Fixed bug #60167 (Crash / memory corruption in ext/com_dotnet) (Timm Friebe).

diff --git a/ext/com_dotnet/com_handlers.c b/ext/com_dotnet/com_handlers.c
index 65de3fe651db81d3dd55287ad6d1f7eb67ed44f8..bfff3f60ccb2e114d1124b479833ace5017a49ff 100644 (file)
--- a/ext/com_dotnet/com_handlers.c
+++ b/ext/com_dotnet/com_handlers.c
@@ -246,7 +246,7 @@ static void function_dtor(void *pDest)
 {
        zend_internal_function *f = (zend_internal_function*)pDest;
 
-       efree(f->function_name);
+       efree((char*)f->function_name);
        if (f->arg_info) {
                efree(f->arg_info);
        }
@@ -283,7 +283,7 @@ static union _zend_function *com_method_get(zval **object_ptr, char *name, int l
                f.num_args = 0;
                f.arg_info = NULL;
                f.scope = obj->ce;
-               f.fn_flags = 0;
+               f.fn_flags = ZEND_ACC_CALL_VIA_HANDLER;
                f.function_name = estrndup(name, len);
                f.handler = PHP_FN(com_method_handler);
 
@@ -364,7 +364,7 @@ static union _zend_function *com_method_get(zval **object_ptr, char *name, int l
        return NULL;
 }
 
-static int com_call_method(char *method, INTERNAL_FUNCTION_PARAMETERS)
+static int com_call_method(const char *method, INTERNAL_FUNCTION_PARAMETERS)
 {
        zval ***args = NULL;
        php_com_dotnet_object *obj;
@@ -387,7 +387,7 @@ static int com_call_method(char *method, INTERNAL_FUNCTION_PARAMETERS)
 
        VariantInit(&v);
 
-       if (SUCCESS == php_com_do_invoke_byref(obj, method, -1, DISPATCH_METHOD|DISPATCH_PROPERTYGET, &v, nargs, args TSRMLS_CC)) {
+       if (SUCCESS == php_com_do_invoke_byref(obj, (char*)method, -1, DISPATCH_METHOD|DISPATCH_PROPERTYGET, &v, nargs, args TSRMLS_CC)) {
                php_com_zval_from_variant(return_value, &v, obj->code_page TSRMLS_CC);
                ret = SUCCESS;
                VariantClear(&v);
@@ -442,7 +442,7 @@ static zend_class_entry *com_class_entry_get(const zval *object TSRMLS_DC)
        return obj->ce;
 }
 
-static int com_class_name_get(const zval *object, char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC)
+static int com_class_name_get(const zval *object, const char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC)
 {
        php_com_dotnet_object *obj;
        obj = CDNO_FETCH(object);
@@ -580,7 +580,10 @@ zend_object_handlers php_com_object_handlers = {
        com_class_name_get,
        com_objects_compare,
        com_object_cast,
-       com_object_count
+       com_object_count,
+       NULL,                                                                   /* get_debug_info */
+       NULL,                                                                   /* get_closure */
+       NULL,                                                                   /* get_gc */
 };
 
 void php_com_object_enable_event_sink(php_com_dotnet_object *obj, int enable TSRMLS_DC)

diff --git a/ext/com_dotnet/com_saproxy.c b/ext/com_dotnet/com_saproxy.c
index b4759fb542bb2f395542e41db4724ce6bf496cad..77a104ac478f1a7d2a2072fcb4958ea1662a7a27 100644 (file)
--- a/ext/com_dotnet/com_saproxy.c
+++ b/ext/com_dotnet/com_saproxy.c
@@ -321,13 +321,13 @@ static HashTable *saproxy_properties_get(zval *object TSRMLS_DC)
        return NULL;
 }
 
-static union _zend_function *saproxy_method_get(zval **object, char *name, int len, const zend_literal *key TSRMLS_DC)
+static union _zend_function *saproxy_method_get(zval **object, const char *name, int len, const zend_literal *key TSRMLS_DC)
 {
        /* no methods */
        return NULL;
 }
 
-static int saproxy_call_method(char *method, INTERNAL_FUNCTION_PARAMETERS)
+static int saproxy_call_method(const char *method, INTERNAL_FUNCTION_PARAMETERS)
 {
        return FAILURE;
 }
@@ -343,7 +343,7 @@ static zend_class_entry *saproxy_class_entry_get(const zval *object TSRMLS_DC)
        return php_com_saproxy_class_entry;
 }
 
-static int saproxy_class_name_get(const zval *object, char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC)
+static int saproxy_class_name_get(const zval *object, const char **class_name, zend_uint *class_name_len, int parent TSRMLS_DC)
 {
        *class_name = estrndup(php_com_saproxy_class_entry->name, php_com_saproxy_class_entry->name_length);
        *class_name_len = php_com_saproxy_class_entry->name_length;