clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 09:57:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix GH-12186: segfault copying/cloning a finalized HashContext

Browse Source 
Closes GH-12186.
Closes GH-12187.
This commit is contained in:
Max Semenik 2023-09-12 14:36:20 +03:00 committed by Niels Dossche
parent 55ed7690f4
commit 10f5a06d3c
5 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -5,6 +5,10 @@ PHP NEWS
- Filter:
. Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
- Hash:
. Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
(MaxSem)
- SimpleXML:
. Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos)

11
ext/hash/hash.c
View File

@ -680,7 +680,7 @@ PHP_FUNCTION(hash_init)
#define PHP_HASHCONTEXT_VERIFY(hash) { \
if (!hash->context) { \
zend_argument_type_error(1, "must be a valid Hash Context resource"); \
zend_argument_type_error(1, "must be a valid, non-finalized HashContext"); \
RETURN_THROWS(); \
} \
}
@ -837,11 +837,15 @@ PHP_FUNCTION(hash_final)
PHP_FUNCTION(hash_copy)
{
zval *zhash;
php_hashcontext_object *context;
if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &zhash, php_hashcontext_ce) == FAILURE) {
RETURN_THROWS();
}
context = php_hashcontext_from_object(Z_OBJ_P(zhash));
PHP_HASHCONTEXT_VERIFY(context);
RETVAL_OBJ(Z_OBJ_HANDLER_P(zhash, clone_obj)(Z_OBJ_P(zhash)));
if (php_hashcontext_from_object(Z_OBJ_P(return_value))->context == NULL) {
@ -1405,6 +1409,11 @@ static zend_object *php_hashcontext_clone(zend_object *zobj) {
zend_object *znew = php_hashcontext_create(zobj->ce);
php_hashcontext_object *newobj = php_hashcontext_from_object(znew);
if (!oldobj->context) {
zend_throw_exception(zend_ce_value_error, "Cannot clone a finalized HashContext", 0);
return znew;
}
zend_objects_clone_members(znew, zobj);
newobj->ops = oldobj->ops;

17
ext/hash/tests/gh12186_1.phpt Normal file
View File

@ -0,0 +1,17 @@
--TEST--
Hash: bug #12186 - segfault in hash_copy() on a finalized context
--FILE--
<?php
$c = hash_init('sha1');
hash_final($c);
try {
hash_copy($c);
} catch (Throwable $ex) {
echo $ex->getMessage() . "\n";
}
?>
--EXPECTF--
hash_copy(): Argument #1 ($context) must be a valid, non-finalized HashContext

17
ext/hash/tests/gh12186_2.phpt Normal file
View File

@ -0,0 +1,17 @@
--TEST--
Hash: bug #12186 - segfault when cloning a finalized context
--FILE--
<?php
$c = hash_init('sha1');
hash_final($c);
try {
clone $c;
} catch (Throwable $ex) {
echo $ex->getMessage() . "\n";
}
?>
--EXPECTF--
Cannot clone a finalized HashContext

2
ext/hash/tests/reuse.phpt
View File

@ -14,4 +14,4 @@ catch (\Error $e) {
?>
--EXPECT--
hash_update(): Argument #1 ($context) must be a valid Hash Context resource
hash_update(): Argument #1 ($context) must be a valid, non-finalized HashContext