++				if (var_exists && var_name_len == sizeof("GLOBALS")-1 && !strcmp(var_name, "GLOBALS")) {
+ 					break;
+ 				}
+-				if (var_exists && var_name_len == sizeof("this")  && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) {
++				if (var_exists && var_name_len == sizeof("this")-1  && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) {
+ 					break;
+ 				}
+ 				ZVAL_STRINGL(&final_name, var_name, var_name_len, 1);
+--- /dev/null
++++ b/ext/standard/tests/array/extract_safety.phpt
+@@ -0,0 +1,24 @@
++--TEST--
++Test extract() for overwrite of GLOBALS
++--FILE--
++<?php
++$str = "John";
++debug_zval_dump($GLOBALS["str"]);
++
++/* Extracting Global Variables */
++$splat = array("foo" => "bar");
++var_dump(extract(array("GLOBALS" => $splat, EXTR_OVERWRITE)));
++
++unset ($splat);
++
++debug_zval_dump($GLOBALS["str"]);
++
++echo "\nDone";
++?>
++
++--EXPECTF--
++string(4) "John" refcount(2)
++int(0)
++string(4) "John" refcount(2)
++
++Done
+\ No newline at end of file
diff --git a/debian/patches/series b/debian/patches/series
index 6aa9bfa..97ee0c7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -76,3 +76,4 @@ crash_in_zip_extract.patch
 unaligned_memory_access_in_hash_tiger.c.patch
 CVE-2010-4150.patch
 fix-infinite-loop-with-x87-cpu.patch
+do-not-overwrite-GLOBALS-and-this.patch
-- 
1.7.1





More information about the Pkg-php-commits mailing list