. Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
password_verify). (Anatol)
. Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
+ . Fixed bug #69579 (Invalid free in extension trait). (John Boehr)
- COM:
. Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol)
--- /dev/null
+--TEST--
+Bug #69579 (Internal trait double-free)
+--SKIPIF--
+<?php
+if (!PHP_DEBUG) die("skip only run in debug version");
+?>
+--FILE--
+<?php
+
+class Bar{
+ use _ZendTestTrait;
+}
+
+$bar = new Bar();
+var_dump($bar->testMethod());
+// destruction causes a double-free and explodes
+
+?>
+--EXPECT--
+bool(true)
#undef ZEND_TEST_EXCEPTIONS
+#if ZEND_DEBUG
+static zend_class_entry *zend_test_trait;
+#endif
+
static ZEND_FUNCTION(zend_version);
static ZEND_FUNCTION(func_num_args);
static ZEND_FUNCTION(func_get_arg);
/* }}} */
+#if ZEND_DEBUG
+static ZEND_METHOD(_ZendTestTrait, testMethod) /* {{{ */ {
+ RETURN_TRUE;
+}
+/* }}} */
+
+static zend_function_entry zend_test_trait_methods[] = {
+ ZEND_ME(_ZendTestTrait, testMethod, arginfo_zend__void, ZEND_ACC_PUBLIC)
+ ZEND_FE_END
+};
+#endif
+
static const zend_function_entry builtin_functions[] = { /* {{{ */
ZEND_FE(zend_version, arginfo_zend__void)
ZEND_FE(func_num_args, arginfo_zend__void)
zend_register_default_classes();
+#if ZEND_DEBUG
+ INIT_CLASS_ENTRY(class_entry, "_ZendTestTrait", zend_test_trait_methods);
+ zend_test_trait = zend_register_internal_class(&class_entry);
+ zend_test_trait->ce_flags |= ZEND_ACC_TRAIT;
+ zend_declare_property_null(zend_test_trait, "testProp", sizeof("testProp")-1, ZEND_ACC_PUBLIC);
+#endif
+
return SUCCESS;
}
/* }}} */
function_add_ref(fn);
new_fn = zend_arena_alloc(&CG(arena), sizeof(zend_op_array));
memcpy(new_fn, fn, sizeof(zend_op_array));
+ new_fn->common.fn_flags |= ZEND_ACC_ARENA_ALLOCATED;
fn = zend_hash_update_ptr(&ce->function_table, key, new_fn);
zend_add_magic_methods(ce, key, fn);
}
projects / php / commitdiff