The "hash" function used strncpy on data that would have NUL bytes, ending the
copy prematurely and causing collisions between objects.
ReflectionMethod::invokeArgs()). (Laruence)
- SPL:
+ . Fixed bug #61453 (SplObjectStorage does not identify objects correctly).
+ (Gustavo)
. Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
- Standard:
return (char*)&Z_OBJVAL_P(obj);
#else
- char *hash = emalloc((hash_len+1)*sizeof(char));
+ char *hash = emalloc(hash_len + 1);
zend_object_value zvalue;
memset(&zvalue, 0, sizeof(zend_object_value));
zvalue.handle = Z_OBJ_HANDLE_P(obj);
zvalue.handlers = Z_OBJ_HT_P(obj);
- strncpy(hash, (char *)&zvalue, hash_len);
+ memcpy(hash, (char *)&zvalue, hash_len);
hash[hash_len] = 0;
if (hash_len_ptr) {
--- /dev/null
+--TEST--
+Bug #61453: SplObjectStorage does not identify objects correctly
+--FILE--
+<?php
+$limit = 1000;
+$objects = new SplObjectStorage;
+for($i = 0; $i < $limit; $i++){
+ $object = new StdClass;
+
+ if(isset($objects[$object])){
+ die("this should never happen, but did after $i iteration");
+ }
+
+ $objects[$object] = 1;
+}
+?>
+==DONE==
+--EXPECT--
+==DONE==
projects / php / commitdiff