dmitry Fri, 25 Nov 2011 11:29:28 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=319806
Log: Fixed bug #60167 (Crash / memory corruption in ext/com_dotnet) (Timm Friebe). Bug: https://bugs.php.net/60167 (Assigned) Crash / memory corruption Changed paths: U php/php-src/branches/PHP_5_4/ext/com_dotnet/com_handlers.c U php/php-src/branches/PHP_5_4/ext/com_dotnet/com_saproxy.c U php/php-src/trunk/ext/com_dotnet/com_handlers.c U php/php-src/trunk/ext/com_dotnet/com_saproxy.c Modified: php/php-src/branches/PHP_5_4/ext/com_dotnet/com_handlers.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/com_dotnet/com_handlers.c 2011-11-25 10:05:34 UTC (rev 319805) +++ php/php-src/branches/PHP_5_4/ext/com_dotnet/com_handlers.c 2011-11-25 11:29:28 UTC (rev 319806) @@ -246,7 +246,7 @@ { zend_internal_function *f = (zend_internal_function*)pDest; - efree(f->function_name); + efree((char*)f->function_name); if (f->arg_info) { efree(f->arg_info); } @@ -283,7 +283,7 @@ f.num_args = 0; f.arg_info = NULL; f.scope = obj->ce; - f.fn_flags = 0; + f.fn_flags = ZEND_ACC_CALL_VIA_HANDLER; f.function_name = estrndup(name, len); f.handler = PHP_FN(com_method_handler); @@ -364,7 +364,7 @@ return NULL; } -static int com_call_method(char *method, INTERNAL_FUNCTION_PARAMETERS) +static int com_call_method(const char *method, INTERNAL_FUNCTION_PARAMETERS) { zval ***args = NULL; php_com_dotnet_object *obj; @@ -387,7 +387,7 @@ VariantInit(&v); - if (SUCCESS == php_com_do_invoke_byref(obj, method, -1, DISPATCH_METHOD|DISPATCH_PROPERTYGET, &v, nargs, args TSRMLS_CC)) { + if (SUCCESS == php_com_do_invoke_byref(obj, (char*)method, -1, DISPATCH_METHOD|DISPATCH_PROPERTYGET, &v, nargs, args TSRMLS_CC)) { php_com_zval_from_variant(return_value, &v, obj->code_page TSRMLS_CC); ret = SUCCESS; VariantClear(&v); @@ -442,7 +442,7 @@ return obj->ce; } -static int com_class_name_get(const zval *object, char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) +static int com_class_name_get(const zval *object, const char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) { php_com_dotnet_object *obj; obj = CDNO_FETCH(object); @@ -580,7 +580,10 @@ com_class_name_get, com_objects_compare, com_object_cast, - com_object_count + com_object_count, + NULL, /* get_debug_info */ + NULL, /* get_closure */ + NULL, /* get_gc */ }; void php_com_object_enable_event_sink(php_com_dotnet_object *obj, int enable TSRMLS_DC) Modified: php/php-src/branches/PHP_5_4/ext/com_dotnet/com_saproxy.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/com_dotnet/com_saproxy.c 2011-11-25 10:05:34 UTC (rev 319805) +++ php/php-src/branches/PHP_5_4/ext/com_dotnet/com_saproxy.c 2011-11-25 11:29:28 UTC (rev 319806) @@ -321,13 +321,13 @@ return NULL; } -static union _zend_function *saproxy_method_get(zval **object, char *name, int len, const zend_literal *key TSRMLS_DC) +static union _zend_function *saproxy_method_get(zval **object, const char *name, int len, const zend_literal *key TSRMLS_DC) { /* no methods */ return NULL; } -static int saproxy_call_method(char *method, INTERNAL_FUNCTION_PARAMETERS) +static int saproxy_call_method(const char *method, INTERNAL_FUNCTION_PARAMETERS) { return FAILURE; } @@ -343,7 +343,7 @@ return php_com_saproxy_class_entry; } -static int saproxy_class_name_get(const zval *object, char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) +static int saproxy_class_name_get(const zval *object, const