mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Merge branch 'PHP-8.3'
* PHP-8.3: Fix GH-15179: Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re
This commit is contained in:
commit
3ad9f4d441
@ -737,6 +737,7 @@ static inline int php_url_scanner_add_var_impl(const char *name, size_t name_len
|
||||
zend_string *encoded;
|
||||
url_adapt_state_ex_t *url_state;
|
||||
php_output_handler_func_t handler;
|
||||
bool should_start = false;
|
||||
|
||||
if (type) {
|
||||
url_state = &BG(url_adapt_session_ex);
|
||||
@ -748,7 +749,7 @@ static inline int php_url_scanner_add_var_impl(const char *name, size_t name_len
|
||||
|
||||
if (!url_state->active) {
|
||||
php_url_scanner_ex_activate(type);
|
||||
php_output_start_internal(ZEND_STRL("URL-Rewriter"), handler, 0, PHP_OUTPUT_HANDLER_STDFLAGS);
|
||||
should_start = true;
|
||||
url_state->active = 1;
|
||||
url_state->type = type;
|
||||
}
|
||||
@ -788,6 +789,10 @@ static inline int php_url_scanner_add_var_impl(const char *name, size_t name_len
|
||||
smart_str_free(&hname);
|
||||
smart_str_free(&hvalue);
|
||||
|
||||
if (should_start) {
|
||||
php_output_start_internal(ZEND_STRL("URL-Rewriter"), handler, 0, PHP_OUTPUT_HANDLER_STDFLAGS);
|
||||
}
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
18
tests/output/gh15179.phpt
Normal file
18
tests/output/gh15179.phpt
Normal file
@ -0,0 +1,18 @@
|
||||
--TEST--
|
||||
GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re)
|
||||
--CREDITS--
|
||||
YuanchengJiang
|
||||
--INI--
|
||||
memory_limit=64M
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (getenv("USE_ZEND_ALLOC") === "0") die("skip requires ZendMM");
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
$var = str_repeat('a', 20 * 1024 * 1024);
|
||||
|
||||
output_add_rewrite_var($var, $var);
|
||||
?>
|
||||
--EXPECTF--
|
||||
Fatal error: Allowed memory size of %d bytes exhausted %s
|
Loading…
Reference in New Issue
Block a user