On Fri, 2009-06-26 at 14:23 -0700, Andrei Zmievski wrote: > I found what is effectively a memory corruption bug in all the branches. > pecalloc() uses > the wrong length to zero out the memory. Patch is attached, although I'm > somewhat > concerned about using just (nmemb*len) instead of something like > safe_address(nmemb*len), > but safe_address() is inlined in zend_alloc.c not in the header file. > > We should apply this to 5.2/5.3 before the release.
Agreed. johanes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
