Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #77821: Potential heap corruption in TSendMail()
`zend_string_tolower()` returns a copy (not a duplicate) of the given string, if it is already in lower case. In this case we must not not `zend_string_free()` both strings. The cleanest solution is to call ` zend_string_release()` on both strings, which properly handles the refcount.
- Loading branch information
6c631cc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should possibly establish a policy against use of zend_string_free outside Zend. This is not the first and not the third issues of this kind -- this optimization doesn't seem worth the trouble it causes when functions are improved to reuse strings.
6c631cc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it's time to create a README in the source with this kind of things... Or README.STRINGS specifically.