]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 249c200)
Fix #78114: segfault when calling sodium_* functions from eval
authorChristoph M. Becker <cmbecker69@gmx.de>
Thu, 6 Jun 2019 07:29:44 +0000 (09:29 +0200)
committerChristoph M. Becker <cmbecker69@gmx.de>
Thu, 6 Jun 2019 08:00:15 +0000 (10:00 +0200)
We must not follow the NULL pointer.

NEWS patch | blob | history
ext/sodium/libsodium.c patch | blob | history
ext/sodium/tests/bug78114.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 65a2d67e73c220fef77ec216ae925e4856c526fa..107b73f73e698eb5ce54f8548befe43e2b2b6fd9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -34,6 +34,9 @@ PHP                                                                        NEWS
   . Fixed bug #78038 (Socket_select fails when resource array contains
     references). (Nikita)
 
+- Sodium:
+  . Fixed bug #78114 (segfault when calling sodium_* functions from eval). (cmb)
+
 - Zip:
   . Fixed bug #76345 (zip.h not found). (Michael Maroszek)
 
diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
index 50a91198b61f2a2eb51960d8d5f6c87eaed5b769..1ee09e0dd59f30151b07c9d620448564a3a041f4 100644 (file)
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -387,8 +387,10 @@ static void sodium_remove_param_values_from_backtrace(zend_object *obj) {
                ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(trace), frame) {
                        if (Z_TYPE_P(frame) == IS_ARRAY) {
                                zval *args = zend_hash_str_find(Z_ARRVAL_P(frame), "args", sizeof("args")-1);
-                               zval_ptr_dtor(args);
-                               ZVAL_EMPTY_ARRAY(args);
+                               if (args) {
+                                       zval_ptr_dtor(args);
+                                       ZVAL_EMPTY_ARRAY(args);
+                               }
                        }
                } ZEND_HASH_FOREACH_END();
        }
diff --git a/ext/sodium/tests/bug78114.phpt b/ext/sodium/tests/bug78114.phpt
new file mode 100644 (file)
index 0000000..c697ea1
--- /dev/null
+++ b/ext/sodium/tests/bug78114.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #78114 (segfault when calling sodium_* functions from eval)
+--SKIPIF--
+<?php
+if (!extension_loaded('sodium')) die('skip sodium extension not available');
+?>
+--FILE--
+<?php
+try {
+    eval('sodium_bin2hex();');
+} catch (Throwable $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+sodium_bin2hex() expects exactly 1 parameter, 0 given
Unnamed repository; edit this file 'description' to name the repository.