mirror of
https://github.com/php/php-src.git
synced 2024-11-24 10:24:11 +08:00
Fix #68760: Fix freeing null segfault. Added test for behaviour.
This commit is contained in:
Danack
Stanislav Malyshev
parent
63d7cd7d5b
commit
1ec430d4ed
4
NEWS
4
NEWS
@ -36,6 +36,10 @@ PHP NEWS
|
||||
. Fixed bug #69227 (Use after free in zval_scan caused by
|
||||
spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
|
||||
|
||||
- SQLITE:
|
||||
. Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
|
||||
(Dan Ackroyd)
|
||||
|
||||
19 Mar 2015, PHP 5.6.7
|
||||
|
||||
- Core:
|
||||
|
||||
@ -906,16 +906,21 @@ static int php_sqlite3_callback_compare(void *coll, int a_len, const void *a, in
|
||||
efree(zargs[1]);
|
||||
efree(zargs);
|
||||
|
||||
//retval ought to contain a ZVAL_LONG by now
|
||||
// (the result of a comparison, i.e. most likely -1, 0, or 1)
|
||||
//I suppose we could accept any scalar return type, though.
|
||||
if (Z_TYPE_P(retval) != IS_LONG){
|
||||
if (!retval) {
|
||||
//Exception was thrown by callback, default to 0 for compare
|
||||
ret = 0;
|
||||
} else if (Z_TYPE_P(retval) != IS_LONG) {
|
||||
//retval ought to contain a ZVAL_LONG by now
|
||||
// (the result of a comparison, i.e. most likely -1, 0, or 1)
|
||||
//I suppose we could accept any scalar return type, though.
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "An error occurred while invoking the compare callback (invalid return type). Collation behaviour is undefined.");
|
||||
}else{
|
||||
} else {
|
||||
ret = Z_LVAL_P(retval);
|
||||
}
|
||||
|
||||
zval_ptr_dtor(&retval);
|
||||
if (retval) {
|
||||
zval_ptr_dtor(&retval);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
32
ext/sqlite3/tests/bug68760.phpt
Normal file
32
ext/sqlite3/tests/bug68760.phpt
Normal file
@ -0,0 +1,32 @@
|
||||
--TEST--
|
||||
Bug #68760 (Callback throws exception behaviour. Segfault in 5.6)
|
||||
--FILE--
|
||||
<?php
|
||||
function oopsFunction($a, $b) {
|
||||
echo "callback";
|
||||
throw new \Exception("oops");
|
||||
}
|
||||
|
||||
$db = new SQLite3(":memory:");
|
||||
$db->exec("CREATE TABLE test (col1 string)");
|
||||
$db->exec("INSERT INTO test VALUES ('a1')");
|
||||
$db->exec("INSERT INTO test VALUES ('a10')");
|
||||
$db->exec("INSERT INTO test VALUES ('a2')");
|
||||
|
||||
try {
|
||||
$db->createCollation('NATURAL_CMP', 'oopsFunction');
|
||||
$naturalSort = $db->query("SELECT col1 FROM test ORDER BY col1 COLLATE NATURAL_CMP");
|
||||
while ($row = $naturalSort->fetchArray()) {
|
||||
echo $row['col1'], "\n";
|
||||
}
|
||||
$db->close();
|
||||
}
|
||||
catch(\Exception $e) {
|
||||
echo "Exception: ".$e->getMessage();
|
||||
}
|
||||
?>
|
||||
--EXPECTF--
|
||||
callback
|
||||
Warning: SQLite3::query(): An error occurred while invoking the compare callback in %a/bug68760.php on line %i
|
||||
Exception: oops
|
||||
|
||||
Loading…
Reference in New Issue
Block a user