Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3: Fix is_zend_ptr() huge block comparison
2024-11-26 19:24:47 +01:00
parent 118ed09ab2 02b1056714
commit 8fdcd9f051
2 changed files with 3 additions and 2 deletions
--- a/1
+++ b/1
@ -5,6 +5,7 @@ PHP                                                                        NEWS
 - Core:
  . Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and
    skipLazyInitialization() may change initialized proxy). (Arnaud)
+  . Fix is_zend_ptr() huge block comparison. (nielsdos)

 - DOM:
  . Fixed bug GH-16906 (Reloading document can cause UAF in iterator).
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@ -2617,8 +2617,8 @@ ZEND_API bool is_zend_ptr(const void *ptr)

 	zend_mm_huge_list *block = AG(mm_heap)->huge_list;
 	while (block) {
-		if (ptr >= (void*)block
-				&& ptr < (void*)((char*)block + block->size)) {
+		if (ptr >= block->ptr
+				&& ptr < (void*)((char*)block->ptr + block->size)) {
 			return 1;
 		}
 		block = block->next;