diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2020-02-17 12:54:11 +0300 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2020-02-17 12:54:11 +0300 |
| commit | 53fc8ef41d89e99a8c8fc40a3b0deb501e915141 (patch) | |
| tree | 2f8f59f657c50d9a6b035cfa63e2593dca496a9c /ext/ffi/ffi.c | |
| parent | cf8407a2380ae827a0e9a63993d59b1927769eb7 (diff) | |
| parent | 54ecf57fe290f69a2112d4c2ea3a1e99208e2797 (diff) | |
| download | php-git-53fc8ef41d89e99a8c8fc40a3b0deb501e915141.tar.gz | |
Merge branch 'PHP-7.4'
* PHP-7.4:
Disable instantiation of zero size FFI\CData objects
Fix # 79171: heap-buffer-overflow in phar_extract_file
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
Diffstat (limited to 'ext/ffi/ffi.c')
| -rw-r--r-- | ext/ffi/ffi.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c index 482d7c1a61..0696512342 100644 --- a/ext/ffi/ffi.c +++ b/ext/ffi/ffi.c @@ -3657,6 +3657,12 @@ ZEND_METHOD(FFI, new) /* {{{ */ } } + if (type->size == 0) { + zend_throw_error(zend_ffi_exception_ce, "Cannot instantiate FFI\\CData of zero size"); + zend_ffi_type_dtor(type_ptr); + return; + } + ptr = pemalloc(type->size, flags & ZEND_FFI_FLAG_PERSISTENT); memset(ptr, 0, type->size); |