php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-24 16:38:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix out of bounds access in gc_find_additional_buffer()

Browse Source
This commit is contained in:
Nikita Popov
2017-03-07 13:16:06 +01:00
parent 648b756f35
commit 549a30d2cd
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Zend/zend_gc.c
+6 -3
View File
@@ -275,9 +275,12 @@ static zend_always_inline gc_root_buffer* gc_find_additional_buffer(zend_refcoun
/* We have to check each additional_buffer to find which one holds the ref */
while (additional_buffer) {
gc_root_buffer *root = additional_buffer->buf + (GC_ADDRESS(GC_INFO(ref)) - GC_ROOT_BUFFER_MAX_ENTRIES);
if (root->ref == ref) {
return root;
uint32_t idx = GC_ADDRESS(GC_INFO(ref)) - GC_ROOT_BUFFER_MAX_ENTRIES;
if (idx < additional_buffer->used) {
gc_root_buffer *root = additional_buffer->buf + idx;
if (root->ref == ref) {
return root;
}
}
additional_buffer = additional_buffer->next;
}