memory copy issue in sysvshm extension
| Bug #55750 | memory copy issue in sysvshm extension | ||||
|---|---|---|---|---|---|
| Submitted: | 2011-09-21 06:03 UTC | Modified: | 2011-10-03 18:16 UTC | ||
| From: | jeffhuang9999 at gmail dot com | Assigned: | iliaa (profile) | ||
| Status: | Closed | Package: | *General Issues | ||
| PHP Version: | 5.4SVN-2011-09-21 (snap) | OS: | Linux | ||
| Private report: | No | CVE-ID: | None | ||
[2011-09-21 06:03 UTC] jeffhuang9999 at gmail dot com
Description: ------------ In the function php_remove_shm_data() in ext/sysvshm/sysvshm.c, memcpy() is used for copying a piece of data from next_chunk_ptr to chunk_ptr. If there is an memory overlap between the source and the destination, using memcpy() could result in unexpected result. Test script: --------------- NA
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2011-09-21 06:04 UTC] jeffhuang9999 at gmail dot com
Patch: --- ext/sysvshm/sysvshm.c +++ ext/sysvshm/sysvshm.c @@ -424,7 +424,7 @@ ptr->free += chunk_ptr->next; ptr->end -= chunk_ptr->next; if (memcpy_len > 0) { - memcpy(chunk_ptr, next_chunk_ptr, memcpy_len); + memmove(chunk_ptr, next_chunk_ptr, memcpy_len); } return 0; }[2011-10-03 18:16 UTC] iliaa@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa