mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
Merge branch 'PHP-7.0'
* PHP-7.0: update NEWS refix bug #70895 Fixed bug Bug #70895 null ptr deref and segfault
This commit is contained in:
commit
a4e16cd823
15
Zend/tests/bug70895.phpt
Normal file
15
Zend/tests/bug70895.phpt
Normal file
@ -0,0 +1,15 @@
|
||||
--TEST--
|
||||
Bug #70895 null ptr deref and segfault with crafted calable
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
array_map("%n", 0);
|
||||
array_map("%n %i", 0);
|
||||
array_map("%n %i aoeu %f aoeu %p", 0);
|
||||
?>
|
||||
--EXPECTREGEX--
|
||||
Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n' not found or invalid function name in .+
|
||||
|
||||
Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n %i' not found or invalid function name in .+
|
||||
|
||||
Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n %i aoeu %f aoeu %p' not found or invalid function name in .+bug70895.php on line \d+
|
@ -242,17 +242,37 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_callback_error(int severity, in
|
||||
const char *space;
|
||||
const char *class_name = get_active_class_name(&space);
|
||||
|
||||
size_t error_len = strlen(error), sanitized_error_len = error_len, k = 0, n = 0;
|
||||
char *sanitized_error = emalloc(sizeof(char) * error_len);
|
||||
|
||||
while (k < error_len) {
|
||||
sanitized_error[n] = error[k];
|
||||
if ('%' == error[k]) {
|
||||
n++;
|
||||
sanitized_error[n] = '%';
|
||||
}
|
||||
k++;
|
||||
n++;
|
||||
|
||||
if (n == sanitized_error_len) {
|
||||
sanitized_error_len += error_len - k;
|
||||
sanitized_error = erealloc(sanitized_error, sanitized_error_len);
|
||||
}
|
||||
}
|
||||
sanitized_error[n] = '\0';
|
||||
|
||||
if (severity == E_WARNING) {
|
||||
zend_internal_type_error(ZEND_ARG_USES_STRICT_TYPES(), "%s%s%s() expects parameter %d to be a valid callback, %s",
|
||||
class_name, space, get_active_function_name(), num, error);
|
||||
class_name, space, get_active_function_name(), num, sanitized_error);
|
||||
} else if (severity == E_ERROR) {
|
||||
zend_throw_error(zend_ce_type_error, "%s%s%s() expects parameter %d to be a valid callback, %s",
|
||||
class_name, space, get_active_function_name(), num, error);
|
||||
class_name, space, get_active_function_name(), num, sanitized_error);
|
||||
} else {
|
||||
zend_error(severity, "%s%s%s() expects parameter %d to be a valid callback, %s",
|
||||
class_name, space, get_active_function_name(), num, error);
|
||||
class_name, space, get_active_function_name(), num, sanitized_error);
|
||||
}
|
||||
efree(error);
|
||||
efree(sanitized_error);
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user