From: Markus dot Lidel at shadowconnect dot com
Operating system: Linux
PHP version: Irrelevant
PHP Bug Type: Reproducible crash
Bug description: zend_fetch_list_dtor_id() doesn't check NULL strings
Description:
------------
If you use the zend_fetch_list_dtor_id function, and you have for example
loaded the "crack" extension (which registers a destructor using the
function register_list_destructors()), php crashes. The source of the
problem is this line:
if (strcmp(type_name, lde->type_name) == 0) {
The register_list_destructors() set lde->type_name to NULL. If you replace
the code with
if (lde->type_name && (strcmp(type_name, lde->type_name) == 0)) {
the function works fine.
Reproduce code:
---------------
int id = zend_fetch_list_dtor_id function("foo");
--
Edit bug report at http://bugs.php.net/?id=26753&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26753&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26753&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=26753&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=26753&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=26753&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=26753&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=26753&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=26753&r=support
Expected behavior: http://bugs.php.net/fix.php?id=26753&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=26753&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=26753&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=26753&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26753&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=26753&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=26753&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=26753&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26753&r=float
