-
-
Save anonymous/7e128b2eead665b9127ad836ce2e709a to your computer and use it in GitHub Desktop.
Patch for 72099
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit bdf55f7af884f15bbec4b48aebf41d7dfef880e6 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Sun Apr 24 23:50:57 2016 -0700 | |
Fix bug #72099: xml_parse_into_struct segmentation fault | |
diff --git a/ext/xml/tests/bug72099.phpt b/ext/xml/tests/bug72099.phpt | |
new file mode 100644 | |
index 0000000..50173a6 | |
--- /dev/null | |
+++ b/ext/xml/tests/bug72099.phpt | |
@@ -0,0 +1,17 @@ | |
+--TEST-- | |
+Bug #72099: xml_parse_into_struct segmentation fault | |
+--SKIPIF-- | |
+<?php | |
+require_once("skipif.inc"); | |
+?> | |
+--FILE-- | |
+<?php | |
+$var1=xml_parser_create_ns(); | |
+$var2=str_repeat("a", 10); | |
+$var3=[]; | |
+$var4=[]; | |
+xml_parse_into_struct($var1, $var2, $var3, $var4); | |
+var_dump($var3); | |
+--EXPECT-- | |
+array(0) { | |
+} | |
\ No newline at end of file | |
diff --git a/ext/xml/xml.c b/ext/xml/xml.c | |
index 84d4253..5277588 100644 | |
--- a/ext/xml/xml.c | |
+++ b/ext/xml/xml.c | |
@@ -283,7 +283,7 @@ xml_encoding xml_encodings[] = { | |
static XML_Memory_Handling_Suite php_xml_mem_hdlrs; | |
/* True globals, no need for thread safety */ | |
-static int le_xml_parser; | |
+static int le_xml_parser; | |
/* }}} */ | |
@@ -343,7 +343,7 @@ PHP_MINIT_FUNCTION(xml) | |
REGISTER_LONG_CONSTANT("XML_OPTION_SKIP_WHITE", PHP_XML_OPTION_SKIP_WHITE, CONST_CS|CONST_PERSISTENT); | |
/* this object should not be pre-initialised at compile time, | |
- as the order of members may vary */ | |
+ as the order of members may vary */ | |
php_xml_mem_hdlrs.malloc_fcn = php_xml_malloc_wrapper; | |
php_xml_mem_hdlrs.realloc_fcn = php_xml_realloc_wrapper; | |
@@ -404,7 +404,7 @@ static zval *_xml_xmlchar_zval(const XML_Char *s, int len, const XML_Char *encod | |
{ | |
zval *ret; | |
MAKE_STD_ZVAL(ret); | |
- | |
+ | |
if (s == NULL) { | |
ZVAL_FALSE(ret); | |
return ret; | |
@@ -422,7 +422,7 @@ static zval *_xml_xmlchar_zval(const XML_Char *s, int len, const XML_Char *encod | |
static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) | |
{ | |
xml_parser *parser = (xml_parser *)rsrc->ptr; | |
- | |
+ | |
if (parser->parser) { | |
XML_ParserFree(parser->parser); | |
} | |
@@ -503,7 +503,7 @@ static void xml_set_handler(zval **handler, zval **data) | |
/* {{{ xml_call_handler() */ | |
static zval *xml_call_handler(xml_parser *parser, zval *handler, zend_function *function_ptr, int argc, zval **argv) | |
{ | |
- int i; | |
+ int i; | |
TSRMLS_FETCH(); | |
if (parser && handler && !EG(exception)) { | |
@@ -516,7 +516,7 @@ static zval *xml_call_handler(xml_parser *parser, zval *handler, zend_function * | |
for (i = 0; i < argc; i++) { | |
args[i] = &argv[i]; | |
} | |
- | |
+ | |
fci.size = sizeof(fci); | |
fci.function_table = EG(function_table); | |
fci.function_name = handler; | |
@@ -540,7 +540,7 @@ static zval *xml_call_handler(xml_parser *parser, zval *handler, zend_function * | |
Z_TYPE_PP(obj) == IS_OBJECT && | |
Z_TYPE_PP(method) == IS_STRING) { | |
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call handler %s::%s()", Z_OBJCE_PP(obj)->name, Z_STRVAL_PP(method)); | |
- } else | |
+ } else | |
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call handler"); | |
} | |
@@ -739,14 +739,14 @@ static void _xml_add_to_info(xml_parser *parser,char *name) | |
if (zend_hash_find(Z_ARRVAL_P(parser->info),name,strlen(name) + 1,(void **) &element) == FAILURE) { | |
MAKE_STD_ZVAL(values); | |
- | |
+ | |
array_init(values); | |
- | |
+ | |
zend_hash_update(Z_ARRVAL_P(parser->info), name, strlen(name)+1, (void *) &values, sizeof(zval*), (void **) &element); | |
- } | |
- | |