char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) { *class_name = estrndup(php_com_saproxy_class_entry->name, php_com_saproxy_class_entry->name_length); *class_name_len = php_com_saproxy_class_entry->name_length; Modified: php/php-src/trunk/ext/com_dotnet/com_handlers.c =================================================================== --- php/php-src/trunk/ext/com_dotnet/com_handlers.c 2011-11-25 10:05:34 UTC (rev 319805) +++ php/php-src/trunk/ext/com_dotnet/com_handlers.c 2011-11-25 11:29:28 UTC (rev 319806) @@ -246,7 +246,7 @@ { zend_internal_function *f = (zend_internal_function*)pDest; - efree(f->function_name); + efree((char*)f->function_name); if (f->arg_info) { efree(f->arg_info); } @@ -283,7 +283,7 @@ f.num_args = 0; f.arg_info = NULL; f.scope = obj->ce; - f.fn_flags = 0; + f.fn_flags = ZEND_ACC_CALL_VIA_HANDLER; f.function_name = estrndup(name, len); f.handler = PHP_FN(com_method_handler); @@ -364,7 +364,7 @@ return NULL; } -static int com_call_method(char *method, INTERNAL_FUNCTION_PARAMETERS) +static int com_call_method(const char *method, INTERNAL_FUNCTION_PARAMETERS) { zval ***args = NULL; php_com_dotnet_object *obj; @@ -387,7 +387,7 @@ VariantInit(&v); - if (SUCCESS == php_com_do_invoke_byref(obj, method, -1, DISPATCH_METHOD|DISPATCH_PROPERTYGET, &v, nargs, args TSRMLS_CC)) { + if (SUCCESS == php_com_do_invoke_byref(obj, (char*)method, -1, DISPATCH_METHOD|DISPATCH_PROPERTYGET, &v, nargs, args TSRMLS_CC)) { php_com_zval_from_variant(return_value, &v, obj->code_page TSRMLS_CC); ret = SUCCESS; VariantClear(&v); @@ -442,7 +442,7 @@ return obj->ce; } -static int com_class_name_get(const zval *object, char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) +static int com_class_name_get(const zval *object, const char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) { php_com_dotnet_object *obj; obj = CDNO_FETCH(object); @@ -580,7 +580,10 @@ com_class_name_get, com_objects_compare, com_object_cast, - com_object_count + com_object_count, + NULL, /* get_debug_info */ + NULL, /* get_closure */ + NULL, /* get_gc */ }; void php_com_object_enable_event_sink(php_com_dotnet_object *obj, int enable TSRMLS_DC) Modified: php/php-src/trunk/ext/com_dotnet/com_saproxy.c =================================================================== --- php/php-src/trunk/ext/com_dotnet/com_saproxy.c 2011-11-25 10:05:34 UTC (rev 319805) +++ php/php-src/trunk/ext/com_dotnet/com_saproxy.c 2011-11-25 11:29:28 UTC (rev 319806) @@ -321,13 +321,13 @@ return NULL; } -static union _zend_function *saproxy_method_get(zval **object, char *name, int len, const zend_literal *key TSRMLS_DC) +static union _zend_function *saproxy_method_get(zval **object, const char *name, int len, const zend_literal *key TSRMLS_DC) { /* no methods */ return NULL; } -static int saproxy_call_method(char *method, INTERNAL_FUNCTION_PARAMETERS) +static int saproxy_call_method(const char *method, INTERNAL_FUNCTION_PARAMETERS) { return FAILURE; } @@ -343,7 +343,7 @@ return php_com_saproxy_class_entry; } -static int saproxy_class_name_get(const zval *object, char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) +static int saproxy_class_name_get(const zval *object, const char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC) { *class_name = estrndup(php_com_saproxy_class_entry->name, php_com_saproxy_class_entry->name_length); *class_name_len = php_com_saproxy_class_entry->name_length;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
