diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2018-11-15 17:13:12 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2018-11-15 17:16:39 +0100 |
commit | dee5a450d9b7f7b03f012dd1912cc0a3dcb0482c (patch) | |
tree | 2a0727b81684fe683fc9efe3b9a5b3df01840a72 | |
parent | 2a062f3c020e8cc53e49fa823021f3e8ce591cfe (diff) | |
download | php-git-dee5a450d9b7f7b03f012dd1912cc0a3dcb0482c.tar.gz |
Fixed bug #77165
Also add some helper macros for PROTECT/UNPROTECT that check for
IMMUTABLE. These checks are needed for nearly any use of
PROTECT/UNPROTECT.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | Zend/zend_types.h | 8 | ||||
-rw-r--r-- | ext/mbstring/mbstring.c | 8 | ||||
-rw-r--r-- | ext/mbstring/tests/bug77165.phpt | 11 |
4 files changed, 27 insertions, 4 deletions
@@ -6,6 +6,10 @@ PHP NEWS . Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR). (cmb) +- MBstring: + . Fixed bug #77165 (mb_check_encoding crashes when argument given an empty + array). (Nikita) + - SOAP: . Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb) diff --git a/Zend/zend_types.h b/Zend/zend_types.h index 5492f17c00..4250aabd1f 100644 --- a/Zend/zend_types.h +++ b/Zend/zend_types.h @@ -570,6 +570,14 @@ static zend_always_inline uint32_t zval_gc_info(uint32_t gc_type_info) { GC_DEL_FLAGS(p, GC_PROTECTED); \ } while (0) +#define GC_TRY_PROTECT_RECURSION(p) do { \ + if (!(GC_FLAGS(p) & GC_IMMUTABLE)) GC_PROTECT_RECURSION(p); \ + } while (0) + +#define GC_TRY_UNPROTECT_RECURSION(p) do { \ + if (!(GC_FLAGS(p) & GC_IMMUTABLE)) GC_UNPROTECT_RECURSION(p); \ + } while (0) + #define Z_IS_RECURSIVE(zval) GC_IS_RECURSIVE(Z_COUNTED(zval)) #define Z_PROTECT_RECURSION(zval) GC_PROTECT_RECURSION(Z_COUNTED(zval)) #define Z_UNPROTECT_RECURSION(zval) GC_UNPROTECT_RECURSION(Z_COUNTED(zval)) diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index 6554bd72bf..ae8c4bef7f 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -3125,7 +3125,7 @@ MBSTRING_API HashTable *php_mb_convert_encoding_recursive(HashTable *input, cons php_error_docref(NULL, E_WARNING, "Cannot convert recursively referenced values"); return NULL; } - GC_PROTECT_RECURSION(input); + GC_TRY_PROTECT_RECURSION(input); output = zend_new_array(zend_hash_num_elements(input)); ZEND_HASH_FOREACH_KEY_VAL(input, idx, key, entry) { /* convert key */ @@ -3170,7 +3170,7 @@ MBSTRING_API HashTable *php_mb_convert_encoding_recursive(HashTable *input, cons zend_hash_index_add(output, idx, &entry_tmp); } } ZEND_HASH_FOREACH_END(); - GC_UNPROTECT_RECURSION(input); + GC_TRY_UNPROTECT_RECURSION(input); return output; } @@ -4738,7 +4738,7 @@ MBSTRING_API int php_mb_check_encoding_recursive(HashTable *vars, const zend_str php_error_docref(NULL, E_WARNING, "Cannot not handle circular references"); return 0; } - GC_PROTECT_RECURSION(vars); + GC_TRY_PROTECT_RECURSION(vars); ZEND_HASH_FOREACH_KEY_VAL(vars, idx, key, entry) { ZVAL_DEREF(entry); if (key) { @@ -4772,7 +4772,7 @@ MBSTRING_API int php_mb_check_encoding_recursive(HashTable *vars, const zend_str break; } } ZEND_HASH_FOREACH_END(); - GC_UNPROTECT_RECURSION(vars); + GC_TRY_UNPROTECT_RECURSION(vars); mbfl_buffer_converter_delete(convd); return valid; } diff --git a/ext/mbstring/tests/bug77165.phpt b/ext/mbstring/tests/bug77165.phpt new file mode 100644 index 0000000000..69708f613a --- /dev/null +++ b/ext/mbstring/tests/bug77165.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #77165: mb_check_encoding crashes when argument given an empty array +--FILE-- +<?php +var_dump(mb_check_encoding(array())); +var_dump(mb_convert_encoding(array(), 'UTF-8')); +?> +--EXPECT-- +bool(true) +array(0) { +} |