felipe                                   Mon, 12 Oct 2009 17:09:11 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=289581

Log:
- Fixed PDORow and PDOStatement crashes when instantiating throught Reflection

Changed paths:
    U   php/php-src/branches/PHP_5_2/Zend/zend_objects.c
    U   php/php-src/branches/PHP_5_2/ext/pdo/pdo_dbh.c
    U   php/php-src/branches/PHP_5_2/ext/pdo/pdo_stmt.c
    A   php/php-src/branches/PHP_5_2/ext/pdo/tests/pdo_036.phpt
    U   php/php-src/branches/PHP_5_3/Zend/zend_objects.c
    U   php/php-src/branches/PHP_5_3/ext/pdo/pdo_dbh.c
    U   php/php-src/branches/PHP_5_3/ext/pdo/pdo_stmt.c
    A   php/php-src/branches/PHP_5_3/ext/pdo/tests/pdo_036.phpt
    U   php/php-src/trunk/Zend/zend_objects.c
    U   php/php-src/trunk/ext/pdo/pdo_dbh.c
    U   php/php-src/trunk/ext/pdo/pdo_stmt.c
    A   php/php-src/trunk/ext/pdo/tests/pdo_036.phpt

Modified: php/php-src/branches/PHP_5_2/Zend/zend_objects.c
===================================================================
--- php/php-src/branches/PHP_5_2/Zend/zend_objects.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/branches/PHP_5_2/Zend/zend_objects.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -49,7 +49,7 @@

 ZEND_API void zend_objects_destroy_object(zend_object *object, zend_object_handle handle TSRMLS_DC)
 {
-	zend_function *destructor = object->ce->destructor;
+	zend_function *destructor = object ? object->ce->destructor : NULL;

 	if (destructor) {
 		zval *obj;

Modified: php/php-src/branches/PHP_5_2/ext/pdo/pdo_dbh.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/pdo/pdo_dbh.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/branches/PHP_5_2/ext/pdo/pdo_dbh.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -110,7 +110,7 @@
 	char *message = NULL;
 	zval *info = NULL;

-	if (dbh->error_mode == PDO_ERRMODE_SILENT) {
+	if (dbh == NULL || dbh->error_mode == PDO_ERRMODE_SILENT) {
 		return;
 	}


Modified: php/php-src/branches/PHP_5_2/ext/pdo/pdo_stmt.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/pdo/pdo_stmt.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/branches/PHP_5_2/ext/pdo/pdo_stmt.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -2597,27 +2597,29 @@

 	MAKE_STD_ZVAL(return_value);
 	RETVAL_NULL();
-
-	if (Z_TYPE_P(member) == IS_LONG) {
-		if (Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count) {
-			fetch_value(stmt, return_value, Z_LVAL_P(member), NULL TSRMLS_CC);
-		}
-	} else {
-		convert_to_string(member);
-		/* TODO: replace this with a hash of available column names to column
-		 * numbers */
-		for (colno = 0; colno < stmt->column_count; colno++) {
-			if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
-				fetch_value(stmt, return_value, colno, NULL TSRMLS_CC);
-				return_value->refcount = 0;
-				return_value->is_ref = 0;
-				return return_value;
+
+	if (stmt) {
+		if (Z_TYPE_P(member) == IS_LONG) {
+			if (Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count) {
+				fetch_value(stmt, return_value, Z_LVAL_P(member), NULL TSRMLS_CC);
 			}
+		} else {
+			convert_to_string(member);
+			/* TODO: replace this with a hash of available column names to column
+			 * numbers */
+			for (colno = 0; colno < stmt->column_count; colno++) {
+				if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
+					fetch_value(stmt, return_value, colno, NULL TSRMLS_CC);
+					return_value->refcount = 0;
+					return_value->is_ref = 0;
+					return return_value;
+				}
+			}
+			if (strcmp(Z_STRVAL_P(member), "queryString") == 0) {
+				zval_ptr_dtor(&return_value);
+				return std_object_handlers.read_property(object, member, IS_STRING TSRMLS_CC);
+			}
 		}
-		if (strcmp(Z_STRVAL_P(member), "queryString") == 0) {
-			zval_ptr_dtor(&return_value);
-			return std_object_handlers.read_property(object, member, IS_STRING TSRMLS_CC);
-		}
 	}

 	return_value->refcount = 0;
@@ -2636,16 +2638,18 @@
 	pdo_stmt_t * stmt = (pdo_stmt_t *) zend_object_store_get_object(object TSRMLS_CC);
 	int colno = -1;

