Grokbase Groups PHP php-cvs May 2016
FAQ
Commit: 1690dcb827e2b50eb575b1c6acadab0b8f248723
Author: Joe Watkins <krakjoe@php.net> Mon, 30 May 2016 08:56:50 +0100
Parents: 0c5bd4d445ab09fd457882c06eff436eebb4c9bf
Branches: master

Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1690dcb827e2b50eb575b1c6acadab0b8f248723

Log:
fix #72155 (use-after-free caused by get_zval_xmlrpc_type)

Bugs:
https://bugs.php.net/72155

Changed paths:
   M NEWS
   M ext/xmlrpc/xmlrpc-epi-php.c


Diff:
diff --git a/NEWS b/NEWS
index 69ae578..9aa71bd 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,9 @@ PHP NEWS
  - XML:
    . Fixed #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)

+- XMLRPC:
+ . Fixed #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe)
+
  26 May 2016 PHP 7.0.7

  - Core:
diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
index ea62bdc..8daf262 100644
--- a/ext/xmlrpc/xmlrpc-epi-php.c
+++ b/ext/xmlrpc/xmlrpc-epi-php.c
@@ -1368,10 +1368,10 @@ XMLRPC_VALUE_TYPE get_zval_xmlrpc_type(zval* value, zval* newvalue) /* {{{ */

     if ((type == xmlrpc_base64 && Z_TYPE_P(value) == IS_OBJECT) || type == xmlrpc_datetime) {
      if ((val = zend_hash_str_find(Z_OBJPROP_P(value), OBJECT_VALUE_ATTR, sizeof(OBJECT_VALUE_ATTR) - 1)) != NULL) {
- ZVAL_COPY_VALUE(newvalue, val);
+ ZVAL_COPY(newvalue, val);
      }
     } else {
- ZVAL_COPY_VALUE(newvalue, value);
+ ZVAL_COPY(newvalue, value);
     }
    }
   }

Search Discussions

  • Dmitry Stogov at May 30, 2016 at 8:28 pm
    Hi Joe,

    Your fix is probably invalid.
    At least few tests started to leak memory after it.
    Bug #18916 (xmlrpc_set_type() not working) [ext/xmlrpc/tests/bug18916.phpt]
    Bug #42736 (xmlrpc_server_call_method() crashes) [ext/xmlrpc/tests/bug42736.phpt]
    Bug #45226 (xmlrpc_set_type() segfaults with valid ISO8601 date string) [ext/xmlrpc/tests/bug45226.phpt]
    Bug #50282 (xmlrpc_encode_request() changes object into array in calling function) [ext/xmlrpc/tests/bug50282.phpt]
    Thanks. Dmitry.

    ________________________________________
    From: Joe Watkins <krakjoe@php.net>
    Sent: Monday, May 30, 2016 10:56:50 AM
    To: php-cvs@lists.php.net
    Subject: [PHP-CVS] com php-src: fix #72155 (use-after-free caused by get_zval_xmlrpc_type): NEWS ext/xmlrpc/xmlrpc-epi-php.c

    Commit: 1690dcb827e2b50eb575b1c6acadab0b8f248723
    Author: Joe Watkins <krakjoe@php.net> Mon, 30 May 2016 08:56:50 +0100
    Parents: 0c5bd4d445ab09fd457882c06eff436eebb4c9bf
    Branches: master

    Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1690dcb827e2b50eb575b1c6acadab0b8f248723

    Log:
    fix #72155 (use-after-free caused by get_zval_xmlrpc_type)

    Bugs:
    https://bugs.php.net/72155

    Changed paths:
       M NEWS
       M ext/xmlrpc/xmlrpc-epi-php.c


    Diff:
    diff --git a/NEWS b/NEWS
    index 69ae578..9aa71bd 100644
    --- a/NEWS
    +++ b/NEWS
    @@ -32,6 +32,9 @@ PHP NEWS
      - XML:
        . Fixed #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)

    +- XMLRPC:
    + . Fixed #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe)
    +
      26 May 2016 PHP 7.0.7

      - Core:
    diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
    index ea62bdc..8daf262 100644
    --- a/ext/xmlrpc/xmlrpc-epi-php.c
    +++ b/ext/xmlrpc/xmlrpc-epi-php.c
    @@ -1368,10 +1368,10 @@ XMLRPC_VALUE_TYPE get_zval_xmlrpc_type(zval* value, zval* newvalue) /* {{{ */

