diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2019-06-06 09:29:44 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-06-06 10:00:15 +0200 |
commit | 22a3fa0b2e31e33665765bde630bc6c6f0dd475b (patch) | |
tree | d25034282f986a5df33b88a9e0f910861f3dccf0 | |
parent | 249c20023d4446d81a2904dc5e8d3aa4a3a2d016 (diff) | |
download | php-git-22a3fa0b2e31e33665765bde630bc6c6f0dd475b.tar.gz |
Fix #78114: segfault when calling sodium_* functions from eval
We must not follow the NULL pointer.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/sodium/libsodium.c | 6 | ||||
-rw-r--r-- | ext/sodium/tests/bug78114.phpt | 16 |
3 files changed, 23 insertions, 2 deletions
@@ -34,6 +34,9 @@ PHP NEWS . Fixed bug #78038 (Socket_select fails when resource array contains references). (Nikita) +- Sodium: + . Fixed bug #78114 (segfault when calling sodium_* functions from eval). (cmb) + - Zip: . Fixed bug #76345 (zip.h not found). (Michael Maroszek) diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c index 50a91198b6..1ee09e0dd5 100644 --- a/ext/sodium/libsodium.c +++ b/ext/sodium/libsodium.c @@ -387,8 +387,10 @@ static void sodium_remove_param_values_from_backtrace(zend_object *obj) { ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(trace), frame) { if (Z_TYPE_P(frame) == IS_ARRAY) { zval *args = zend_hash_str_find(Z_ARRVAL_P(frame), "args", sizeof("args")-1); - zval_ptr_dtor(args); - ZVAL_EMPTY_ARRAY(args); + if (args) { + zval_ptr_dtor(args); + ZVAL_EMPTY_ARRAY(args); + } } } ZEND_HASH_FOREACH_END(); } diff --git a/ext/sodium/tests/bug78114.phpt b/ext/sodium/tests/bug78114.phpt new file mode 100644 index 0000000000..c697ea16f8 --- /dev/null +++ b/ext/sodium/tests/bug78114.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #78114 (segfault when calling sodium_* functions from eval) +--SKIPIF-- +<?php +if (!extension_loaded('sodium')) die('skip sodium extension not available'); +?> +--FILE-- +<?php +try { + eval('sodium_bin2hex();'); +} catch (Throwable $ex) { + echo $ex->getMessage(), PHP_EOL; +} +?> +--EXPECT-- +sodium_bin2hex() expects exactly 1 parameter, 0 given |