Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed bug #62744 (dangling pointers made by zend_disable_class)

the test will be added while commit the fix for #62737
  • Loading branch information...
commit 03a1fcabf31210d3f304bfacf5096ce43c2b8f93 1 parent 49b202f
@laruence laruence authored
Showing with 12 additions and 7 deletions.
  1. +1 −0  NEWS
  2. +6 −7 Zend/zend_API.c
  3. +5 −0 Zend/zend_API.h
View
1  NEWS
@@ -3,6 +3,7 @@ PHP NEWS
?? ??? 2012, PHP 5.3.16
- Core:
+ . Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
. Fixed bug #62716 (munmap() is called with the incorrect length).
(slangley@google.com)
. Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK
View
13 Zend/zend_API.c
@@ -2342,16 +2342,16 @@ static const zend_function_entry disabled_class_new[] = {
ZEND_API int zend_disable_class(char *class_name, uint class_name_length TSRMLS_DC) /* {{{ */
{
- zend_class_entry disabled_class;
+ zend_class_entry **disabled_class;
zend_str_tolower(class_name, class_name_length);
- if (zend_hash_del(CG(class_table), class_name, class_name_length+1)==FAILURE) {
+ if (zend_hash_find(CG(class_table), class_name, class_name_length+1, (void **)&disabled_class)==FAILURE) {
return FAILURE;
}
- INIT_OVERLOADED_CLASS_ENTRY_EX(disabled_class, class_name, class_name_length, disabled_class_new, NULL, NULL, NULL, NULL, NULL);
- disabled_class.create_object = display_disabled_class;
- disabled_class.name_length = class_name_length;
- zend_register_internal_class(&disabled_class TSRMLS_CC);
+ INIT_CLASS_ENTRY_INIT_METHODS((**disabled_class), disabled_class_new, NULL, NULL, NULL, NULL, NULL);
+ (*disabled_class)->create_object = display_disabled_class;
+ (*disabled_class)->builtin_functions = disabled_class_new;
+ zend_hash_clean(&((*disabled_class)->function_table));
return SUCCESS;
}
/* }}} */
@@ -2425,7 +2425,6 @@ static int zend_is_callable_check_class(const char *name, int name_len, zend_fca
}
/* }}} */
-
static int zend_is_callable_check_func(int check_flags, zval *callable, zend_fcall_info_cache *fcc, int strict_class, char **error TSRMLS_DC) /* {{{ */
{
zend_class_entry *ce_org = fcc->calling_scope;
View
5 Zend/zend_API.h
@@ -170,6 +170,11 @@ typedef struct _zend_fcall_info_cache {
int _len = class_name_len; \
class_container.name = zend_strndup(class_name, _len); \
class_container.name_length = _len; \
+ INIT_CLASS_ENTRY_INIT_METHODS(class_container, functions, handle_fcall, handle_propget, handle_propset, handle_propunset, handle_propisset) \
+ }
+
+#define INIT_CLASS_ENTRY_INIT_METHODS(class_container, functions, handle_fcall, handle_propget, handle_propset, handle_propunset, handle_propisset) \
+ { \
class_container.builtin_functions = functions; \
class_container.constructor = NULL; \
class_container.destructor = NULL; \
Please sign in to comment.
Something went wrong with that request. Please try again.