|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.0.0rc2
+- Curl:
+ . Fixed bug #80121 (Null pointer deref if CurlHandle directly instantiated).
+ (Nikita)
+
- SPL.
. Fixed bug #65387 (Circular references in SPL iterators are not garbage
collected). (Nikita)
fprintf(stderr, "DTOR CALLED, ch = %x\n", ch);
#endif
+ if (!ch->cp) {
+ /* Can happen if constructor throws. */
+ zend_object_std_dtor(&ch->std);
+ return;
+ }
+
_php_curl_verify_handlers(ch, 0);
/*
*
* Libcurl commit d021f2e8a00 fix this issue and should be part of 7.28.2
*/
- if (ch->cp != NULL) {
- curl_easy_setopt(ch->cp, CURLOPT_HEADERFUNCTION, curl_write_nothing);
- curl_easy_setopt(ch->cp, CURLOPT_WRITEFUNCTION, curl_write_nothing);
+ curl_easy_setopt(ch->cp, CURLOPT_HEADERFUNCTION, curl_write_nothing);
+ curl_easy_setopt(ch->cp, CURLOPT_WRITEFUNCTION, curl_write_nothing);
- curl_easy_cleanup(ch->cp);
- }
+ curl_easy_cleanup(ch->cp);
/* cURL destructors should be invoked only by last curl handle */
if (--(*ch->clone) == 0) {
php_curl *ch;
zval *pz_ch;
+ if (!mh->multi) {
+ /* Can happen if constructor throws. */
+ zend_object_std_dtor(&mh->std);
+ return;
+ }
+
for (pz_ch = (zval *)zend_llist_get_first_ex(&mh->easyh, &pos); pz_ch;
pz_ch = (zval *)zend_llist_get_next_ex(&mh->easyh, &pos)) {
if (!(OBJ_FLAGS(Z_OBJ_P(pz_ch)) & IS_OBJ_FREE_CALLED)) {
--- /dev/null
+--TEST--
+Bug #80121: Null pointer deref if CurlHandle directly instantiated
+--FILE--
+<?php
+
+try {
+ new CurlHandle;
+} catch (Error $e) {
+ echo $e->getMessage(), "\n";
+}
+try {
+ new CurlMultiHandle;
+} catch (Error $e) {
+ echo $e->getMessage(), "\n";
+}
+try {
+ new CurlShareHandle;
+} catch (Error $e) {
+ echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+Cannot directly construct CurlHandle, use curl_init() instead
+Cannot directly construct CurlMultiHandle, use curl_multi_init() instead
+Cannot directly construct CurlShareHandle, use curl_share_init() instead
projects / php / commitdiff