From afe14236e3f172a656290fefa3d0ffa57bb48aa4 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Sun, 21 Jun 2020 22:16:56 +0200
Subject: [PATCH] SplHeap: Avoid memcpy on overlapping pointer

Check if data would overlap and also add an assert. Previous
implementations didn't have this issue, as the direct assignment was
used.

Signed-off-by: Anatol Belski <ab@php.net>
---
 ext/spl/spl_heap.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ext/spl/spl_heap.c b/ext/spl/spl_heap.c
index 4aea640c71..abe13cb38f 100644
--- a/ext/spl/spl_heap.c
+++ b/ext/spl/spl_heap.c
@@ -98,6 +98,7 @@ static zend_always_inline void *spl_heap_elem(spl_ptr_heap *heap, size_t i) {
 }
 
 static zend_always_inline void spl_heap_elem_copy(spl_ptr_heap *heap, void *to, void *from) {
+	assert(to != from);
 	memcpy(to, from, heap->elem_size);
 }
 
@@ -333,7 +334,10 @@ static int spl_ptr_heap_delete_top(spl_ptr_heap *heap, void *elem, void *cmp_use
 		heap->flags |= SPL_HEAP_CORRUPTED;
 	}
 
-	spl_heap_elem_copy(heap, spl_heap_elem(heap, i), bottom);
+	void *to = spl_heap_elem(heap, i);
+	if (to != bottom) {
+		spl_heap_elem_copy(heap, to, bottom);
+	}
 	return SUCCESS;
 }
 /* }}} */
-- 
2.40.0