. Fixed bug #79000 (Non-blocking socket stream reports EAGAIN as error).
(Nikita)
+- Libxml:
+ . Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). (Laruence)
+
18 Dec 2019, PHP 7.4.1
- Core:
context = php_stream_context_from_zval(Z_ISUNDEF(LIBXML(stream_context))? NULL : &LIBXML(stream_context), 0);
ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, REPORT_ERRORS, NULL, context);
+ if (ret_val) {
+ /* Prevent from closing this by fclose() */
+ ((php_stream*)ret_val)->flags |= PHP_STREAM_FLAG_NO_FCLOSE;
+ }
if (isescaped) {
xmlFree(resolved_path);
}
--- /dev/null
+--TEST--
+#79029 (Use After Free's in XMLReader / XMLWriter)
+--SKIPIF--
+<?php if (!extension_loaded("xmlwriter")) print "skip"; ?>
+--FILE--
+<?php
+$x = array( new XMLWriter() );
+$x[0]->openUri("bug79029.txt");
+$x[0]->startComment();
+@unlink("bug79029.txt");
+
+$x = new XMLWriter();
+$x->openUri("bug79029.txt");
+fclose(@end(get_resources()));
+@unlink("bug79029.txt");
+
+file_put_contents("bug79029.txt", "a");
+$x = new XMLReader();
+$x->open("bug79029.txt");
+fclose(@end(get_resources()));
+@unlink("bug79029.txt");
+?>
+okey
+--CLEAN--
+<?php
+@unlink("bug79029.txt");
+?>
+--EXPECTF--
+Warning: fclose(): %d is not a valid stream resource in %sbug79029.php on line %d
+
+Warning: fclose(): %d is not a valid stream resource in %sbug79029.php on line %d
+okey
+++ /dev/null
---TEST--
-#79029 (Use After Free's in XMLReader / XMLWriter)
---SKIPIF--
-<?php if (!extension_loaded("xmlwriter")) print "skip"; ?>
---FILE--
-<?php
-$x = array( new XMLWriter() );
-$x[0]->openUri("a");
-$x[0]->startComment();
-?>
-okey
---EXPECT--
-okey
projects / php / commitdiff