- Added ZEND_FETCH_RESOURCE2_NO_RETURN() (a version of ZEND_FETCH_RESOURCE2 but witho...

- Fixed bug #46543 (ibase_trans() memory leaks when using wrong parameters)

diff --git a/Zend/zend_list.h b/Zend/zend_list.h
index 95da520aea0c4824c9e8287e176abf84394e9203..fcdef95d5488b56d52686d231d580f386d37e5f6 100644 (file)
--- a/Zend/zend_list.h
+++ b/Zend/zend_list.h
@@ -99,6 +99,9 @@ extern ZEND_API int le_index_ptr;  /* list entry type for index pointers */
 #define ZEND_FETCH_RESOURCE2(rsrc, rsrc_type, passed_id, default_id, resource_type_name, resource_type1, resource_type2)       \
        rsrc = (rsrc_type) zend_fetch_resource(passed_id TSRMLS_CC, default_id, resource_type_name, NULL, 2, resource_type1, resource_type2);   \
        ZEND_VERIFY_RESOURCE(rsrc);
+       
+#define ZEND_FETCH_RESOURCE2_NO_RETURN(rsrc, rsrc_type, passed_id, default_id, resource_type_name, resource_type1, resource_type2)     \
+       (rsrc = (rsrc_type) zend_fetch_resource(passed_id TSRMLS_CC, default_id, resource_type_name, NULL, 2, resource_type1, resource_type2))
 
 #define ZEND_REGISTER_RESOURCE(rsrc_result, rsrc_pointer, rsrc_type)  \
     zend_register_resource(rsrc_result, rsrc_pointer, rsrc_type);

diff --git a/ext/interbase/interbase.c b/ext/interbase/interbase.c
index 1382c306ff8c8212a29f84d7e9fcb9328a7c91c9..ba717eb51474c195b3a86894a1aad916b8e1e75e 100644 (file)
--- a/ext/interbase/interbase.c
+++ b/ext/interbase/interbase.c
@@ -1214,8 +1214,13 @@ PHP_FUNCTION(ibase_trans)
                        
                        if (Z_TYPE_PP(args[i]) == IS_RESOURCE) {
                                
-                               ZEND_FETCH_RESOURCE2(ib_link[link_cnt], ibase_db_link *, args[i], -1, 
-                                       LE_LINK, le_link, le_plink);
+                               if (!ZEND_FETCH_RESOURCE2_NO_RETURN(ib_link[link_cnt], ibase_db_link *, args[i], -1, LE_LINK, le_link, le_plink)) {
+                                       efree(teb);
+                                       efree(tpb);
+                                       efree(ib_link);
+                                       efree(args);
+                                       RETURN_FALSE;
+                               }
        
                                /* copy the most recent modifier string into tbp[] */
                                memcpy(&tpb[TPB_MAX_SIZE * link_cnt], last_tpb, TPB_MAX_SIZE);
@@ -1279,8 +1284,10 @@ PHP_FUNCTION(ibase_trans)
 
        if (link_cnt == 0) {
                link_cnt = 1;
-               ZEND_FETCH_RESOURCE2(ib_link[0], ibase_db_link *, NULL, IBG(default_link), LE_LINK, 
-                       le_link, le_plink);
+               if (!ZEND_FETCH_RESOURCE2_NO_RETURN(ib_link[0], ibase_db_link *, NULL, IBG(default_link), LE_LINK, le_link, le_plink)) {
+                       efree(ib_link);
+                       RETURN_FALSE;
+               }
                result = isc_start_transaction(IB_STATUS, &tr_handle, 1, &ib_link[0]->handle, tpb_len, last_tpb);
        }
        

diff --git a/ext/interbase/tests/bug46543.phpt b/ext/interbase/tests/bug46543.phpt
new file mode 100644 (file)
index 0000000..59e088c
--- /dev/null
+++ b/ext/interbase/tests/bug46543.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #46543 (ibase_trans() memory leaks when using wrong parameters)
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+require("interbase.inc");
+
+@ibase_close();
+
+ibase_trans(1);
+ibase_trans();
+ibase_trans('foo');
+ibase_trans(fopen(__FILE__, 'r'));
+
+$x = ibase_connect($test_base);
+ibase_trans(1, 2, $x, $x, 3);
+
+?>
+--EXPECTF--
+Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d
+
+Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d
+
+Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d
+
+Warning: ibase_trans(): supplied resource is not a valid Firebird/InterBase link resource in %s on line %d