From 8bee0fbd37c8eee0a17abe4a0afd69ad9ac7105a Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sat, 10 Oct 2020 14:09:07 +0200 Subject: Fix #80213: imap_mail_compose() segfaults on certain $bodies We have to cater to non-associative arrays where the key may be `NULL`; we just skip these elements. Closes GH-6315. --- ext/imap/php_imap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ext/imap/php_imap.c') diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 5511b2c1c4..8e0cea4ef7 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -3645,6 +3645,7 @@ PHP_FUNCTION(imap_mail_compose) if(Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); @@ -3677,6 +3678,7 @@ PHP_FUNCTION(imap_mail_compose) if (Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); @@ -3745,6 +3747,7 @@ PHP_FUNCTION(imap_mail_compose) if (Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); @@ -3777,6 +3780,7 @@ PHP_FUNCTION(imap_mail_compose) if (Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); -- cgit v1.2.1