Do you have an example script that can be used to reproduce the supposed
memory access violation?
Ilia
On June 14, 2004 01:51 pm, Alexander Valyalkin wrote:
> Here is patch for basename() function, which prevents possible
> memory access violation:
>
> =========cut=========
> --- string.c Thu May 13 20:44:32 2004
> +++ string_basename.c Mon Jun 14 20:43:33 2004
> @@ -1079,9 +1079,9 @@
>
>
> /* strip trailing slashes */
> - while (*c == '/'
> + while (c >= s && *c == '/'
> #ifdef PHP_WIN32
> - || (*c == '\\' && !IsDBCSLeadByte(*(c-1)))
> + || (c > s && *c == '\\' && !IsDBCSLeadByte(*(c-1)))
> #endif
> )
> c--;
> @@ -1092,10 +1092,10 @@
> }
>
> #ifdef PHP_WIN32
> - if ((c = strrchr(s, '/')) || ((c = strrchr(s, '\\')) &&
> !IsDBCSLeadByte(*(c-1)))) {
> + if ((c = strrchr(s, '/')) || ((c = strrchr(s, '\\')) && c > s &&
> !IsDBCSLeadByte(*(c-1)))) {
> if (*c == '/') {
> char *c2 = strrchr(s, '\\');
> - if (c2 && !IsDBCSLeadByte(*(c2-1)) && c2 > c) {
> + if (c2 && c2 > s && !IsDBCSLeadByte(*(c2-1)) && c2 > c) {
> c = c2;
> }
> }
> =========cut==========
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
