ID: 38198
Updated by: [EMAIL PROTECTED]
Reported By: cosborne at gmail dot com
-Status: Open
+Status: Assigned
Bug Type: COM related
Operating System: Windows XP/2K3
PHP Version: 5.1.4
-Assigned To:
+Assigned To: wez
Previous Comments:
------------------------------------------------------------------------
[2006-07-24 19:08:50] cosborne at gmail dot com
Description:
------------
I reported this bug a few weeks ago (#37975), but it's still not been
assigned, despite having added a fix to the report.
IDispatch_Invoke (ext\com_dotnet\com_com.c:346) is passed an
uninitialized EXCEPINFO structure. If an exception occurs, as part of
the exception handling process (wbemdisp!SetException), the string
parameters of the EXCEPINFO structure are checked, and if they are
non-zero, SysFreeString is called on the parameter. Since the passed
EXCEPINFO structure is uninitialized the pointers are invalid and an
access violation results.
To fix this bug, the EXCEPINFO structure needs to be zeroed before
IDispatch_Invoke is called.
Reproduce code:
---------------
Whilst this bug could presumably occur at any time due to the "random"
nature of the data that may be contained in the uninitialized
structure, the following code causes an exception on every execution:
$wmiLocator = new COM("WbemScripting.SWbemLocator");
$wmi = $wmiLocator->ConnectServer(".","root/MicrosoftDNS");
$a_rr = $wmi->Get("MicrosoftDNS_AType");
$a_rr->CreateInstanceFromTextRepresentation("","example.com","[*already
existent domain name*] IN A 127.0.0.1");
Expected result:
----------------
The final call should result in a "Generic Failure" com_exception.
Actual result:
--------------
PHP crashes with an access violation.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=38198&edit=1