-	if (Z_TYPE_P(member) == IS_LONG) {
-		return Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count;
-	} else {
-		convert_to_string(member);
+	if (stmt) {
+		if (Z_TYPE_P(member) == IS_LONG) {
+			return Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count;
+		} else {
+			convert_to_string(member);

-		/* TODO: replace this with a hash of available column names to column
-		 * numbers */
-		for (colno = 0; colno < stmt->column_count; colno++) {
-			if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
-				return 1;
+			/* TODO: replace this with a hash of available column names to column
+			 * numbers */
+			for (colno = 0; colno < stmt->column_count; colno++) {
+				if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
+					return 1;
+				}
 			}
 		}
 	}
@@ -2663,6 +2667,10 @@
 	pdo_stmt_t * stmt = (pdo_stmt_t *) zend_object_store_get_object(object TSRMLS_CC);
 	int i;

+	if (stmt == NULL) {
+		return NULL;
+	}
+
 	for (i = 0; i < stmt->column_count; i++) {
 		zval *val;
 		MAKE_STD_ZVAL(val);

Added: php/php-src/branches/PHP_5_2/ext/pdo/tests/pdo_036.phpt
===================================================================
--- php/php-src/branches/PHP_5_2/ext/pdo/tests/pdo_036.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_2/ext/pdo/tests/pdo_036.phpt	2009-10-12 17:09:11 UTC (rev 289581)
@@ -0,0 +1,21 @@
+--TEST--
+Testing PDORow and PDOStatement instances with Reflection
+--FILE--
+<?php
+
+$instance = new reflectionclass('pdorow');
+$x = $instance->newInstance();
+var_dump($x);
+
+$instance = new reflectionclass('pdostatement');
+$x = $instance->newInstance();
+var_dump($x);
+
+?>
+--EXPECTF--
+object(PDORow)#%d (0) {
+}
+object(PDOStatement)#%d (1) {
+  [%u|b%"queryString"]=>
+  NULL
+}


Property changes on: php/php-src/branches/PHP_5_2/ext/pdo/tests/pdo_036.phpt
___________________________________________________________________
Added: svn:keywords
   + Id Rev Revision
Added: svn:eol-style
   + native

Modified: php/php-src/branches/PHP_5_3/Zend/zend_objects.c
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_objects.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/branches/PHP_5_3/Zend/zend_objects.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -49,7 +49,7 @@

 ZEND_API void zend_objects_destroy_object(zend_object *object, zend_object_handle handle TSRMLS_DC)
 {
-	zend_function *destructor = object->ce->destructor;
+	zend_function *destructor = object ? object->ce->destructor : NULL;

 	if (destructor) {
 		zval *obj;

Modified: php/php-src/branches/PHP_5_3/ext/pdo/pdo_dbh.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/pdo/pdo_dbh.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/branches/PHP_5_3/ext/pdo/pdo_dbh.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -110,7 +110,7 @@
 	char *message = NULL;
 	zval *info = NULL;

-	if (dbh->error_mode == PDO_ERRMODE_SILENT) {
+	if (dbh == NULL || dbh->error_mode == PDO_ERRMODE_SILENT) {
 		return;
 	}


Modified: php/php-src/branches/PHP_5_3/ext/pdo/pdo_stmt.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/pdo/pdo_stmt.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/branches/PHP_5_3/ext/pdo/pdo_stmt.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -2663,27 +2663,29 @@

 	MAKE_STD_ZVAL(return_value);
 	RETVAL_NULL();
-
-	if (Z_TYPE_P(member) == IS_LONG) {
-		if (Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count) {
-			fetch_value(stmt, return_value, Z_LVAL_P(member), NULL TSRMLS_CC);
-		}
-	} else {
-		convert_to_string(member);
-		/* TODO: replace this with a hash of available column names to column
-		 * numbers */
-		for (colno = 0; colno < stmt->column_count; colno++) {
-			if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
-				fetch_value(stmt, return_value, colno, NULL TSRMLS_CC);
-				Z_SET_REFCOUNT_P(return_value, 0);
-				Z_UNSET_ISREF_P(return_value);
-				return return_value;
+
+	if (stmt) {
+		if (Z_TYPE_P(member) == IS_LONG) {
+			if (Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count) {
+				fetch_value(stmt, return_value, Z_LVAL_P(member), NULL TSRMLS_CC);
 			}
+		} else {
+			convert_to_string(member);
+			/* TODO: replace this with a hash of available column names to column
+			 * numbers */
+			for (colno = 0; colno < stmt->column_count; colno++) {
+				if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
+					fetch_value(stmt, return_value, colno, NULL TSRMLS_CC);
+					Z_SET_REFCOUNT_P(return_value, 0);
+					Z_UNSET_ISREF_P(return_value);
+					return return_value;
+				}
+			}
+			if (strcmp(Z_STRVAL_P(member), "queryString") == 0) {
+				zval_ptr_dtor(&return_value);
+				return std_object_handlers.read_property(object, member, IS_STRING TSRMLS_CC);
+			}
 		}
-		if (strcmp(Z_STRVAL_P(member), "queryString") == 0) {
-			zval_ptr_dtor(&return_value);
-			return std_object_handlers.read_property(object, member, IS_STRING TSRMLS_CC);
-		}
 	}

