]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b16fdeb)
Fix uninitalized variables reads. See CWE-457 for more info.
authorJoshua Rogers <git@internot.info>
Tue, 20 Jan 2015 19:14:56 +0000 (06:14 +1100)
committerJoshua Rogers <git@internot.info>
Tue, 20 Jan 2015 19:52:19 +0000 (06:52 +1100)
ext/mbstring/mbstring.c patch | blob | history
ext/reflection/php_reflection.c patch | blob | history
main/main.c patch | blob | history

diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index 7f2209fb12fd3be10532217f371d3fa501fe3534..504a5e697f85e9bd624b4fb0ac123b56eda3914d 100644 (file)
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -3891,7 +3891,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t
        int state = 0;
        int crlf_state = -1;
        char *token = NULL;
-       size_t token_pos;
+       size_t token_pos = 0;
        zend_string *fld_name, *fld_val;
 
        ps = str;
@@ -3917,7 +3917,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t
                                }
 
                                if (state == 0 || state == 1) {
-                                       if(token) {
+                                       if(token && token_pos > 0) {
                                                fld_name = zend_string_init(token, token_pos, 0);
                                        }
                                        state = 2;
@@ -3983,7 +3983,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t
 
                                        case 3:
                                                if (crlf_state == -1) {
-                                                       if(token) {
+                                                       if(token && token_pos > 0) {
                                                                fld_val = zend_string_init(token, token_pos, 0);
                                                        }
 
@@ -4032,7 +4032,7 @@ out:
                state = 3;
        }
        if (state == 3) {
-               if(token) {
+               if(token && token_pos > 0) {
                        fld_val = zend_string_init(token, token_pos, 0);
                }
                if (fld_name != NULL && fld_val != NULL) {
diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c
index 3f5c7a90628ebda4b8e2ca8cf6cbf1be6e4d7b35..1f5085cbf052a053ee9f0b6854a7dec621f7eb3a 100644 (file)
--- a/ext/reflection/php_reflection.c
+++ b/ext/reflection/php_reflection.c
@@ -3978,6 +3978,7 @@ static int _adddynproperty(zval *ptr, int num_args, va_list args, zend_hash_key
        if (zend_get_property_info(ce, hash_key->key, 1) == NULL) {
                zend_property_info property_info;
 
+               property_info.doc_comment = NULL;
                property_info.flags = ZEND_ACC_IMPLICIT_PUBLIC;
                property_info.name = hash_key->key;
                property_info.ce = ce;
diff --git a/main/main.c b/main/main.c
index 3aef805580045dc9ed5b14061ff17ae162196487..50d0161b4cb68956d8b5862d71934098635ad32f 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -2255,6 +2255,7 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod
 
        zuv.html_errors = 1;
        zuv.import_use_extension = ".php";
+       zuv.import_use_extension_length = (uint)strlen(zuv.import_use_extension);
        php_startup_auto_globals();
        zend_set_utility_values(&zuv);
        php_startup_sapi_content_types();
Unnamed repository; edit this file 'description' to name the repository.