|| at May 25, 2005 at 7:26 pm
The patch doesn't look quite right.
+ zval tmpz;
+ zval *tmpzp;
+ tmpz = *(*val);
+ tmpzp = &tmpz;
I think that this is a place where convert_to_string(val) should be
- in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val));
+ in = BIO_new_mem_buf(Z_STRVAL_PP(&tmpzp),
If you still need to use zval* instead of zval**, you can use
Z_STRVAL_P(tmpzp) instead of taking the address and using
Can you check your patch again using convert_to_string() instead?
On 5/25/05, Kamesh Jayachandran wrote:
Hi Wez & Jani,
Following snippet causes double free of memory, corrupts the symbol
$pk=false;//As openssl_get_publickey($nonsense) can give false
The culprit is php_openssl_evp_from_zval which is called by
openssl_public_encrypt reduces the refcount of $pk from 2 to 1.
zend_ptr_stack_clear_multiple reduces it again to 0 as a normal cleanup
upon return from openssl_public_encrypt.
And hence zval associated with $pk is getting freed.
But symbol table still refers to freed pointer.
The patch for 5.0 Tree is available at,http://puggy.symonds.net/~kameshj/openssl.c.patch.5.0
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php