Fix bug #72447: Type Confusion in php_bz2_filter_create()

diff --git a/ext/bz2/bz2_filter.c b/ext/bz2/bz2_filter.c
index 705ef9d114a64dd744211b068749bdc27b0f630b..38115a523c28d17abc83aa8b98debc3619cce188 100644 (file)
--- a/ext/bz2/bz2_filter.c
+++ b/ext/bz2/bz2_filter.c
@@ -396,7 +396,7 @@ static php_stream_filter *php_bz2_filter_create(const char *filtername, zval *fi
                                        zval_copy_ctor(&tmp);
                                        convert_to_long(&tmp);
                                        if (Z_LVAL(tmp) < 1 || Z_LVAL(tmp) > 9) {
-                                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter given for number of blocks to allocate. (%ld)", Z_LVAL_PP(tmpzval));
+                                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter given for number of blocks to allocate. (%ld)", Z_LVAL(tmp));
                                        } else {
                                                blockSize100k = Z_LVAL(tmp);
                                        }

diff --git a/ext/bz2/tests/bug72447.phpt b/ext/bz2/tests/bug72447.phpt
new file mode 100644 (file)
index 0000000..0df4cb1
--- /dev/null
+++ b/ext/bz2/tests/bug72447.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #72447: Type Confusion in php_bz2_filter_create()
+--SKIPIF--
+<?php if (!extension_loaded("bz2")) print "skip"; ?>
+--FILE--
+<?php
+$input = "AAAAAAAA";
+$param = array('blocks' => $input);
+
+$fp = fopen('testfile', 'w');
+stream_filter_append($fp, 'bzip2.compress', STREAM_FILTER_WRITE, $param);
+fclose($fp);
+?>
+--EXPECTF--
+Warning: stream_filter_append(): Invalid parameter given for number of blocks to allocate. (0) in %s/bug72447.php on line %d