mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 18:04:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug #73190: memcpy negative parameter _bc_new_num_ex

Browse Source 
(cherry picked from commit 40e7baab3c)
This commit is contained in:
Stanislav Malyshev 2016-10-03 00:09:02 -07:00 committed by Anatol Belski
parent f42cbd749c
commit 74b5662536
3 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Zend/zend_exceptions.c
View File

@ -293,10 +293,7 @@ ZEND_METHOD(exception, __construct)
#define CHECK_EXC_TYPE(name, type) \
pvalue = zend_read_property(i_get_exception_base(object), (object), name, sizeof(name) - 1, 1, &value); \
if (Z_TYPE_P(pvalue) != IS_NULL && Z_TYPE_P(pvalue) != type) { \
zval tmp; \
ZVAL_STRINGL(&tmp, name, sizeof(name) - 1); \
Z_OBJ_HANDLER_P(object, unset_property)(object, &tmp, NULL); \
zval_ptr_dtor(&tmp); \
zend_unset_property(i_get_exception_base(object), object, name, sizeof(name)-1); \
}
ZEND_METHOD(exception, __wakeup)
@ -309,7 +306,12 @@ ZEND_METHOD(exception, __wakeup)
CHECK_EXC_TYPE("file", IS_STRING);
CHECK_EXC_TYPE("line", IS_LONG);
CHECK_EXC_TYPE("trace", IS_ARRAY);
CHECK_EXC_TYPE("previous", IS_OBJECT);
pvalue = zend_read_property(i_get_exception_base(object), object, "previous", sizeof("previous")-1, 1, &value);
if (pvalue && Z_TYPE_P(pvalue) != IS_NULL && (Z_TYPE_P(pvalue) != IS_OBJECT ||
!instanceof_function(Z_OBJCE_P(pvalue), i_get_exception_base(object)) ||
pvalue == object)) {
zend_unset_property(i_get_exception_base(object), object, "previous", sizeof("previous")-1);
}
}
/* }}} */
@ -771,10 +773,24 @@ ZEND_METHOD(exception, __toString)
zend_string_release(file);
zval_ptr_dtor(&trace);
Z_OBJPROP_P(exception)->u.v.nApplyCount++;
exception = GET_PROPERTY(exception, "previous");
if (exception && Z_TYPE_P(exception) == IS_OBJECT && Z_OBJPROP_P(exception)->u.v.nApplyCount > 0) {
exception = NULL;
}
}
zval_dtor(&fname);
/* Reset apply counts */
while (exception && Z_TYPE_P(exception) == IS_OBJECT && (base_ce = i_get_exception_base(exception)) && instanceof_function(Z_OBJCE_P(exception), base_ce)) {
if(Z_OBJPROP_P(exception)->u.v.nApplyCount) {
Z_OBJPROP_P(exception)->u.v.nApplyCount--;
} else {
break;
}
exception = GET_PROPERTY(exception, "previous");
}
exception = getThis();
base_ce = i_get_exception_base(exception);

5
ext/bcmath/libbcmath/src/init.c
View File

@ -49,7 +49,10 @@ _bc_new_num_ex (length, scale, persistent)
int length, scale, persistent;
{
bc_num temp;
/* PHP Change: add length check */
if ((size_t)length+(size_t)scale > INT_MAX) {
zend_error(E_ERROR, "Result too long, max is %d", INT_MAX);
}
/* PHP Change: malloc() -> pemalloc(), removed free_list code */
temp = (bc_num) safe_pemalloc (1, sizeof(bc_struct)+length, scale, persistent);
#if 0

3
ext/bcmath/libbcmath/src/outofmem.c
View File

@ -41,6 +41,5 @@
void bc_out_of_memory (void)
{
(void) fprintf (stderr, "bcmath: out of memory!\n");
exit (1);
zend_error_noreturn(E_ERROR, "bcmath: out of memory!");
}