                             if ((type == xmlrpc_base64 && Z_TYPE_P(value) == IS_OBJECT) || type == xmlrpc_datetime) {
                                     if ((val = zend_hash_str_find(Z_OBJPROP_P(value), OBJECT_VALUE_ATTR, sizeof(OBJECT_VALUE_ATTR) - 1)) != NULL) {
    - ZVAL_COPY_VALUE(newvalue, val);
    + ZVAL_COPY(newvalue, val);
                                     }
                             } else {
    - ZVAL_COPY_VALUE(newvalue, value);
    + ZVAL_COPY(newvalue, value);
                             }
                     }
             }


    --
    PHP CVS Mailing List (http://www.php.net/)
    To unsubscribe, visit: http://www.php.net/unsub.php
  • Xinchen Hui at May 31, 2016 at 3:46 am
    Hey:
    On Tue, May 31, 2016 at 4:28 AM, Dmitry Stogov wrote:

    Hi Joe,

    Your fix is probably invalid.
    At least few tests started to leak memory after it.
    Bug #18916 (xmlrpc_set_type() not working)
    [ext/xmlrpc/tests/bug18916.phpt]
    Bug #42736 (xmlrpc_server_call_method() crashes)
    [ext/xmlrpc/tests/bug42736.phpt]
    Bug #45226 (xmlrpc_set_type() segfaults with valid ISO8601 date string)
    [ext/xmlrpc/tests/bug45226.phpt]
    Bug #50282 (xmlrpc_encode_request() changes object into array in calling
    function) [ext/xmlrpc/tests/bug50282.phpt]
    yeah, the fix is not right, I re-fixed here:
    https://github.com/php/php-src/commit/d1dd9b4558e9c1b2e86887f99c009063ee3eb5f4

    Joe, it's better to fix things in debug mode PHP, then you could see
    memleaks

    thanks
    Thanks. Dmitry.

    ________________________________________
    From: Joe Watkins <krakjoe@php.net>
    Sent: Monday, May 30, 2016 10:56:50 AM
    To: php-cvs@lists.php.net
    Subject: [PHP-CVS] com php-src: fix #72155 (use-after-free caused by
    get_zval_xmlrpc_type): NEWS ext/xmlrpc/xmlrpc-epi-php.c

    Commit: 1690dcb827e2b50eb575b1c6acadab0b8f248723
    Author: Joe Watkins <krakjoe@php.net> Mon, 30 May 2016
    08:56:50 +0100
    Parents: 0c5bd4d445ab09fd457882c06eff436eebb4c9bf
    Branches: master

    Link:
    http://git.php.net/?p=php-src.git;a=commitdiff;h=1690dcb827e2b50eb575b1c6acadab0b8f248723

    Log:
    fix #72155 (use-after-free caused by get_zval_xmlrpc_type)

    Bugs:
    https://bugs.php.net/72155

    Changed paths:
    M NEWS
    M ext/xmlrpc/xmlrpc-epi-php.c


    Diff:
    diff --git a/NEWS b/NEWS
    index 69ae578..9aa71bd 100644
    --- a/NEWS
    +++ b/NEWS
    @@ -32,6 +32,9 @@ PHP
    NEWS
    - XML:
    . Fixed #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)

    +- XMLRPC:
    + . Fixed #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe)
    +
    26 May 2016 PHP 7.0.7

    - Core:
    diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
    index ea62bdc..8daf262 100644
    --- a/ext/xmlrpc/xmlrpc-epi-php.c
    +++ b/ext/xmlrpc/xmlrpc-epi-php.c
    @@ -1368,10 +1368,10 @@ XMLRPC_VALUE_TYPE get_zval_xmlrpc_type(zval*
    value, zval* newvalue) /* {{{ */

    if ((type == xmlrpc_base64 && Z_TYPE_P(value) ==
    IS_OBJECT) || type == xmlrpc_datetime) {
    if ((val =
    zend_hash_str_find(Z_OBJPROP_P(value), OBJECT_VALUE_ATTR,
    sizeof(OBJECT_VALUE_ATTR) - 1)) != NULL) {
    - ZVAL_COPY_VALUE(newvalue, val);
    + ZVAL_COPY(newvalue, val);
    }
    } else {
    - ZVAL_COPY_VALUE(newvalue, value);
    + ZVAL_COPY(newvalue, value);
    }
    }
    }


    --
    PHP CVS Mailing List (http://www.php.net/)
    To unsubscribe, visit: http://www.php.net/unsub.php


    --
    Xinchen Hui
    @Laruence
    http://www.laruence.com/
  • Joe Watkins at May 31, 2016 at 5:25 am
    Morning,

         I thought I was in debug mode when I ran tests, sorry about that ...

