diff options
| author | Felipe Pena <felipe@php.net> | 2008-11-11 13:28:22 +0000 |
|---|---|---|
| committer | Felipe Pena <felipe@php.net> | 2008-11-11 13:28:22 +0000 |
| commit | 9178503610d4ec57409005863558fa2b32313ad2 (patch) | |
| tree | d756e0ed6e3d2cd4a159045b42c5a2ee2a421d67 | |
| parent | 5fc86e021399dd475eae103b947a99c2074f5b75 (diff) | |
| download | php-git-9178503610d4ec57409005863558fa2b32313ad2.tar.gz | |
MFH:
- Added ZEND_FETCH_RESOURCE2_NO_RETURN() (a version of ZEND_FETCH_RESOURCE2 but without the ZEND_VERIFY_RESOURCE() which contains RETURN_FALSE)
- Fixed bug #46543 (ibase_trans() memory leaks when using wrong parameters)
| -rw-r--r-- | Zend/zend_list.h | 3 | ||||
| -rw-r--r-- | ext/interbase/interbase.c | 15 | ||||
| -rw-r--r-- | ext/interbase/tests/bug46543.phpt | 28 |
3 files changed, 42 insertions, 4 deletions
diff --git a/Zend/zend_list.h b/Zend/zend_list.h index ffd54cb14d..503f13c53c 100644 --- a/Zend/zend_list.h +++ b/Zend/zend_list.h @@ -99,6 +99,9 @@ extern ZEND_API int le_index_ptr; /* list entry type for index pointers */ #define ZEND_FETCH_RESOURCE2(rsrc, rsrc_type, passed_id, default_id, resource_type_name, resource_type1, resource_type2) \ rsrc = (rsrc_type) zend_fetch_resource(passed_id TSRMLS_CC, default_id, resource_type_name, NULL, 2, resource_type1, resource_type2); \ ZEND_VERIFY_RESOURCE(rsrc); + +#define ZEND_FETCH_RESOURCE2_NO_RETURN(rsrc, rsrc_type, passed_id, default_id, resource_type_name, resource_type1, resource_type2) \ + (rsrc = (rsrc_type) zend_fetch_resource(passed_id TSRMLS_CC, default_id, resource_type_name, NULL, 2, resource_type1, resource_type2)) #define ZEND_REGISTER_RESOURCE(rsrc_result, rsrc_pointer, rsrc_type) \ zend_register_resource(rsrc_result, rsrc_pointer, rsrc_type); diff --git a/ext/interbase/interbase.c b/ext/interbase/interbase.c index 63f440223e..56d64c0936 100644 --- a/ext/interbase/interbase.c +++ b/ext/interbase/interbase.c @@ -1214,8 +1214,13 @@ PHP_FUNCTION(ibase_trans) if (Z_TYPE_PP(args[i]) == IS_RESOURCE) { - ZEND_FETCH_RESOURCE2(ib_link[link_cnt], ibase_db_link *, args[i], -1, - LE_LINK, le_link, le_plink); + if (!ZEND_FETCH_RESOURCE2_NO_RETURN(ib_link[link_cnt], ibase_db_link *, args[i], -1, LE_LINK, le_link, le_plink)) { + efree(teb); + efree(tpb); + efree(ib_link); + efree(args); + RETURN_FALSE; + } /* copy the most recent modifier string into tbp[] */ memcpy(&tpb[TPB_MAX_SIZE * link_cnt], last_tpb, TPB_MAX_SIZE); @@ -1279,8 +1284,10 @@ PHP_FUNCTION(ibase_trans) if (link_cnt == 0) { link_cnt = 1; - ZEND_FETCH_RESOURCE2(ib_link[0], ibase_db_link *, NULL, IBG(default_link), LE_LINK, - le_link, le_plink); + if (!ZEND_FETCH_RESOURCE2_NO_RETURN(ib_link[0], ibase_db_link *, NULL, IBG(default_link), LE_LINK, le_link, le_plink)) { + efree(ib_link); + RETURN_FALSE; + } result = isc_start_transaction(IB_STATUS, &tr_handle, 1, &ib_link[0]->handle, tpb_len, last_tpb); } diff --git a/ext/interbase/tests/bug46543.phpt b/ext/interbase/tests/bug46543.phpt new file mode 100644 index 0000000000..59e088c3d0 --- /dev/null +++ b/ext/interbase/tests/bug46543.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #46543 (ibase_trans() memory leaks when using wrong parameters) +--SKIPIF-- +<?php include("skipif.inc"); ?> +--FILE-- +<?php + +require("interbase.inc"); + +@ibase_close(); + +ibase_trans(1); +ibase_trans(); +ibase_trans('foo'); +ibase_trans(fopen(__FILE__, 'r')); + +$x = ibase_connect($test_base); +ibase_trans(1, 2, $x, $x, 3); + +?> +--EXPECTF-- +Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d + +Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d + +Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d + +Warning: ibase_trans(): supplied resource is not a valid Firebird/InterBase link resource in %s on line %d |