archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix potential heap corruption due to alignment mismatch

Browse source 
The fix for bug 63327[1] changed the extra size of mysqlnd allocations
from `sizeof(size_t)` to the properly aligned values; however, the
allocation in `_mysqlnd_pestrdup()` has apparently been overlooked,
which (currently) causes detectable heap corruption when running
mysqli_get_client_stats.phpt on 32bit Windows versions.

[1] <338a47bb85>

Closes GH-9724.
This commit is contained in:
Christoph M. Becker 2022-10-11 17:14:39 +02:00
parent 577b904fdc
commit 7e14d2466a
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ext/mysqlnd/mysqlnd_alloc.c
View file

@ -346,7 +346,7 @@ static char * _mysqlnd_pestrdup(const char * const ptr, bool persistent MYSQLND_
smart_str_appendc(&tmp_str, *p);
} while (*p++);
ret = pemalloc_rel(ZSTR_LEN(tmp_str.s) + sizeof(size_t), persistent);
ret = pemalloc_rel(REAL_SIZE(ZSTR_LEN(tmp_str.s)), persistent);
memcpy(FAKE_PTR(ret), ZSTR_VAL(tmp_str.s), ZSTR_LEN(tmp_str.s));
if (ret && collect_memory_statistics) {