From: Felipe Pena <felipe@php.net>
Date: Tue, 11 Nov 2008 13:29:50 +0000 (+0000)
Subject: MFH:
X-Git-Tag: php-5.2.7RC4~36
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ea7005806707cb9c615decacf6f8fb79e4476985;p=php

MFH:
- Added ZEND_FETCH_RESOURCE2_NO_RETURN() (a version of ZEND_FETCH_RESOURCE2 but without the ZEND_VERIFY_RESOURCE() which contains RETURN_FALSE)
- Fixed bug #46543 (ibase_trans() memory leaks when using wrong parameters)
---

diff --git a/Zend/zend_list.h b/Zend/zend_list.h
index ffd54cb14d..503f13c53c 100644
--- a/Zend/zend_list.h
+++ b/Zend/zend_list.h
@@ -99,6 +99,9 @@ extern ZEND_API int le_index_ptr;  /* list entry type for index pointers */
 #define ZEND_FETCH_RESOURCE2(rsrc, rsrc_type, passed_id, default_id, resource_type_name, resource_type1, resource_type2)	\
 	rsrc = (rsrc_type) zend_fetch_resource(passed_id TSRMLS_CC, default_id, resource_type_name, NULL, 2, resource_type1, resource_type2);	\
 	ZEND_VERIFY_RESOURCE(rsrc);
+	
+#define ZEND_FETCH_RESOURCE2_NO_RETURN(rsrc, rsrc_type, passed_id, default_id, resource_type_name, resource_type1, resource_type2)	\
+	(rsrc = (rsrc_type) zend_fetch_resource(passed_id TSRMLS_CC, default_id, resource_type_name, NULL, 2, resource_type1, resource_type2))
 
 #define ZEND_REGISTER_RESOURCE(rsrc_result, rsrc_pointer, rsrc_type)  \
     zend_register_resource(rsrc_result, rsrc_pointer, rsrc_type);
diff --git a/ext/interbase/interbase.c b/ext/interbase/interbase.c
index ff2f9f42d4..acc060415c 100644
--- a/ext/interbase/interbase.c
+++ b/ext/interbase/interbase.c
@@ -894,8 +894,13 @@ PHP_FUNCTION(ibase_trans)
 			
 			if (Z_TYPE_PP(args[i]) == IS_RESOURCE) {
 				
-				ZEND_FETCH_RESOURCE2(ib_link[link_cnt], ibase_db_link *, args[i], -1, 
-					LE_LINK, le_link, le_plink);
+				if (!ZEND_FETCH_RESOURCE2_NO_RETURN(ib_link[link_cnt], ibase_db_link *, args[i], -1, LE_LINK, le_link, le_plink)) {
+					efree(teb);
+					efree(tpb);
+					efree(ib_link);
+					efree(args);
+					RETURN_FALSE;
+				}
 	
 				/* copy the most recent modifier string into tbp[] */
 				memcpy(&tpb[TPB_MAX_SIZE * link_cnt], last_tpb, TPB_MAX_SIZE);
@@ -959,8 +964,10 @@ PHP_FUNCTION(ibase_trans)
 
 	if (link_cnt == 0) {
 		link_cnt = 1;
-		ZEND_FETCH_RESOURCE2(ib_link[0], ibase_db_link *, NULL, IBG(default_link), LE_LINK, 
-			le_link, le_plink);
+		if (!ZEND_FETCH_RESOURCE2_NO_RETURN(ib_link[0], ibase_db_link *, NULL, IBG(default_link), LE_LINK, le_link, le_plink)) {
+			efree(ib_link);
+			RETURN_FALSE;
+		}
 		result = isc_start_transaction(IB_STATUS, &tr_handle, 1, &ib_link[0]->handle, tpb_len, last_tpb);
 	}
 	
diff --git a/ext/interbase/tests/bug46543.phpt b/ext/interbase/tests/bug46543.phpt
new file mode 100644
index 0000000000..59e088c3d0
--- /dev/null
+++ b/ext/interbase/tests/bug46543.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #46543 (ibase_trans() memory leaks when using wrong parameters)
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+require("interbase.inc");
+
+@ibase_close();
+
+ibase_trans(1);
+ibase_trans();
+ibase_trans('foo');
+ibase_trans(fopen(__FILE__, 'r'));
+
+$x = ibase_connect($test_base);
+ibase_trans(1, 2, $x, $x, 3);
+
+?>
+--EXPECTF--
+Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d
+
+Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d
+
+Warning: ibase_trans(): no Firebird/InterBase link resource supplied in %s on line %d
+
+Warning: ibase_trans(): supplied resource is not a valid Firebird/InterBase link resource in %s on line %d