mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
commit
661cd1bf27
26
ext/standard/tests/filters/bug54350.phpt
Normal file
26
ext/standard/tests/filters/bug54350.phpt
Normal file
@ -0,0 +1,26 @@
|
||||
--TEST--
|
||||
Bug #54350: Memory corruption with user_filter
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
class user_filter extends php_user_filter {
|
||||
function filter($in, $out, &$consumed, $closing): int {
|
||||
while ($bucket = stream_bucket_make_writeable($in)) {
|
||||
}
|
||||
try {
|
||||
fclose($this->stream);
|
||||
} catch (TypeError $e) {
|
||||
echo $e->getMessage(), "\n";
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
stream_filter_register('user_filter','user_filter');
|
||||
$fd = fopen('php://memory','w');
|
||||
$filter = stream_filter_append($fd, 'user_filter');
|
||||
fwrite($fd, "foo");
|
||||
|
||||
?>
|
||||
--EXPECTF--
|
||||
Warning: fclose(): 5 is not a valid stream resource in %s on line %d
|
||||
fclose(): supplied resource is not a valid stream resource
|
@ -155,6 +155,10 @@ php_stream_filter_status_t userfilter_filter(
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Make sure the stream is not closed while the filter callback executes. */
|
||||
uint32_t orig_no_fclose = stream->flags & PHP_STREAM_FLAG_NO_FCLOSE;
|
||||
stream->flags |= PHP_STREAM_FLAG_NO_FCLOSE;
|
||||
|
||||
zval *stream_prop = zend_hash_str_find_ind(Z_OBJPROP_P(obj), "stream", sizeof("stream")-1);
|
||||
if (stream_prop) {
|
||||
/* Give the userfilter class a hook back to the stream */
|
||||
@ -228,6 +232,9 @@ php_stream_filter_status_t userfilter_filter(
|
||||
zval_ptr_dtor(&args[1]);
|
||||
zval_ptr_dtor(&args[0]);
|
||||
|
||||
stream->flags &= ~PHP_STREAM_FLAG_NO_FCLOSE;
|
||||
stream->flags |= orig_no_fclose;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user