diff options
| author | Zeev Suraski <zeev@php.net> | 2000-12-13 22:50:10 +0000 |
|---|---|---|
| committer | Zeev Suraski <zeev@php.net> | 2000-12-13 22:50:10 +0000 |
| commit | be895bcb96157b5a36d1183d3b9567ede57a45f8 (patch) | |
| tree | cd2316a2753fd7c9837a8d71c3585d8dbf5c18c7 /ext | |
| parent | 0e41e3c7cfa369fd261dca2caf9ad7083da86b69 (diff) | |
| download | php-git-be895bcb96157b5a36d1183d3b9567ede57a45f8.tar.gz | |
Fix call_user_function() with objects - it could leak under certain circumstances
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/standard/basic_functions.c | 4 | ||||
| -rw-r--r-- | ext/standard/exec.c | 3 | ||||
| -rw-r--r-- | ext/standard/var.c | 4 | ||||
| -rw-r--r-- | ext/wddx/wddx.c | 4 | ||||
| -rw-r--r-- | ext/xml/xml.c | 2 |
5 files changed, 9 insertions, 8 deletions
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index ada3bd0d5e..5bcea01d01 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1618,7 +1618,7 @@ PHP_FUNCTION(call_user_method) SEPARATE_ZVAL(params[0]); SEPARATE_ZVAL(params[1]); convert_to_string(*params[0]); - if (call_user_function_ex(CG(function_table), *params[1], *params[0], &retval_ptr, arg_count-2, params+2, 1, NULL)==SUCCESS + if (call_user_function_ex(CG(function_table), *params[1], params[0], &retval_ptr, arg_count-2, params+2, 1, NULL)==SUCCESS && retval_ptr) { COPY_PZVAL_TO_ZVAL(*return_value, retval_ptr); } else { @@ -1659,7 +1659,7 @@ PHP_FUNCTION(call_user_method_array) zend_hash_move_forward(params_ar)) element++; - if (call_user_function_ex(CG(function_table), *obj, *method_name, &retval_ptr, num_elems, method_args, 1, NULL) == SUCCESS + if (call_user_function_ex(CG(function_table), obj, *method_name, &retval_ptr, num_elems, method_args, 1, NULL) == SUCCESS && retval_ptr) { COPY_PZVAL_TO_ZVAL(*return_value, retval_ptr); } else { diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 1adaa2b2e6..cfa1abf033 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -421,7 +421,8 @@ PHP_FUNCTION(shell_exec) allocated_space = EXEC_INPUT_BUF; ret = (char *) emalloc(allocated_space); while (1) { - readbytes = fread(ret+total_readbytes,1,EXEC_INPUT_BUF,in); +// readbytes = fread(ret+total_readbytes,1,EXEC_INPUT_BUF,in); + readbytes = fread(ret+total_readbytes,1,5,in); if (readbytes<=0) { break; } diff --git a/ext/standard/var.c b/ext/standard/var.c index 84c04ed333..0eb531eefb 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -240,7 +240,7 @@ void php_var_serialize(pval *buf, pval **struc, HashTable *var_hash) MAKE_STD_ZVAL(fname); ZVAL_STRING(fname,"__sleep",1); - res = call_user_function_ex(CG(function_table), *struc, fname, &retval_ptr, 0, 0, 1, NULL); + res = call_user_function_ex(CG(function_table), struc, fname, &retval_ptr, 0, 0, 1, NULL); if (res == SUCCESS) { if (retval_ptr && HASH_OF(retval_ptr)) { @@ -597,7 +597,7 @@ int php_var_unserialize(pval **rval, const char **p, const char *max, HashTable MAKE_STD_ZVAL(fname); ZVAL_STRING(fname,"__wakeup",1); - call_user_function_ex(CG(function_table), *rval, fname, &retval_ptr, 0, 0, 1, NULL); + call_user_function_ex(CG(function_table), rval, fname, &retval_ptr, 0, 0, 1, NULL); zval_dtor(fname); FREE_ZVAL(fname); diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c index f74e7c472c..ed838504a6 100644 --- a/ext/wddx/wddx.c +++ b/ext/wddx/wddx.c @@ -424,7 +424,7 @@ static void php_wddx_serialize_object(wddx_packet *packet, zval *obj) * We try to call __sleep() method on object. It's supposed to return an * array of property names to be serialized. */ - if (call_user_function_ex(CG(function_table), obj, fname, &retval, 0, 0, 1, NULL) == SUCCESS) { + if (call_user_function_ex(CG(function_table), &obj, fname, &retval, 0, 0, 1, NULL) == SUCCESS) { if (retval && HASH_OF(retval)) { PHP_CLASS_ATTRIBUTES; @@ -781,7 +781,7 @@ static void php_wddx_pop_element(void *user_data, const char *name) MAKE_STD_ZVAL(fname); ZVAL_STRING(fname, "__wakeup", 1); - call_user_function_ex(NULL, ent1->data, fname, &retval, 0, 0, 0, NULL); + call_user_function_ex(NULL, &ent1->data, fname, &retval, 0, 0, 0, NULL); zval_dtor(fname); FREE_ZVAL(fname); diff --git a/ext/xml/xml.c b/ext/xml/xml.c index b7f56199fa..afcf223644 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -358,7 +358,7 @@ xml_call_handler(xml_parser *parser, zval *handler, int argc, zval **argv) retval->type = IS_BOOL; retval->value.lval = 0; - result = call_user_function(EG(function_table), parser->object, handler, retval, argc, argv); + result = call_user_function(EG(function_table), &parser->object, handler, retval, argc, argv); if (result == FAILURE) { zval **method; |