archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.3' into PHP-8.4

Browse source 
* PHP-8.3:
  Fix is_zend_ptr() huge block comparison
This commit is contained in:
Niels Dossche 2024-11-26 19:24:47 +01:00
commit 8fdcd9f051
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -5,6 +5,7 @@ PHP NEWS
- Core: - Core:
. Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and . Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and
skipLazyInitialization() may change initialized proxy). (Arnaud) skipLazyInitialization() may change initialized proxy). (Arnaud)
. Fix is_zend_ptr() huge block comparison. (nielsdos)
- DOM: - DOM:
. Fixed bug GH-16906 (Reloading document can cause UAF in iterator). . Fixed bug GH-16906 (Reloading document can cause UAF in iterator).

4
Zend/zend_alloc.c
View file

@ -2617,8 +2617,8 @@ ZEND_API bool is_zend_ptr(const void *ptr)
zend_mm_huge_list *block = AG(mm_heap)->huge_list; zend_mm_huge_list *block = AG(mm_heap)->huge_list;
while (block) { while (block) {
if (ptr >= (void*)block if (ptr >= block->ptr
&& ptr < (void*)((char*)block + block->size)) { && ptr < (void*)((char*)block->ptr + block->size)) {
return 1; return 1;
} }
block = block->next; block = block->next;