+ } | |
+ | |
add_next_index_long(*element,parser->curtag); | |
- | |
+ | |
parser->curtag++; | |
} | |
/* }}} */ | |
@@ -798,11 +798,11 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch | |
efree(att); | |
} | |
- | |
+ | |
if ((retval = xml_call_handler(parser, parser->startElementHandler, parser->startElementPtr, 3, args))) { | |
zval_ptr_dtor(&retval); | |
} | |
- } | |
+ } | |
if (parser->data) { | |
if (parser->level <= XML_MAXLEVEL) { | |
@@ -874,7 +874,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) | |
if ((retval = xml_call_handler(parser, parser->endElementHandler, parser->endElementPtr, 2, args))) { | |
zval_ptr_dtor(&retval); | |
} | |
- } | |
+ } | |
if (parser->data) { | |
zval *tag; | |
@@ -885,13 +885,13 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) | |
MAKE_STD_ZVAL(tag); | |
array_init(tag); | |
- | |
+ | |
_xml_add_to_info(parser,((char *) tag_name) + parser->toffset); | |
add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ | |
add_assoc_string(tag,"type","close",1); | |
add_assoc_long(tag,"level",parser->level); | |
- | |
+ | |
zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); | |
} | |
@@ -923,7 +923,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) | |
if ((retval = xml_call_handler(parser, parser->characterDataHandler, parser->characterDataPtr, 2, args))) { | |
zval_ptr_dtor(&retval); | |
} | |
- } | |
+ } | |
if (parser->data) { | |
int i; | |
@@ -931,7 +931,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) | |
char *decoded_value; | |
int decoded_len; | |
- | |
+ | |
decoded_value = xml_utf8_decode(s,len,&decoded_len,parser->target_encoding); | |
for (i = 0; i < decoded_len; i++) { | |
switch (decoded_value[i]) { | |
@@ -950,7 +950,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) | |
if (doprint || (! parser->skipwhite)) { | |
if (parser->lastwasopen) { | |
zval **myval; | |
- | |
+ | |
/* check if the current tag already has a value - if yes append to that! */ | |
if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { | |
int newlen = Z_STRLEN_PP(myval) + decoded_len; | |
@@ -961,7 +961,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) | |
} else { | |
add_assoc_string(*(parser->ctag),"value",decoded_value,0); | |
} | |
- | |
+ | |
} else { | |
zval *tag; | |
zval **curtag, **mytype, **myval; | |
@@ -984,7 +984,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) | |
} | |
} | |
- if (parser->level <= XML_MAXLEVEL) { | |
+ if (parser->level <= XML_MAXLEVEL && parser->level > 0) { | |
MAKE_STD_ZVAL(tag); | |
array_init(tag); | |
@@ -1046,8 +1046,8 @@ void _xml_defaultHandler(void *userData, const XML_Char *s, int len) | |
/* }}} */ | |
/* {{{ _xml_unparsedEntityDeclHandler() */ | |
-void _xml_unparsedEntityDeclHandler(void *userData, | |
- const XML_Char *entityName, | |
+void _xml_unparsedEntityDeclHandler(void *userData, | |
+ const XML_Char *entityName, | |
const XML_Char *base, | |
const XML_Char *systemId, | |
const XML_Char *publicId, | |
@@ -1172,9 +1172,9 @@ static void php_xml_parser_create_impl(INTERNAL_FUNCTION_PARAMETERS, int ns_supp | |
char *ns_param = NULL; | |
int ns_param_len = 0; | |
- | |
+ | |
XML_Char *encoding; | |
- | |
+ | |
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, (ns_support ? "|ss": "|s"), &encoding_param, &encoding_param_len, &ns_param, &ns_param_len) == FAILURE) { | |
RETURN_FALSE; | |
} | |
@@ -1220,15 +1220,15 @@ static void php_xml_parser_create_impl(INTERNAL_FUNCTION_PARAMETERS, int ns_supp | |
} | |
/* }}} */ | |
-/* {{{ proto resource xml_parser_create([string encoding]) | |
+/* {{{ proto resource xml_parser_create([string encoding]) | |
Create an XML parser */ | |
PHP_FUNCTION(xml_parser_create) | |
{ | |
