[Pkg-php-commits] [php/debian-sid] Cherry pick fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE
Ondřej Surý
ondrej at sury.org
Wed Jan 5 10:06:14 UTC 2011
---
.../do-not-overwrite-GLOBALS-and-this.patch | 43 ++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 44 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/do-not-overwrite-GLOBALS-and-this.patch
diff --git a/debian/patches/do-not-overwrite-GLOBALS-and-this.patch b/debian/patches/do-not-overwrite-GLOBALS-and-this.patch
new file mode 100644
index 0000000..3a22fdb
--- /dev/null
+++ b/debian/patches/do-not-overwrite-GLOBALS-and-this.patch
@@ -0,0 +1,43 @@
+--- a/ext/standard/array.c
++++ b/ext/standard/array.c
+@@ -1389,10 +1389,10 @@ PHP_FUNCTION(extract)
+
+ case EXTR_OVERWRITE:
+ /* GLOBALS protection */
+- if (var_exists && var_name_len == sizeof("GLOBALS") && !strcmp(var_name, "GLOBALS")) {
++ if (var_exists && var_name_len == sizeof("GLOBALS")-1 && !strcmp(var_name, "GLOBALS")) {
+ break;
+ }
+- if (var_exists && var_name_len == sizeof("this") && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) {
++ if (var_exists && var_name_len == sizeof("this")-1 && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) {
+ break;
+ }
+ ZVAL_STRINGL(&final_name, var_name, var_name_len, 1);
+--- /dev/null
++++ b/ext/standard/tests/array/extract_safety.phpt
+@@ -0,0 +1,24 @@
++--TEST--
++Test extract() for overwrite of GLOBALS
++--FILE--
++<?php
++$str = "John";
++debug_zval_dump($GLOBALS["str"]);
++
++/* Extracting Global Variables */
++$splat = array("foo" => "bar");
++var_dump(extract(array("GLOBALS" => $splat, EXTR_OVERWRITE)));
++
++unset ($splat);
++
++debug_zval_dump($GLOBALS["str"]);
++
++echo "\nDone";
++?>
++
++--EXPECTF--
++string(4) "John" refcount(2)
++int(0)
++string(4) "John" refcount(2)
++
++Done
+\ No newline at end of file
diff --git a/debian/patches/series b/debian/patches/series
index 6aa9bfa..97ee0c7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -76,3 +76,4 @@ crash_in_zip_extract.patch
unaligned_memory_access_in_hash_tiger.c.patch
CVE-2010-4150.patch
fix-infinite-loop-with-x87-cpu.patch
+do-not-overwrite-GLOBALS-and-this.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list