[PHP-CVS] cvs: php-src /ext/com_dotnet com_typeinfo.c /ext/com_dotnet/tests bug39606.phpt

Sat, 09 Dec 2006 02:53:44 -0800 

rrichards               Sat Dec  9 10:53:05 2006 UTC

  Modified files:              
    /php-src/ext/com_dotnet     com_typeinfo.c 
    /php-src/ext/com_dotnet/tests       bug39606.phpt 
  Log:
  MFB: fix heap corruption when adding/caching typelib (also fixes bug 39606)
  add test
  
http://cvs.php.net/viewvc.cgi/php-src/ext/com_dotnet/com_typeinfo.c?r1=1.10&r2=1.11&diff_format=u
Index: php-src/ext/com_dotnet/com_typeinfo.c
diff -u php-src/ext/com_dotnet/com_typeinfo.c:1.10 
php-src/ext/com_dotnet/com_typeinfo.c:1.11
--- php-src/ext/com_dotnet/com_typeinfo.c:1.10  Fri Aug 25 12:03:31 2006
+++ php-src/ext/com_dotnet/com_typeinfo.c       Sat Dec  9 10:53:05 2006
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: com_typeinfo.c,v 1.10 2006/08/25 12:03:31 edink Exp $ */
+/* $Id: com_typeinfo.c,v 1.11 2006/12/09 10:53:05 rrichards Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -220,8 +220,8 @@
 /* Type-library stuff */
 void php_com_typelibrary_dtor(void *pDest)
 {
-       ITypeLib *Lib = (ITypeLib*)pDest;
-       ITypeLib_Release(Lib);
+       ITypeLib **Lib = (ITypeLib**)pDest;
+       ITypeLib_Release(*Lib);
 }
 
 PHPAPI ITypeLib *php_com_load_typelib_via_cache(char *search_string,
@@ -249,7 +249,7 @@
 
        if (TL) {
                if (SUCCESS == zend_ts_hash_update(&php_com_typelibraries,
-                               search_string, l+1, (void*)TL, 
sizeof(ITypeLib*), NULL)) {
+                               search_string, l+1, (void*)&TL, 
sizeof(ITypeLib*), NULL)) {
                        /* add a reference for the hash table */
                        ITypeLib_AddRef(TL);
                }
http://cvs.php.net/viewvc.cgi/php-src/ext/com_dotnet/tests/bug39606.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/com_dotnet/tests/bug39606.phpt
diff -u /dev/null php-src/ext/com_dotnet/tests/bug39606.phpt:1.2
--- /dev/null   Sat Dec  9 10:53:05 2006
+++ php-src/ext/com_dotnet/tests/bug39606.phpt  Sat Dec  9 10:53:05 2006
@@ -0,0 +1,22 @@
+--TEST--
+COM: Loading typelib corrupts memory
+--SKIPIF--
+<?php # vim:ft=php
+if (!extension_loaded("com_dotnet")) print "skip COM/.Net support not 
present"; ?>
+--FILE--
+<?php // $Id: bug39606.phpt,v 1.2 2006/12/09 10:53:05 rrichards Exp $
+error_reporting(E_ALL);
+
+$arEnv = array_change_key_case($_SERVER, CASE_UPPER);
+
+$root = dirname($arEnv['COMSPEC']);
+$typelib = $root.'\activeds.tlb';
+
+var_dump(com_load_typelib($typelib));
+var_dump(com_load_typelib($typelib));
+?>
+===DONE===
+--EXPECT--
+bool(true)
+bool(true)
+===DONE===
\ No newline at end of file

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to