 	Z_SET_REFCOUNT_P(return_value, 0);
@@ -2702,16 +2704,18 @@
 	pdo_stmt_t * stmt = (pdo_stmt_t *) zend_object_store_get_object(object TSRMLS_CC);
 	int colno = -1;

-	if (Z_TYPE_P(member) == IS_LONG) {
-		return Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count;
-	} else {
-		convert_to_string(member);
+	if (stmt) {
+		if (Z_TYPE_P(member) == IS_LONG) {
+			return Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count;
+		} else {
+			convert_to_string(member);

-		/* TODO: replace this with a hash of available column names to column
-		 * numbers */
-		for (colno = 0; colno < stmt->column_count; colno++) {
-			if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
-				return 1;
+			/* TODO: replace this with a hash of available column names to column
+			 * numbers */
+			for (colno = 0; colno < stmt->column_count; colno++) {
+				if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
+					return 1;
+				}
 			}
 		}
 	}
@@ -2729,6 +2733,10 @@
 	pdo_stmt_t * stmt = (pdo_stmt_t *) zend_object_store_get_object(object TSRMLS_CC);
 	int i;

+	if (stmt == NULL) {
+		return NULL;
+	}
+
 	for (i = 0; i < stmt->column_count; i++) {
 		zval *val;
 		MAKE_STD_ZVAL(val);

Added: php/php-src/branches/PHP_5_3/ext/pdo/tests/pdo_036.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/pdo/tests/pdo_036.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/pdo/tests/pdo_036.phpt	2009-10-12 17:09:11 UTC (rev 289581)
@@ -0,0 +1,21 @@
+--TEST--
+Testing PDORow and PDOStatement instances with Reflection
+--FILE--
+<?php
+
+$instance = new reflectionclass('pdorow');
+$x = $instance->newInstance();
+var_dump($x);
+
+$instance = new reflectionclass('pdostatement');
+$x = $instance->newInstance();
+var_dump($x);
+
+?>
+--EXPECTF--
+object(PDORow)#%d (0) {
+}
+object(PDOStatement)#%d (1) {
+  [%u|b%"queryString"]=>
+  NULL
+}


Property changes on: php/php-src/branches/PHP_5_3/ext/pdo/tests/pdo_036.phpt
___________________________________________________________________
Added: svn:keywords
   + Id Rev Revision
Added: svn:eol-style
   + native

Modified: php/php-src/trunk/Zend/zend_objects.c
===================================================================
--- php/php-src/trunk/Zend/zend_objects.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/trunk/Zend/zend_objects.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -51,7 +51,7 @@

 ZEND_API void zend_objects_destroy_object(zend_object *object, zend_object_handle handle TSRMLS_DC) /* {{{ */
 {
-	zend_function *destructor = object->ce->destructor;
+	zend_function *destructor = object ? object->ce->destructor : NULL;

 	if (destructor) {
 		zval *obj;

Modified: php/php-src/trunk/ext/pdo/pdo_dbh.c
===================================================================
--- php/php-src/trunk/ext/pdo/pdo_dbh.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/trunk/ext/pdo/pdo_dbh.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -110,7 +110,7 @@
 	char *message = NULL;
 	zval *info = NULL;

-	if (dbh->error_mode == PDO_ERRMODE_SILENT) {
+	if (dbh == NULL || dbh->error_mode == PDO_ERRMODE_SILENT) {
 		return;
 	}


Modified: php/php-src/trunk/ext/pdo/pdo_stmt.c
===================================================================
--- php/php-src/trunk/ext/pdo/pdo_stmt.c	2009-10-12 17:00:27 UTC (rev 289580)
+++ php/php-src/trunk/ext/pdo/pdo_stmt.c	2009-10-12 17:09:11 UTC (rev 289581)
@@ -2673,27 +2673,29 @@

