From: Dmitry Stogov Date: Thu, 9 Jun 2005 10:14:51 +0000 (+0000) Subject: Fixed bug #25922 (In error handler, modifying 5th arg (errcontext) may result in... X-Git-Tag: php-5.0.5RC1~172 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3c6eac005e7cf95ad0e794c808e4334a4ad3ed45;p=php Fixed bug #25922 (In error handler, modifying 5th arg (errcontext) may result in seg fault) --- diff --git a/NEWS b/NEWS index 7a5ebc3b0e..7f6112bb86 100644 --- a/NEWS +++ b/NEWS @@ -167,6 +167,8 @@ PHP NEWS (Dmitry) - Fixed bug #26456 (Wrong results from Reflection-API getDocComment() when called via STDIN). (Dmitry) +- Fixed bug #25922 (In error handler, modifying 5th arg (errcontext) may result + in seg fault). (Dmitry) - Fixed bug #22836 (returning reference to uninitialized variable). (Dmitry) 31 Mar 2005, PHP 5.0.4 diff --git a/Zend/zend.c b/Zend/zend.c index 19373a708b..7e173cd2b9 100644 --- a/Zend/zend.c +++ b/Zend/zend.c @@ -981,6 +981,9 @@ ZEND_API void zend_error(int type, const char *format, ...) EG(user_error_handler) = NULL; if (call_user_function_ex(CG(function_table), NULL, orig_user_error_handler, &retval, 5, params, 1, NULL TSRMLS_CC)==SUCCESS) { + if (Z_TYPE_P(z_context) != IS_ARRAY || z_context->value.ht != EG(active_symbol_table)) { + zend_error(E_ERROR, "User error handler must not modify error context"); + } if (retval) { if (Z_TYPE_P(retval) == IS_BOOL && Z_LVAL_P(retval) == 0) { zend_error_cb(type, error_filename, error_lineno, format, args); diff --git a/tests/lang/bug25922.phpt b/tests/lang/bug25922.phpt index 0588eef949..1191472f29 100755 --- a/tests/lang/bug25922.phpt +++ b/tests/lang/bug25922.phpt @@ -17,5 +17,5 @@ function test() } test(); ?> ---EXPECT-- -Undefined index here: '' +--EXPECTF-- +Fatal error: User error handler must not modify error context in %sbug25922.php on line 11