Fix free of uninitialized memory in attributes

author Nikita Popov <nikita.ppv@gmail.com>

Sun, 7 Jun 2020 08:24:03 +0000 (10:24 +0200)

committer Nikita Popov <nikita.ppv@gmail.com>

Sun, 7 Jun 2020 08:27:15 +0000 (10:27 +0200)
author Nikita Popov <nikita.ppv@gmail.com>
Sun, 7 Jun 2020 08:24:03 +0000 (10:24 +0200)
committer Nikita Popov <nikita.ppv@gmail.com>
Sun, 7 Jun 2020 08:27:15 +0000 (10:27 +0200)
diff --git a/Zend/tests/attributes/018_fatal_error_in_argument.phpt b/Zend/tests/attributes/018_fatal_error_in_argument.phpt

new file mode 100644 (file)

index 0000000..a950c86
--- /dev/null
+++ b/Zend/tests/attributes/018_fatal_error_in_argument.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Don't free uninitialized memory if a fatal error occurs in an attribute argument
+--FILE--
+<?php
+
+<<Attr(a->b::c)>>
+function test() {}
+
+?>
+--EXPECTF--
+Fatal error: Dynamic class names are not allowed in compile-time class constant references in %s on line %d
diff --git a/Zend/zend_attributes.c b/Zend/zend_attributes.c

index b9bd467acf5461269bbe6cff2d2981f3e0d4061a..935f37e5b930feba91d8810ae88c0564d20ff350 100644 (file)
--- a/Zend/zend_attributes.c
+++ b/Zend/zend_attributes.c
@@ -113,6 +113,11 @@ ZEND_API zend_attribute *zend_add_attribute(HashTable **attributes, zend_bool pe
         attr->offset = offset;
         attr->argc = argc;
  
+       /* Initialize arguments to avoid partial initialization in case of fatal errors. */
+       for (uint32_t i = 0; i < argc; i++) {
+               ZVAL_UNDEF(&attr->argv[i]);
+       }
+
         zend_hash_next_index_insert_ptr(*attributes, attr);
  
         return attr;
author	Nikita Popov <nikita.ppv@gmail.com>
	Sun, 7 Jun 2020 08:24:03 +0000 (10:24 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Sun, 7 Jun 2020 08:27:15 +0000 (10:27 +0200)
Zend/tests/attributes/018_fatal_error_in_argument.phpt	[new file with mode: 0644]	patch \| blob
Zend/zend_attributes.c		patch \| blob \| history