 	MAKE_STD_ZVAL(return_value);
 	RETVAL_NULL();
-
-	if (Z_TYPE_P(member) == IS_LONG) {
-		if (Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count) {
-			fetch_value(stmt, return_value, Z_LVAL_P(member), NULL TSRMLS_CC);
-		}
-	} else {
-		convert_to_string(member);
-		/* TODO: replace this with a hash of available column names to column
-		 * numbers */
-		for (colno = 0; colno < stmt->column_count; colno++) {
-			if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
-				fetch_value(stmt, return_value, colno, NULL TSRMLS_CC);
-				Z_SET_REFCOUNT_P(return_value, 0);
-				Z_UNSET_ISREF_P(return_value);
-				return return_value;
+
+	if (stmt) {
+		if (Z_TYPE_P(member) == IS_LONG) {
+			if (Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count) {
+				fetch_value(stmt, return_value, Z_LVAL_P(member), NULL TSRMLS_CC);
 			}
+		} else {
+			convert_to_string(member);
+			/* TODO: replace this with a hash of available column names to column
+			 * numbers */
+			for (colno = 0; colno < stmt->column_count; colno++) {
+				if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
+					fetch_value(stmt, return_value, colno, NULL TSRMLS_CC);
+					Z_SET_REFCOUNT_P(return_value, 0);
+					Z_UNSET_ISREF_P(return_value);
+					return return_value;
+				}
+			}
+			if (strcmp(Z_STRVAL_P(member), "queryString") == 0) {
+				zval_ptr_dtor(&return_value);
+				return std_object_handlers.read_property(object, member, IS_STRING TSRMLS_CC);
+			}
 		}
-		if (strcmp(Z_STRVAL_P(member), "queryString") == 0) {
-			zval_ptr_dtor(&return_value);
-			return std_object_handlers.read_property(object, member, IS_STRING TSRMLS_CC);
-		}
 	}

 	Z_SET_REFCOUNT_P(return_value, 0);
@@ -2712,16 +2714,18 @@
 	pdo_stmt_t * stmt = (pdo_stmt_t *) zend_object_store_get_object(object TSRMLS_CC);
 	int colno = -1;

-	if (Z_TYPE_P(member) == IS_LONG) {
-		return Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count;
-	} else {
-		convert_to_string(member);
+	if (stmt) {
+		if (Z_TYPE_P(member) == IS_LONG) {
+			return Z_LVAL_P(member) >= 0 && Z_LVAL_P(member) < stmt->column_count;
+		} else {
+			convert_to_string(member);

-		/* TODO: replace this with a hash of available column names to column
-		 * numbers */
-		for (colno = 0; colno < stmt->column_count; colno++) {
-			if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
-				return 1;
+			/* TODO: replace this with a hash of available column names to column
+			 * numbers */
+			for (colno = 0; colno < stmt->column_count; colno++) {
+				if (strcmp(stmt->columns[colno].name, Z_STRVAL_P(member)) == 0) {
+					return 1;
+				}
 			}
 		}
 	}
@@ -2739,6 +2743,10 @@
 	pdo_stmt_t * stmt = (pdo_stmt_t *) zend_object_store_get_object(object TSRMLS_CC);
 	int i;

+	if (stmt == NULL) {
+		return NULL;
+	}
+
 	for (i = 0; i < stmt->column_count; i++) {
 		zval *val;
 		MAKE_STD_ZVAL(val);

Added: php/php-src/trunk/ext/pdo/tests/pdo_036.phpt
===================================================================
--- php/php-src/trunk/ext/pdo/tests/pdo_036.phpt	                        (rev 0)
+++ php/php-src/trunk/ext/pdo/tests/pdo_036.phpt	2009-10-12 17:09:11 UTC (rev 289581)
@@ -0,0 +1,21 @@
+--TEST--
+Testing PDORow and PDOStatement instances with Reflection
+--FILE--
+<?php
+
+$instance = new reflectionclass('pdorow');
+$x = $instance->newInstance();
+var_dump($x);
+
+$instance = new reflectionclass('pdostatement');
+$x = $instance->newInstance();
+var_dump($x);
+
+?>
+--EXPECTF--
+object(PDORow)#%d (0) {
+}
+object(PDOStatement)#%d (1) {
+  [%u|b%"queryString"]=>
+  NULL
+}


Property changes on: php/php-src/trunk/ext/pdo/tests/pdo_036.phpt
___________________________________________________________________
Added: svn:keywords
   + Id Rev Revision
Added: svn:eol-style
   + native
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to