I think I brought this up here before too. I can't remember the outcome - would you mind looking through the archives?
--Wez. > The macro is used to update a hash table element in > zend_hash_add_or_update(). But it seems to me that if p->pData already > points to a > data block that hash size != sizeof (void *), and the macro is called to > update the hash element with another block that has > size != sizeof (void *), then the data block pointed at by p->pData will not > be reallocated and the last memcpy() call will overwrite the old > data block with the new data. This could possibly lead to memory corruption > if the new block is bigger than the old block. > > Could any of the PHP developers comment on this? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
