Commit:    03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Author:    Xinchen Hui <larue...@php.net>         Sat, 4 Aug 2012 10:41:26 +0800
Parents:   49b202f2cfe04d577671b685b7c0d3a096a433c7
Branches:  PHP-5.3

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93

Log:
Fixed bug #62744 (dangling pointers made by zend_disable_class)

the test will be added while commit the fix for #62737

Bugs:
https://bugs.php.net/62744
https://bugs.php.net/62737

Changed paths:
  M  NEWS
  M  Zend/zend_API.c
  M  Zend/zend_API.h


Diff:
diff --git a/NEWS b/NEWS
index 05a80eb..c22d7c2 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP                                                             
           NEWS
 ?? ??? 2012, PHP 5.3.16
 
 - Core:
+  . Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
   . Fixed bug #62716 (munmap() is called with the incorrect length). 
     (slang...@google.com)
   . Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index 6d2ccd2..16a940d 100644
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -2342,16 +2342,16 @@ static const zend_function_entry disabled_class_new[] = 
{
 
 ZEND_API int zend_disable_class(char *class_name, uint class_name_length 
TSRMLS_DC) /* {{{ */
 {
-       zend_class_entry disabled_class;
+       zend_class_entry **disabled_class;
 
        zend_str_tolower(class_name, class_name_length);
-       if (zend_hash_del(CG(class_table), class_name, 
class_name_length+1)==FAILURE) {
+       if (zend_hash_find(CG(class_table), class_name, class_name_length+1, 
(void **)&disabled_class)==FAILURE) {
                return FAILURE;
        }
-       INIT_OVERLOADED_CLASS_ENTRY_EX(disabled_class, class_name, 
class_name_length, disabled_class_new, NULL, NULL, NULL, NULL, NULL);
-       disabled_class.create_object = display_disabled_class;
-       disabled_class.name_length = class_name_length;
-       zend_register_internal_class(&disabled_class TSRMLS_CC);
+       INIT_CLASS_ENTRY_INIT_METHODS((**disabled_class), disabled_class_new, 
NULL, NULL, NULL, NULL, NULL);
+       (*disabled_class)->create_object = display_disabled_class;
+       (*disabled_class)->builtin_functions = disabled_class_new;
+       zend_hash_clean(&((*disabled_class)->function_table));
        return SUCCESS;
 }
 /* }}} */
@@ -2425,7 +2425,6 @@ static int zend_is_callable_check_class(const char *name, 
int name_len, zend_fca
 }
 /* }}} */
 
-
 static int zend_is_callable_check_func(int check_flags, zval *callable, 
zend_fcall_info_cache *fcc, int strict_class, char **error TSRMLS_DC) /* {{{ */
 {
        zend_class_entry *ce_org = fcc->calling_scope;
diff --git a/Zend/zend_API.h b/Zend/zend_API.h
index 0a2a595..ddd84fa 100644
--- a/Zend/zend_API.h
+++ b/Zend/zend_API.h
@@ -170,6 +170,11 @@ typedef struct _zend_fcall_info_cache {
                int _len = class_name_len;                                      
                        \
                class_container.name = zend_strndup(class_name, _len);  \
                class_container.name_length = _len;                             
                \
+               INIT_CLASS_ENTRY_INIT_METHODS(class_container, functions, 
handle_fcall, handle_propget, handle_propset, handle_propunset, 
handle_propisset) \
+       }
+
+#define INIT_CLASS_ENTRY_INIT_METHODS(class_container, functions, 
handle_fcall, handle_propget, handle_propset, handle_propunset, 
handle_propisset) \
+       {                                                                       
                                                \
                class_container.builtin_functions = functions;                  
\
                class_container.constructor = NULL;                             
                \
                class_container.destructor = NULL;                              
                \


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to