Do you have an example script that can be used to reproduce the supposed memory access violation?
The function php_basename actually DOES access the char at s-1, i.e. one byte before the string it is passed. If you hand it a buffer gotten from malloc you get a valgrind hit. If I use emalloc this doesn't happen, I guess emalloc has some header stuff before the allocation. If for whatever reason s[-1] contains '/' then things would get even worse.
Conclusion: The internal function php_basename IS accessing one byte before the buffer passed to it but the PHP environment seems to hide this behaviour.
Is this a bug which should proactively been fixed? Or do we rely on the environment to guarantee that we can access s[-1] without problems? I don't know and it's up to you PHP gods to decide ;-)
- Chris
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
