felipe Tue, 22 Nov 2011 12:47:08 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=319677
Log:
- Fixed invalid free in call_user_method() function
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c
A
php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/call_user_method_002.phpt
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c
A
php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/call_user_method_002.phpt
U php/php-src/trunk/ext/standard/basic_functions.c
A
php/php-src/trunk/ext/standard/tests/general_functions/call_user_method_002.phpt
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2011-11-22 12:29:15 UTC (rev 319676)
+++ php/php-src/branches/PHP_5_3/NEWS 2011-11-22 12:47:08 UTC (rev 319677)
@@ -10,6 +10,7 @@
(klightspeed at netspace dot net dot au)
. Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent
directory). (Felipe)
+ . Fixed invalid free in call_user_method() function. (Felipe)
- Zend Engine:
. Fixed bug #43200 (Interface implementation / inheritence not possible in
Modified: php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c 2011-11-22
12:29:15 UTC (rev 319676)
+++ php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c 2011-11-22
12:47:08 UTC (rev 319677)
@@ -4825,7 +4825,9 @@
Z_TYPE_P(object) != IS_STRING
) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Second argument is
not an object or class name");
- efree(params);
+ if (params) {
+ efree(params);
+ }
RETURN_FALSE;
}
Added:
php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/call_user_method_002.phpt
===================================================================
---
php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/call_user_method_002.phpt
(rev 0)
+++
php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/call_user_method_002.phpt
2011-11-22 12:47:08 UTC (rev 319677)
@@ -0,0 +1,12 @@
+--TEST--
+call_user_method() Invalid free
+--FILE--
+<?php
+
+call_user_method("1", $arr1);
+
+?>
+--EXPECTF--
+Deprecated: Function call_user_method() is deprecated in %s on line %d
+
+Warning: call_user_method(): Second argument is not an object or class name in
%s on line %d
Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS 2011-11-22 12:29:15 UTC (rev 319676)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-11-22 12:47:08 UTC (rev 319677)
@@ -12,6 +12,7 @@
directory). (Felipe)
. Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
(CVE-2011-4153). (Stas)
+ . Fixed invalid free in call_user_method() function. (Felipe)
- Zend Engine:
. Fixed bug #43200 (Interface implementation / inheritence not possible in
Modified: php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c 2011-11-22
12:29:15 UTC (rev 319676)
+++ php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c 2011-11-22
12:47:08 UTC (rev 319677)
@@ -4762,7 +4762,9 @@
Z_TYPE_P(object) != IS_STRING
) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Second argument is
not an object or class name");
- efree(params);
+ if (params) {
+ efree(params);
+ }
RETURN_FALSE;
}
Added:
php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/call_user_method_002.phpt
===================================================================
---
php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/call_user_method_002.phpt
(rev 0)
+++
php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/call_user_method_002.phpt
2011-11-22 12:47:08 UTC (rev 319677)
@@ -0,0 +1,12 @@
+--TEST--
+call_user_method() Invalid free
+--FILE--
+<?php
+
+call_user_method("1", $arr1);
+
+?>
+--EXPECTF--
+Deprecated: Function call_user_method() is deprecated in %s on line %d
+
+Warning: call_user_method(): Second argument is not an object or class name in
%s on line %d
Modified: php/php-src/trunk/ext/standard/basic_functions.c
===================================================================
--- php/php-src/trunk/ext/standard/basic_functions.c 2011-11-22 12:29:15 UTC
(rev 319676)
+++ php/php-src/trunk/ext/standard/basic_functions.c 2011-11-22 12:47:08 UTC
(rev 319677)
@@ -4797,7 +4797,9 @@
Z_TYPE_P(object) != IS_STRING
) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Second argument is
not an object or class name");
- efree(params);
+ if (params) {
+ efree(params);
+ }
RETURN_FALSE;
}
Added:
php/php-src/trunk/ext/standard/tests/general_functions/call_user_method_002.phpt
===================================================================
---
php/php-src/trunk/ext/standard/tests/general_functions/call_user_method_002.phpt
(rev 0)
+++
php/php-src/trunk/ext/standard/tests/general_functions/call_user_method_002.phpt
2011-11-22 12:47:08 UTC (rev 319677)
@@ -0,0 +1,12 @@
+--TEST--
+call_user_method() Invalid free
+--FILE--
+<?php
+
+call_user_method("1", $arr1);
+
+?>
+--EXPECTF--
+Deprecated: Function call_user_method() is deprecated in %s on line %d
+
+Warning: call_user_method(): Second argument is not an object or class name in
%s on line %d
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
