Overview

File php-CVE-2014-4698.patch of Package php5.openSUSE_12.3_Update

X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_array.c;h=0fe47b651c13f80c35e612de5cf69ea306095fe6;hp=8392e72714b80483641b1a0d2b6e6389e3c22959;hb=22882a9d89712ff2b6ebc20a689a89452bba4dcd;hpb=df78c48354f376cf419d7a97f88ca07d572f00fb
Index: ext/spl/spl_array.c
===================================================================
--- ext/spl/spl_array.c.orig	2014-07-17 15:57:13.633410017 +0200
+++ ext/spl/spl_array.c	2014-07-17 15:57:13.649410017 +0200
@@ -1753,8 +1753,15 @@
 {
 	const unsigned char *p, *s;
 	zval *pmembers, *pflags = NULL;
+	HashTable *aht;
 	long flags;
 
+	aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
+	if (aht->nApplyCount > 0) {
+		zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited");
+		return;
+	}
+
 	/* storage */
 	s = p = buf;
openSUSE Build Service is sponsored by
Places