lbarnaud                Sat Sep  6 08:22:25 2008 UTC

  Modified files:              
    /php-src/main       rfc1867.c 
  Log:
  Fix mem leak and invalid frees in rfc1867 post handler
  
  
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.193&r2=1.194&diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.193 php-src/main/rfc1867.c:1.194
--- php-src/main/rfc1867.c:1.193        Fri Mar 14 13:10:22 2008
+++ php-src/main/rfc1867.c      Sat Sep  6 08:22:25 2008
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: rfc1867.c,v 1.193 2008/03/14 13:10:22 tony2001 Exp $ */
+/* $Id: rfc1867.c,v 1.194 2008/09/06 08:22:25 lbarnaud Exp $ */
 
 /*
  *  This product includes software developed by the Apache Group
@@ -1300,13 +1300,13 @@
                                        if (cancel_upload != UPLOAD_ERROR_E) { 
/* file creation failed */
                                                unlink(ascii_temp_filename);
                                        }
-                                       efree(ascii_temp_filename);
                                        efree(temp_filename);
                                }
                                temp_filename = EMPTY_STR;
                        } else {
                                zend_u_hash_add(SG(rfc1867_uploaded_files), 
IS_UNICODE, ZSTR(temp_filename), u_strlen(temp_filename) + 1, &temp_filename, 
sizeof(UChar *), NULL);
                        }
+                       efree(ascii_temp_filename);
 
                        /* is_arr_upload is true when name of file upload field
                         * ends in [.*]
@@ -1372,7 +1372,7 @@
 
                        /* Possible Content-Type: */
                        if (cancel_upload || !(cd = 
php_mime_get_hdr_value(header, "Content-Type"))) {
-                               ucd = EMPTY_STR;
+                               ucd = ecalloc(1, UBYTES(1));
                                ucd_len = 0;
                        } else { 
                                ucd = php_ap_to_unicode(cd, strlen(cd), 
&ucd_len TSRMLS_CC);
@@ -1470,7 +1470,6 @@
                                register_u_http_post_files_variable_ex(lbuf, 
&file_size, http_post_files, 0 TSRMLS_CC);
                        }
                        efree(param);
-                       efree(filename);
                }
        }
 



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to