mirror of
https://github.com/php/php-src.git
synced 2024-12-02 22:34:55 +08:00
Merge branch 'PHP-8.3'
* PHP-8.3: Fix GH-12929: SimpleXMLElement with stream_wrapper_register can segfault Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash Fix GH-12962: Double free of init_file in phpdbg_prompt.c
This commit is contained in:
Niels Dossche
commit
61b7370b6d
@ -415,8 +415,6 @@ long_dim:
|
||||
|
||||
GET_NODE(sxe, node);
|
||||
|
||||
php_libxml_invalidate_node_list_cache_from_doc(node->doc);
|
||||
|
||||
if (sxe->iter.type == SXE_ITER_ATTRLIST) {
|
||||
attribs = 1;
|
||||
elements = 0;
|
||||
@ -477,6 +475,8 @@ long_dim:
|
||||
}
|
||||
|
||||
if (node) {
|
||||
php_libxml_invalidate_node_list_cache_from_doc(node->doc);
|
||||
|
||||
if (attribs) {
|
||||
if (Z_TYPE_P(member) == IS_LONG) {
|
||||
while (attr && nodendx <= Z_LVAL_P(member)) {
|
||||
@ -619,6 +619,9 @@ static zval *sxe_property_get_adr(zend_object *object, zend_string *zname, int f
|
||||
|
||||
sxe = php_sxe_fetch_object(object);
|
||||
GET_NODE(sxe, node);
|
||||
if (UNEXPECTED(!node)) {
|
||||
return &EG(error_zval);
|
||||
}
|
||||
name = ZSTR_VAL(zname);
|
||||
node = sxe_get_element_by_name(sxe, node, name, &type);
|
||||
if (node) {
|
||||
@ -788,8 +791,6 @@ static void sxe_prop_dim_delete(zend_object *object, zval *member, bool elements
|
||||
|
||||
GET_NODE(sxe, node);
|
||||
|
||||
php_libxml_invalidate_node_list_cache_from_doc(node->doc);
|
||||
|
||||
if (Z_TYPE_P(member) == IS_LONG) {
|
||||
if (sxe->iter.type != SXE_ITER_ATTRLIST) {
|
||||
attribs = 0;
|
||||
@ -813,6 +814,8 @@ static void sxe_prop_dim_delete(zend_object *object, zval *member, bool elements
|
||||
}
|
||||
|
||||
if (node) {
|
||||
php_libxml_invalidate_node_list_cache_from_doc(node->doc);
|
||||
|
||||
if (attribs) {
|
||||
if (Z_TYPE_P(member) == IS_LONG) {
|
||||
int nodendx = 0;
|
||||
@ -1639,8 +1642,6 @@ PHP_METHOD(SimpleXMLElement, addChild)
|
||||
sxe = Z_SXEOBJ_P(ZEND_THIS);
|
||||
GET_NODE(sxe, node);
|
||||
|
||||
php_libxml_invalidate_node_list_cache_from_doc(node->doc);
|
||||
|
||||
if (sxe->iter.type == SXE_ITER_ATTRLIST) {
|
||||
php_error_docref(NULL, E_WARNING, "Cannot add element to attributes");
|
||||
return;
|
||||
@ -1653,6 +1654,8 @@ PHP_METHOD(SimpleXMLElement, addChild)
|
||||
return;
|
||||
}
|
||||
|
||||
php_libxml_invalidate_node_list_cache_from_doc(node->doc);
|
||||
|
||||
localname = xmlSplitQName2((xmlChar *)qname, &prefix);
|
||||
if (localname == NULL) {
|
||||
localname = xmlStrdup((xmlChar *)qname);
|
||||
|
||||
17
ext/simplexml/tests/get_prop_address_not_initialized.phpt
Normal file
17
ext/simplexml/tests/get_prop_address_not_initialized.phpt
Normal file
@ -0,0 +1,17 @@
|
||||
--TEST--
|
||||
Getting the address of an uninitialized property of a SimpleXMLElement
|
||||
--EXTENSIONS--
|
||||
simplexml
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$rc = new ReflectionClass('SimpleXMLElement');
|
||||
$sxe = $rc->newInstanceWithoutConstructor();
|
||||
$sxe->a['b'] = 'b';
|
||||
|
||||
?>
|
||||
--EXPECTF--
|
||||
Fatal error: Uncaught Error: SimpleXMLElement is not properly initialized in %s:%d
|
||||
Stack trace:
|
||||
#0 {main}
|
||||
thrown in %s on line %d
|
||||
29
ext/simplexml/tests/gh12929.phpt
Normal file
29
ext/simplexml/tests/gh12929.phpt
Normal file
@ -0,0 +1,29 @@
|
||||
--TEST--
|
||||
GH-12929 (SimpleXMLElement with stream_wrapper_register can segfault)
|
||||
--EXTENSIONS--
|
||||
simplexml
|
||||
--FILE--
|
||||
<?php
|
||||
$scheme = "foo1";
|
||||
stream_wrapper_register($scheme, "SimpleXMLIterator");
|
||||
try {
|
||||
file_get_contents($scheme . "://x");
|
||||
} catch (Error $e) {
|
||||
echo $e->getMessage(), "\n";
|
||||
echo $e->getPrevious()->getMessage(), "\n";
|
||||
}
|
||||
|
||||
$scheme = "foo2";
|
||||
stream_wrapper_register($scheme, "SimpleXMLElement");
|
||||
try {
|
||||
file_get_contents($scheme . "://x");
|
||||
} catch (Error $e) {
|
||||
echo $e->getMessage(), "\n";
|
||||
echo $e->getPrevious()->getMessage(), "\n";
|
||||
}
|
||||
?>
|
||||
--EXPECT--
|
||||
It's not possible to assign a complex type to properties, resource given
|
||||
SimpleXMLElement is not properly initialized
|
||||
It's not possible to assign a complex type to properties, resource given
|
||||
SimpleXMLElement is not properly initialized
|
||||
@ -363,7 +363,7 @@ void phpdbg_init(char *init_file, size_t init_file_len, bool use_default) /* {{{
|
||||
}
|
||||
|
||||
ZEND_IGNORE_VALUE(asprintf(&init_file, "%s/%s", scan_dir, PHPDBG_INIT_FILENAME));
|
||||
phpdbg_try_file_init(init_file, strlen(init_file), 1);
|
||||
phpdbg_try_file_init(init_file, strlen(init_file), 0);
|
||||
free(init_file);
|
||||
if (i == -1) {
|
||||
break;
|
||||
|
||||
13
sapi/phpdbg/tests/gh12962.phpt
Normal file
13
sapi/phpdbg/tests/gh12962.phpt
Normal file
@ -0,0 +1,13 @@
|
||||
--TEST--
|
||||
GH-12962 (Double free of init_file in phpdbg_prompt.c)
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!getenv('TEST_PHPDBG_EXECUTABLE')) die("SKIP: No TEST_PHPDBG_EXECUTABLE specified");
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
putenv('PHP_INI_SCAN_DIR='.__DIR__."/gh12962");
|
||||
passthru($_ENV['TEST_PHPDBG_EXECUTABLE'] . " -q");
|
||||
?>
|
||||
--EXPECT--
|
||||
Executed .phpdbginit
|
||||
2
sapi/phpdbg/tests/gh12962/.phpdbginit
Normal file
2
sapi/phpdbg/tests/gh12962/.phpdbginit
Normal file
@ -0,0 +1,2 @@
|
||||
ev "Executed .phpdbginit"
|
||||
q
|
||||
Loading…
Reference in New Issue
Block a user