    Cheers
    Joe
    On Tue, May 31, 2016 at 4:46 AM, Xinchen Hui wrote:

    Hey:
    On Tue, May 31, 2016 at 4:28 AM, Dmitry Stogov wrote:

    Hi Joe,

    Your fix is probably invalid.
    At least few tests started to leak memory after it.
    Bug #18916 (xmlrpc_set_type() not working)
    [ext/xmlrpc/tests/bug18916.phpt]
    Bug #42736 (xmlrpc_server_call_method() crashes)
    [ext/xmlrpc/tests/bug42736.phpt]
    Bug #45226 (xmlrpc_set_type() segfaults with valid ISO8601 date string)
    [ext/xmlrpc/tests/bug45226.phpt]
    Bug #50282 (xmlrpc_encode_request() changes object into array in
    calling function) [ext/xmlrpc/tests/bug50282.phpt]
    yeah, the fix is not right, I re-fixed here:
    https://github.com/php/php-src/commit/d1dd9b4558e9c1b2e86887f99c009063ee3eb5f4

    Joe, it's better to fix things in debug mode PHP, then you could see
    memleaks

    thanks
    Thanks. Dmitry.

    ________________________________________
    From: Joe Watkins <krakjoe@php.net>
    Sent: Monday, May 30, 2016 10:56:50 AM
    To: php-cvs@lists.php.net
    Subject: [PHP-CVS] com php-src: fix #72155 (use-after-free caused by
    get_zval_xmlrpc_type): NEWS ext/xmlrpc/xmlrpc-epi-php.c

    Commit: 1690dcb827e2b50eb575b1c6acadab0b8f248723
    Author: Joe Watkins <krakjoe@php.net> Mon, 30 May 2016
    08:56:50 +0100
    Parents: 0c5bd4d445ab09fd457882c06eff436eebb4c9bf
    Branches: master

    Link:
    http://git.php.net/?p=php-src.git;a=commitdiff;h=1690dcb827e2b50eb575b1c6acadab0b8f248723

    Log:
    fix #72155 (use-after-free caused by get_zval_xmlrpc_type)

    Bugs:
    https://bugs.php.net/72155

    Changed paths:
    M NEWS
    M ext/xmlrpc/xmlrpc-epi-php.c


    Diff:
    diff --git a/NEWS b/NEWS
    index 69ae578..9aa71bd 100644
    --- a/NEWS
    +++ b/NEWS
    @@ -32,6 +32,9 @@ PHP
    NEWS
    - XML:
    . Fixed #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)

    +- XMLRPC:
    + . Fixed #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe)
    +
    26 May 2016 PHP 7.0.7

    - Core:
    diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
    index ea62bdc..8daf262 100644
    --- a/ext/xmlrpc/xmlrpc-epi-php.c
    +++ b/ext/xmlrpc/xmlrpc-epi-php.c
    @@ -1368,10 +1368,10 @@ XMLRPC_VALUE_TYPE get_zval_xmlrpc_type(zval*
    value, zval* newvalue) /* {{{ */

    if ((type == xmlrpc_base64 && Z_TYPE_P(value) ==
    IS_OBJECT) || type == xmlrpc_datetime) {
    if ((val =
    zend_hash_str_find(Z_OBJPROP_P(value), OBJECT_VALUE_ATTR,
    sizeof(OBJECT_VALUE_ATTR) - 1)) != NULL) {
    - ZVAL_COPY_VALUE(newvalue, val);
    + ZVAL_COPY(newvalue, val);
    }
    } else {
    - ZVAL_COPY_VALUE(newvalue, value);
    + ZVAL_COPY(newvalue, value);
    }
    }
    }


    --
    PHP CVS Mailing List (http://www.php.net/)
    To unsubscribe, visit: http://www.php.net/unsub.php


    --
    Xinchen Hui
    @Laruence
    http://www.laruence.com/

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-cvs @
categoriesphp
postedMay 30, '16 at 7:57a
activeMay 31, '16 at 5:25a
posts4
users4
websitephp.net

People

Translate

site design / logo © 2019 Grokbase