- php_xml_parser_create_impl(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0); | |
+ php_xml_parser_create_impl(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0); | |
} | |
/* }}} */ | |
-/* {{{ proto resource xml_parser_create_ns([string encoding [, string sep]]) | |
+/* {{{ proto resource xml_parser_create_ns([string encoding [, string sep]]) | |
Create an XML parser */ | |
PHP_FUNCTION(xml_parser_create_ns) | |
{ | |
@@ -1236,7 +1236,7 @@ PHP_FUNCTION(xml_parser_create_ns) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_object(resource parser, object &obj) | |
+/* {{{ proto int xml_set_object(resource parser, object &obj) | |
Set up object which should be used for callbacks */ | |
PHP_FUNCTION(xml_set_object) | |
{ | |
@@ -1256,7 +1256,7 @@ PHP_FUNCTION(xml_set_object) | |
/* please leave this commented - or ask thies@thieso.net before doing it (again) */ | |
/* #ifdef ZEND_ENGINE_2 | |
- zval_add_ref(&parser->object); | |
+ zval_add_ref(&parser->object); | |
#endif */ | |
ALLOC_ZVAL(parser->object); | |
@@ -1266,7 +1266,7 @@ PHP_FUNCTION(xml_set_object) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_element_handler(resource parser, string shdl, string ehdl) | |
+/* {{{ proto int xml_set_element_handler(resource parser, string shdl, string ehdl) | |
Set up start and end element handlers */ | |
PHP_FUNCTION(xml_set_element_handler) | |
{ | |
@@ -1286,7 +1286,7 @@ PHP_FUNCTION(xml_set_element_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_character_data_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_character_data_handler(resource parser, string hdl) | |
Set up character data handler */ | |
PHP_FUNCTION(xml_set_character_data_handler) | |
{ | |
@@ -1305,7 +1305,7 @@ PHP_FUNCTION(xml_set_character_data_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_processing_instruction_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_processing_instruction_handler(resource parser, string hdl) | |
Set up processing instruction (PI) handler */ | |
PHP_FUNCTION(xml_set_processing_instruction_handler) | |
{ | |
@@ -1324,7 +1324,7 @@ PHP_FUNCTION(xml_set_processing_instruction_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_default_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_default_handler(resource parser, string hdl) | |
Set up default handler */ | |
PHP_FUNCTION(xml_set_default_handler) | |
{ | |
@@ -1342,7 +1342,7 @@ PHP_FUNCTION(xml_set_default_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_unparsed_entity_decl_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_unparsed_entity_decl_handler(resource parser, string hdl) | |
Set up unparsed entity declaration handler */ | |
PHP_FUNCTION(xml_set_unparsed_entity_decl_handler) | |
{ | |
@@ -1361,7 +1361,7 @@ PHP_FUNCTION(xml_set_unparsed_entity_decl_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_notation_decl_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_notation_decl_handler(resource parser, string hdl) | |
Set up notation declaration handler */ | |
PHP_FUNCTION(xml_set_notation_decl_handler) | |
{ | |
@@ -1379,7 +1379,7 @@ PHP_FUNCTION(xml_set_notation_decl_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_external_entity_ref_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_external_entity_ref_handler(resource parser, string hdl) | |
Set up external entity reference handler */ | |
PHP_FUNCTION(xml_set_external_entity_ref_handler) | |
{ | |
@@ -1397,7 +1397,7 @@ PHP_FUNCTION(xml_set_external_entity_ref_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_start_namespace_decl_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_start_namespace_decl_handler(resource parser, string hdl) | |
Set up character data handler */ | |
