SplHeap: Avoid memcpy on overlapping pointer

Check if data would overlap and also add an assert. Previous
implementations didn't have this issue, as the direct assignment was
used.

Signed-off-by: Anatol Belski <ab@php.net>

diff --git a/ext/spl/spl_heap.c b/ext/spl/spl_heap.c
index 4aea640c71ece1fa10609a98453d5900976eeb2f..abe13cb38f232a0d9de60cc05114eac8d8ad5296 100644 (file)
--- a/ext/spl/spl_heap.c
+++ b/ext/spl/spl_heap.c
@@ -98,6 +98,7 @@ static zend_always_inline void *spl_heap_elem(spl_ptr_heap *heap, size_t i) {
 }
 
 static zend_always_inline void spl_heap_elem_copy(spl_ptr_heap *heap, void *to, void *from) {
+       assert(to != from);
        memcpy(to, from, heap->elem_size);
 }
 
@@ -333,7 +334,10 @@ static int spl_ptr_heap_delete_top(spl_ptr_heap *heap, void *elem, void *cmp_use
                heap->flags |= SPL_HEAP_CORRUPTED;
        }
 
-       spl_heap_elem_copy(heap, spl_heap_elem(heap, i), bottom);
+       void *to = spl_heap_elem(heap, i);
+       if (to != bottom) {
+               spl_heap_elem_copy(heap, to, bottom);
+       }
        return SUCCESS;
 }
 /* }}} */