From: Gustavo André dos Santos Lopes Date: Fri, 24 Feb 2012 10:01:39 +0000 (+0000) Subject: - Fixed bug #61173 (Unable to detect error from finfo constructor). X-Git-Tag: PHP-5.4.1-RC1~26^2~64 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=48666d9ffc064a16e0ec2f30a87ea518d93b2809;p=php - Fixed bug #61173 (Unable to detect error from finfo constructor). - Tidied up NEWS --- diff --git a/NEWS b/NEWS index 097de8147a..f7d30d696e 100644 --- a/NEWS +++ b/NEWS @@ -1,22 +1,16 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2012, PHP 5.3.11 + - Core: . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+). (Etienne) - -- Session: - . Fixed bug #60860 (session.save_handler=user without defined function core - dumps). (Felipe) - -- Tidy: - . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) - -- Core: . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) - . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). - (Laruence) + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). + (Laruence) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical + vars). (Laruence) . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) . Fixed bug #60825 (Segfault when running symfony 2 tests). @@ -25,18 +19,12 @@ PHP NEWS (rui, Gustavo) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) +- Fileinfo + . Fixed bug #61173 (Unable to detect error from finfo constructor). (Gustavo) + - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). -- Streams: - . Fixed bug #61115 (stream related segfault on fatal error in - php_stream_context_link). (Gustavo) - . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected - together with the last read). (Gustavo) - . Fixed bug #60817 (stream_get_line() reads from stream even when there is - already sufficient data buffered). stream_get_line() now behaves more like - fgets(), as is documented. (Gustavo) - - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) @@ -53,9 +41,21 @@ PHP NEWS . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) -- Array: - . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). - (Laruence) +- Session: + . Fixed bug #60860 (session.save_handler=user without defined function core + dumps). (Felipe) + +- Streams: + . Fixed bug #61115 (stream related segfault on fatal error in + php_stream_context_link). (Gustavo) + . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not + detected together with the last read). (Gustavo) + . Fixed bug #60817 (stream_get_line() reads from stream even when there is + already sufficient data buffered). stream_get_line() now behaves more like + fgets(), as is documented. (Gustavo) + +- Tidy: + . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) - XMLRPC: . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index 8481cc6208..caab03bac3 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -76,9 +76,9 @@ struct finfo_object { } \ } -/* {{{ finfo_objects_dtor +/* {{{ finfo_objects_free */ -static void finfo_objects_dtor(void *object, zend_object_handle handle TSRMLS_DC) +static void finfo_objects_free(void *object TSRMLS_DC) { struct finfo_object *intern = (struct finfo_object *) object; @@ -108,7 +108,8 @@ PHP_FILEINFO_API zend_object_value finfo_objects_new(zend_class_entry *class_typ intern->ptr = NULL; - retval.handle = zend_objects_store_put(intern, finfo_objects_dtor, NULL, NULL TSRMLS_CC); + retval.handle = zend_objects_store_put(intern, NULL, + finfo_objects_free, NULL TSRMLS_CC); retval.handlers = (zend_object_handlers *) &finfo_object_handlers; return retval; @@ -276,6 +277,15 @@ PHP_MINFO_FUNCTION(fileinfo) } /* }}} */ +#define FILEINFO_DESTROY_OBJECT(object) \ + do { \ + if (object) { \ + zend_object_store_ctor_failed(object TSRMLS_CC); \ + zval_dtor(object); \ + ZVAL_NULL(object); \ + } \ + } while (0) + /* {{{ proto resource finfo_open([int options [, string arg]]) Create a new fileinfo resource. */ PHP_FUNCTION(finfo_open) @@ -288,6 +298,7 @@ PHP_FUNCTION(finfo_open) char resolved_path[MAXPATHLEN]; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|ls", &options, &file, &file_len) == FAILURE) { + FILEINFO_DESTROY_OBJECT(object); RETURN_FALSE; } @@ -305,9 +316,11 @@ PHP_FUNCTION(finfo_open) file = NULL; } else if (file && *file) { /* user specified file, perform open_basedir checks */ if (strlen(file) != file_len) { + FILEINFO_DESTROY_OBJECT(object); RETURN_FALSE; } if (!VCWD_REALPATH(file, resolved_path)) { + FILEINFO_DESTROY_OBJECT(object); RETURN_FALSE; } file = resolved_path; @@ -317,6 +330,7 @@ PHP_FUNCTION(finfo_open) #else if (php_check_open_basedir(file TSRMLS_CC)) { #endif + FILEINFO_DESTROY_OBJECT(object); RETURN_FALSE; } } @@ -329,21 +343,23 @@ PHP_FUNCTION(finfo_open) if (finfo->magic == NULL) { efree(finfo); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid mode '%ld'.", options); - RETURN_FALSE; + FILEINFO_DESTROY_OBJECT(object); + RETURN_FALSE; } if (magic_load(finfo->magic, file) == -1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to load magic database at '%s'.", file); magic_close(finfo->magic); efree(finfo); + FILEINFO_DESTROY_OBJECT(object); RETURN_FALSE; - } + } if (object) { FILEINFO_REGISTER_OBJECT(object, finfo); } else { ZEND_REGISTER_RESOURCE(return_value, finfo, le_fileinfo); - } + } } /* }}} */ diff --git a/ext/fileinfo/tests/bug61173.phpt b/ext/fileinfo/tests/bug61173.phpt new file mode 100644 index 0000000000..521176fe76 --- /dev/null +++ b/ext/fileinfo/tests/bug61173.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #61173: Unable to detect error from finfo constructor +--SKIPIF-- +