PHP_FUNCTION(xml_set_start_namespace_decl_handler) | |
{ | |
@@ -1416,7 +1416,7 @@ PHP_FUNCTION(xml_set_start_namespace_decl_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_set_end_namespace_decl_handler(resource parser, string hdl) | |
+/* {{{ proto int xml_set_end_namespace_decl_handler(resource parser, string hdl) | |
Set up character data handler */ | |
PHP_FUNCTION(xml_set_end_namespace_decl_handler) | |
{ | |
@@ -1435,7 +1435,7 @@ PHP_FUNCTION(xml_set_end_namespace_decl_handler) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_parse(resource parser, string data [, int isFinal]) | |
+/* {{{ proto int xml_parse(resource parser, string data [, int isFinal]) | |
Start parsing an XML document */ | |
PHP_FUNCTION(xml_parse) | |
{ | |
@@ -1471,8 +1471,8 @@ PHP_FUNCTION(xml_parse_into_struct) | |
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsZ|Z", &pind, &data, &data_len, &xdata, &info) == FAILURE) { | |
return; | |
} | |
- | |
- if (info) { | |
+ | |
+ if (info) { | |
zval_dtor(*info); | |
array_init(*info); | |
} | |
@@ -1483,11 +1483,11 @@ PHP_FUNCTION(xml_parse_into_struct) | |
array_init(*xdata); | |
parser->data = *xdata; | |
- | |
+ | |
if (info) { | |
parser->info = *info; | |
} | |
- | |
+ | |
parser->level = 0; | |
parser->ltags = safe_emalloc(XML_MAXLEVEL, sizeof(char *), 0); | |
@@ -1503,7 +1503,7 @@ PHP_FUNCTION(xml_parse_into_struct) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_get_error_code(resource parser) | |
+/* {{{ proto int xml_get_error_code(resource parser) | |
Get XML parser error code */ | |
PHP_FUNCTION(xml_get_error_code) | |
{ | |
@@ -1537,7 +1537,7 @@ PHP_FUNCTION(xml_error_string) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_get_current_line_number(resource parser) | |
+/* {{{ proto int xml_get_current_line_number(resource parser) | |
Get current line number for an XML parser */ | |
PHP_FUNCTION(xml_get_current_line_number) | |
{ | |
@@ -1569,7 +1569,7 @@ PHP_FUNCTION(xml_get_current_column_number) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_get_current_byte_index(resource parser) | |
+/* {{{ proto int xml_get_current_byte_index(resource parser) | |
Get current byte index for an XML parser */ | |
PHP_FUNCTION(xml_get_current_byte_index) | |
{ | |
@@ -1585,7 +1585,7 @@ PHP_FUNCTION(xml_get_current_byte_index) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_parser_free(resource parser) | |
+/* {{{ proto int xml_parser_free(resource parser) | |
Free an XML parser */ | |
PHP_FUNCTION(xml_parser_free) | |
{ | |
@@ -1611,7 +1611,7 @@ PHP_FUNCTION(xml_parser_free) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_parser_set_option(resource parser, int option, mixed value) | |
+/* {{{ proto int xml_parser_set_option(resource parser, int option, mixed value) | |
Set options in an XML parser */ | |
PHP_FUNCTION(xml_parser_set_option) | |
{ | |
@@ -1657,7 +1657,7 @@ PHP_FUNCTION(xml_parser_set_option) | |
} | |
/* }}} */ | |
-/* {{{ proto int xml_parser_get_option(resource parser, int option) | |
+/* {{{ proto int xml_parser_get_option(resource parser, int option) | |
Get options from an XML parser */ | |
PHP_FUNCTION(xml_parser_get_option) | |
{ | |
@@ -1687,7 +1687,7 @@ PHP_FUNCTION(xml_parser_get_option) | |
} | |
/* }}} */ | |
-/* {{{ proto string utf8_encode(string data) | |
+/* {{{ proto string utf8_encode(string data) | |
Encodes an ISO-8859-1 string to UTF-8 */ | |
PHP_FUNCTION(utf8_encode) | |
{ | |
@@ -1707,7 +1707,7 @@ PHP_FUNCTION(utf8_encode) | |
} | |
/* }}} */ | |
-/* {{{ proto string utf8_decode(string data) | |
+/* {{{ proto string utf8_decode(string data) | |
Converts a UTF-8 encoded string to ISO-8859-1 */ | |
PHP_FUNCTION(utf8_decode) | |
{ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment