mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Fix GH-15179: Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re
Based on analysis by Ilija: https://github.com/php/php-src/issues/15179#issuecomment-2261546902 * Apply suggestions from code review Closes GH-15206. Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
This commit is contained in:
parent
dc670cb7f6
commit
67ce8759e8
4
NEWS
4
NEWS
@ -32,6 +32,10 @@ PHP NEWS
|
||||
. Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
|
||||
(Arnaud, nielsdos)
|
||||
|
||||
- Output:
|
||||
. Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in
|
||||
ext/standard/url_scanner_ex.re). (nielsdos)
|
||||
|
||||
- PDO_Firebird:
|
||||
. Fix bogus fallthrough path in firebird_handle_get_attribute(). (nielsdos)
|
||||
|
||||
|
@ -736,6 +736,7 @@ static inline int php_url_scanner_add_var_impl(const char *name, size_t name_len
|
||||
zend_string *encoded;
|
||||
url_adapt_state_ex_t *url_state;
|
||||
php_output_handler_func_t handler;
|
||||
bool should_start = false;
|
||||
|
||||
if (type) {
|
||||
url_state = &BG(url_adapt_session_ex);
|
||||
@ -747,7 +748,7 @@ static inline int php_url_scanner_add_var_impl(const char *name, size_t name_len
|
||||
|
||||
if (!url_state->active) {
|
||||
php_url_scanner_ex_activate(type);
|
||||
php_output_start_internal(ZEND_STRL("URL-Rewriter"), handler, 0, PHP_OUTPUT_HANDLER_STDFLAGS);
|
||||
should_start = true;
|
||||
url_state->active = 1;
|
||||
}
|
||||
|
||||
@ -786,6 +787,10 @@ static inline int php_url_scanner_add_var_impl(const char *name, size_t name_len
|
||||
smart_str_free(&hname);
|
||||
smart_str_free(&hvalue);
|
||||
|
||||
if (should_start) {
|
||||
php_output_start_internal(ZEND_STRL("URL-Rewriter"), handler, 0, PHP_OUTPUT_HANDLER_STDFLAGS);
|
||||
}
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
18
tests/output/gh15179.phpt
Normal file
18
tests/output/gh15179.phpt
Normal file
@ -0,0 +1,18 @@
|
||||
--TEST--
|
||||
GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re)
|
||||
--CREDITS--
|
||||
YuanchengJiang
|
||||
--INI--
|
||||
memory_limit=64M
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (getenv("USE_ZEND_ALLOC") === "0") die("skip requires ZendMM");
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
$var = str_repeat('a', 20 * 1024 * 1024);
|
||||
|
||||
output_add_rewrite_var($var, $var);
|
||||
?>
|
||||
--EXPECTF--
|
||||
Fatal error: Allowed memory size of %d bytes exhausted %s
|
Loading…
Reference in New Issue
Block a user