cellog          Tue Feb 12 23:27:46 2008 UTC

  Modified files:              
    /php-src/ext/zlib   zlib_filter.c 
  Log:
  fix potential memleak due to destruction of filterparams zval
  
http://cvs.php.net/viewvc.cgi/php-src/ext/zlib/zlib_filter.c?r1=1.22&r2=1.23&diff_format=u
Index: php-src/ext/zlib/zlib_filter.c
diff -u php-src/ext/zlib/zlib_filter.c:1.22 php-src/ext/zlib/zlib_filter.c:1.23
--- php-src/ext/zlib/zlib_filter.c:1.22 Sat Jan 12 22:28:04 2008
+++ php-src/ext/zlib/zlib_filter.c      Tue Feb 12 23:27:46 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zlib_filter.c,v 1.22 2008/01/12 22:28:04 cellog Exp $ */
+/* $Id: zlib_filter.c,v 1.23 2008/02/12 23:27:46 cellog Exp $ */
 
 #include "php.h"
 #include "php_zlib.h"
@@ -332,15 +332,17 @@
 
                        if ((Z_TYPE_P(filterparams) == IS_ARRAY || 
Z_TYPE_P(filterparams) == IS_OBJECT) &&
                                zend_hash_find(HASH_OF(filterparams), "window", 
sizeof("window"), (void **) &tmpzval) == SUCCESS) {
+                               zval tmp;
+
                                /* log-2 base of history window (9 - 15) */
-                               SEPARATE_ZVAL(tmpzval);
-                               convert_to_long_ex(tmpzval);
-                               if (Z_LVAL_PP(tmpzval) < -MAX_WBITS || 
Z_LVAL_PP(tmpzval) > MAX_WBITS + 32) {
-                                       php_error_docref(NULL TSRMLS_CC, 
E_WARNING, "Invalid parameter give for window size. (%ld)", Z_LVAL_PP(tmpzval));
+                               tmp = **tmpzval;
+                               zval_copy_ctor(&tmp);
+                               convert_to_long(&tmp);
+                               if (Z_LVAL(tmp) < -MAX_WBITS || Z_LVAL(tmp) > 
MAX_WBITS + 32) {
+                                       php_error_docref(NULL TSRMLS_CC, 
E_WARNING, "Invalid parameter give for window size. (%ld)", Z_LVAL(tmp));
                                } else {
-                                       windowBits = Z_LVAL_PP(tmpzval);
+                                       windowBits = Z_LVAL(tmp);
                                }
-                               zval_ptr_dtor(tmpzval);
                        }
                }
 
@@ -364,27 +366,33 @@
                                case IS_ARRAY:
                                case IS_OBJECT:
                                        if 
(zend_hash_find(HASH_OF(filterparams), "memory", sizeof("memory"), (void**) 
&tmpzval) == SUCCESS) {
+                                               zval tmp;
+               
+                                               tmp = **tmpzval;
+                                               zval_copy_ctor(&tmp);
+                                               convert_to_long(&tmp);
+
                                                /* Memory Level (1 - 9) */
-                                               SEPARATE_ZVAL(tmpzval);
-                                               convert_to_long_ex(tmpzval);
-                                               if (Z_LVAL_PP(tmpzval) < 1 || 
Z_LVAL_PP(tmpzval) > MAX_MEM_LEVEL) {
-                                                       php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Invalid parameter give for memory level. (%ld)", 
Z_LVAL_PP(tmpzval));
+                                               if (Z_LVAL(tmp) < 1 || 
Z_LVAL(tmp) > MAX_MEM_LEVEL) {
+                                                       php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Invalid parameter give for memory level. (%ld)", 
Z_LVAL(tmp));
                                                } else {
-                                                       memLevel = 
Z_LVAL_PP(tmpzval);
+                                                       memLevel = Z_LVAL(tmp);
                                                }
-                                               zval_ptr_dtor(tmpzval);
                                        }
 
                                        if 
(zend_hash_find(HASH_OF(filterparams), "window", sizeof("window"), (void**) 
&tmpzval) == SUCCESS) {
+                                               zval tmp;
+               
+                                               tmp = **tmpzval;
+                                               zval_copy_ctor(&tmp);
+                                               convert_to_long(&tmp);
+
                                                /* log-2 base of history window 
(9 - 15) */
-                                               SEPARATE_ZVAL(tmpzval);
-                                               convert_to_long_ex(tmpzval);
-                                               if (Z_LVAL_PP(tmpzval) < 
-MAX_WBITS || Z_LVAL_PP(tmpzval) > MAX_WBITS + 16) {
-                                                       php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Invalid parameter give for window size. (%ld)", 
Z_LVAL_PP(tmpzval));
+                                               if (Z_LVAL(tmp) < -MAX_WBITS || 
Z_LVAL(tmp) > MAX_WBITS + 16) {
+                                                       php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Invalid parameter give for window size. (%ld)", 
Z_LVAL(tmp));
                                                } else {
-                                                       windowBits = 
Z_LVAL_PP(tmpzval);
+                                                       windowBits = 
Z_LVAL(tmp);
                                                }
-                                               zval_ptr_dtor(tmpzval);
                                        }
 
                                        if 
(zend_hash_find(HASH_OF(filterparams), "level", sizeof("level"), (void**) 
&tmpzval) == SUCCESS) {
@@ -395,17 +403,20 @@
                                case IS_STRING:
                                case IS_DOUBLE:
                                case IS_LONG:
-                                       tmpzval = &filterparams;
+                                       {
+                                               zval tmp;
+               
+                                               tmp = *filterparams;
+                                               zval_copy_ctor(&tmp);
+                                               convert_to_long(&tmp);
 factory_setlevel:
-                                       /* Set compression level within reason 
(-1 == default, 0 == none, 1-9 == least to most compression */
-                                       SEPARATE_ZVAL(tmpzval);
-                                       convert_to_long_ex(tmpzval);
-                                       if (Z_LVAL_PP(tmpzval) < -1 || 
Z_LVAL_PP(tmpzval) > 9) {
-                                               php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Invalid compression level specified. (%ld)", 
Z_LVAL_PP(tmpzval));
-                                       } else {
-                                               level = Z_LVAL_PP(tmpzval);
+                                               /* Set compression level within 
reason (-1 == default, 0 == none, 1-9 == least to most compression */
+                                               if (Z_LVAL(tmp) < -1 || 
Z_LVAL(tmp) > 9) {
+                                                       php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Invalid compression level specified. (%ld)", 
Z_LVAL(tmp));
+                                               } else {
+                                                       level = Z_LVAL(tmp);
+                                               }
                                        }
-                                       zval_ptr_dtor(tmpzval);
                                        break;
                                default:
                                        php_error_docref(NULL TSRMLS_CC, 
E_WARNING, "Invalid filter parameter, ignored");

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to