clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.0'

Browse Source 
* PHP-7.0:
  update NEWS
  refix bug #70895
  Fixed bug Bug #70895 null ptr deref and segfault
This commit is contained in:
Anatol Belski 2015-11-12 01:43:38 +01:00
commit a4e16cd823
2 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Zend/tests/bug70895.phpt Normal file
View File

@ -0,0 +1,15 @@
--TEST--
Bug #70895 null ptr deref and segfault with crafted calable
--FILE--
<?php
array_map("%n", 0);
array_map("%n %i", 0);
array_map("%n %i aoeu %f aoeu %p", 0);
?>
--EXPECTREGEX--
Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n' not found or invalid function name in .+
Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n %i' not found or invalid function name in .+
Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n %i aoeu %f aoeu %p' not found or invalid function name in .+bug70895.php on line \d+

26
Zend/zend_API.c
View File

@ -242,17 +242,37 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_callback_error(int severity, in
const char *space;
const char *class_name = get_active_class_name(&space);
size_t error_len = strlen(error), sanitized_error_len = error_len, k = 0, n = 0;
char *sanitized_error = emalloc(sizeof(char) * error_len);
while (k < error_len) {
sanitized_error[n] = error[k];
if ('%' == error[k]) {
n++;
sanitized_error[n] = '%';
}
k++;
n++;
if (n == sanitized_error_len) {
sanitized_error_len += error_len - k;
sanitized_error = erealloc(sanitized_error, sanitized_error_len);
}
}
sanitized_error[n] = '\0';
if (severity == E_WARNING) {
zend_internal_type_error(ZEND_ARG_USES_STRICT_TYPES(), "%s%s%s() expects parameter %d to be a valid callback, %s",
class_name, space, get_active_function_name(), num, error);
class_name, space, get_active_function_name(), num, sanitized_error);
} else if (severity == E_ERROR) {
zend_throw_error(zend_ce_type_error, "%s%s%s() expects parameter %d to be a valid callback, %s",
class_name, space, get_active_function_name(), num, error);
class_name, space, get_active_function_name(), num, sanitized_error);
} else {
zend_error(severity, "%s%s%s() expects parameter %d to be a valid callback, %s",
class_name, space, get_active_function_name(), num, error);
class_name, space, get_active_function_name(), num, sanitized_error);
}
efree(error);
efree(sanitized_error);
}
/* }}} */