`write_dimension` object handlers have to be able to handle `NULL`
`offset`s; for now we simply throw an exception instead of following
the `NULL` pointer.
. Fixed bug #78656 (Parse errors classified as highest log-level). (Erik
Lundin)
+- COM:
+ . Fixed bug #78694 (Appending to a variant array causes segfault). (cmb)
+
- Date:
. Fixed bug #70153 (\DateInterval incorrectly unserialized). (Maksim Iakunin)
obj = CDNO_FETCH(object);
+ if (offset == NULL) {
+ php_com_throw_exception(DISP_E_BADINDEX, "appending to variants is not supported");
+ return;
+ }
+
if (V_VT(&obj->v) == VT_DISPATCH) {
ZVAL_COPY_VALUE(&args[0], offset);
ZVAL_COPY_VALUE(&args[1], value);
--- /dev/null
+--TEST--
+Bug #78694 (Appending to a variant array causes segfault)
+--SKIPIF--
+<?php
+if (!extension_loaded('com_dotnet')) die('skip com_dotnet extension not available');
+?>
+--FILE--
+<?php
+foreach ([new com('WScript.Shell'), new variant([])] as $var) {
+ try {
+ $var[] = 42;
+ } catch (com_exception $ex) {
+ var_dump($ex->getMessage());
+ }
+}
+?>
+--EXPECT--
+string(38) "appending to variants is not supported"
+string(38) "appending to variants is not supported"
projects / php / commitdiff