From: Sara Golemon Date: Fri, 16 Jul 2004 05:08:15 +0000 (+0000) Subject: Bugfix# 29114 Potential double free in php_stat X-Git-Tag: php-4.3.9RC1~37 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=184917eb1f90744f13ac93d86bcaa35098127830;p=php Bugfix# 29114 Potential double free in php_stat --- diff --git a/NEWS b/NEWS index fc8f5f9407..8298c2a979 100644 --- a/NEWS +++ b/NEWS @@ -6,7 +6,8 @@ PHP 4 NEWS for doing performance stats without warnings in server-log. (Uwe Schindler) - Fixed bug #29116 (Zend constant warning uses memory after free). (Marcus, jdolecek at NetBSD dot org) -- Fixed Bug #29075 (strnatcmp() incorrectly handles whitespace). (Curt, Ilia) +- Fixed bug #29114 (Potential double free in php_stat). (Sara) +- Fixed bug #29075 (strnatcmp() incorrectly handles whitespace). (Curt, Ilia) - Fixed bug #29049 (array sorting via user function/method does not validate it). (Ilia) - Fixed bug #29038 (extract() with EXTR_PREFIX_SAME prefixes empty strings). diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c index ea7b42a1e5..2b8a7c8267 100644 --- a/ext/standard/filestat.c +++ b/ext/standard/filestat.c @@ -613,8 +613,11 @@ static void php_stat(const char *filename, php_stat_len filename_length, int typ if (!IS_LINK_OPERATION(type) && (!IS_EXISTS_CHECK(type) || (errno != ENOENT && errno != ENOTDIR))) { /* fileexists() test must print no error */ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Stat failed for %s (errno=%d - %s)", BG(CurrentStatFile), errno, strerror(errno)); } - efree(BG(CurrentStatFile)); - BG(CurrentStatFile) = NULL; + /* This could be null if a failed stat leads to a user error handler which calls a failed stat */ + if (BG(CurrentStatFile)) { + efree(BG(CurrentStatFile)); + BG(CurrentStatFile) = NULL; + } #if HAVE_SYMLINK if (!IS_LINK_OPERATION(type)) /* Don't require success for link operation */ #endif