From: Rob Richards Date: Thu, 28 Apr 2005 12:16:32 +0000 (+0000) Subject: - Fix bug #32245 (xml_parser_free() in function assigned to the xml parser X-Git-Tag: php-5.0.1b1~389 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1ed5c14fe29ec031332543c12ef19b7a1bd27f93;p=php - Fix bug #32245 (xml_parser_free() in function assigned to the xml parser gives a segfault) --- diff --git a/ext/xml/php_xml.h b/ext/xml/php_xml.h index 1864937b04..d8e71c18f0 100644 --- a/ext/xml/php_xml.h +++ b/ext/xml/php_xml.h @@ -90,6 +90,7 @@ typedef struct { char **ltags; int lastwasopen; int skipwhite; + int isparsing; XML_Char *baseURI; } xml_parser; diff --git a/ext/xml/xml.c b/ext/xml/xml.c index d77ebb1dda..b2d4beef2c 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -1076,6 +1076,8 @@ static void php_xml_parser_create_impl(INTERNAL_FUNCTION_PARAMETERS, int ns_supp parser->target_encoding = encoding; parser->case_folding = 1; parser->object = NULL; + parser->isparsing = 0; + XML_SetUserData(parser->parser, parser); ZEND_REGISTER_RESOURCE(return_value, parser,le_xml_parser); @@ -1334,7 +1336,9 @@ PHP_FUNCTION(xml_parse) isFinal = 0; } + parser->isparsing = 1; ret = XML_Parse(parser->parser, Z_STRVAL_PP(data), Z_STRLEN_PP(data), isFinal); + parser->isparsing = 0; RETVAL_LONG(ret); } @@ -1373,7 +1377,9 @@ PHP_FUNCTION(xml_parse_into_struct) XML_SetElementHandler(parser->parser, _xml_startElementHandler, _xml_endElementHandler); XML_SetCharacterDataHandler(parser->parser, _xml_characterDataHandler); + parser->isparsing = 1; ret = XML_Parse(parser->parser, Z_STRVAL_PP(data), Z_STRLEN_PP(data), 1); + parser->isparsing = 0; RETVAL_LONG(ret); } @@ -1474,6 +1480,11 @@ PHP_FUNCTION(xml_parser_free) ZEND_FETCH_RESOURCE(parser,xml_parser *, pind, -1, "XML Parser", le_xml_parser); + if (parser->isparsing == 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Parser cannot be freed while it is parsing."); + RETURN_FALSE; + } + if (zend_list_delete(parser->index) == FAILURE) { RETURN_FALSE; }